Follow

How to disable legacy Stratusphere ports in 6.0

Product: Stratusphere FIT/UX

Product Version: 6..x

Expires on: 365 days from publish date

Updated: June 10, 2020

 

Problem:

If you're no longer running any 5.8.x version Connector ID Keys or using 5.8.x Network Station appliances, then you could drop traffic to these legacy TCP ports on the internal firewall to reduce the attack surface of the Stratusphere HUB and resolve any items being flagged on security scans relating to ciphers or certificates for these TCP ports 5501 and 5502.

 

Possible resolution:

SSH using PuTTY or other tool so you can copy/paste.

SSH to HUB as friend/sspassword (if defaults)

Execute the following:

su -   (same sspassword when prompted, if default)

sed -i 's/5501.*ACCEPT/5501 -m state --state NEW,RELATED,ESTABLISHED -j DROP/; s/5502.*ACCEPT/5502 -m state --state NEW,RELATED,ESTABLISHED -j DROP/' /etc/sysconfig/iptables

/etc/init.d/iptables restart

<CTRL+D twice to logoff>

You can now confirm that the legacy TCP ports 5501 and 5502 have been disabled using a tool of your choosing, i.e., telnet <hubAddress> 5501

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.