Solved

Remote Access Service

Posted on 2014-03-10
6
426 Views
Last Modified: 2014-03-16
Hi.

We have some remote access software running on a Cent OS server. The service is called SimpleHelp if anyone is familiar. We recently migrated from a VPS to a dedicated server and have since been having problems.

The program uses port 900 which has been opened for both TCP and UDP. Clients using a http/tcp connection seem to be working. Those using UDP will show as online but cannot connect (90% use UDP only...).

I used nmap to scan port 900 UDP on the server. It shows as open but the listening service is named: omginitialrefs
This service is not related to our remote access software and I have no idea what it does. Can it safely be stopped and how?

Thanks in advance for any replies
0
Comment
Question by:KTBerwick
  • 4
  • 2
6 Comments
 

Author Comment

by:KTBerwick
Comment Utility
Just thought I should add... changing to a different port would be a major difficulty as we would have to manually update every client to look at the new port.

Another thought - If I were to change the remote software to listen on say port 5432 could all traffic destined for port 900 be redirected to port 5432?
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 500 total points
Comment Utility
nmap has its own copy of /etc/services
and 900/tcp and 900/udp are registered to OMG for OMG Initial refs protocol
so simplistichelp is free-riding on others horse...
and nmap calls port right

you can check with netstat -anpu that it is fine, nothing to kill (why you poertscan a system when you have netstat?)
0
 

Assisted Solution

by:KTBerwick
KTBerwick earned 0 total points
Comment Utility
Thanks for the reply.

I have very limited knowledge of Linux so the netstat command never came to mind. I was also trying to verify port 900 was actually open.

Since posting I have made a few changes.
Someone suggested it may be a permissions issue as processes require root privileges to bind any port lower than 1024. I added a firewall redirect for all traffic on port 900 to be forwarded to port 5432. Then I configured the SimpleHelp software to listen on 5432.

This seems to be working. There are maybe 20-30 clients missing but I can deal with adding them again. Far better than the 250+ clients that were missing to begin with.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
Comment Utility
netstat is on windows and macintosh too...
0
 

Author Comment

by:KTBerwick
Comment Utility
I'm aware of netstat I just didn't realise it worked on Linux.

Anyway, the problem is now solved. The missing PC's have came on-line throughout the day and we haven't had any issues since I made the changes described previously.

Adding you as a partial solution as your explanation of the nmap output cleared things up for me.
0
 

Author Closing Comment

by:KTBerwick
Comment Utility
The firewall redirect of port 900 is what resolved all our problems.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now