Request Ports 28009 and 5001 To Listen on LocalHost Only

I would like to request that ports 28009 and 5001 listen on localhost by default as there are concerns on whether untrusted or malicious external communication can be established using these ports as they normally appear to be listening from 0.0.0.0:28009 & 0.0.0.0:5001 by default, versus 127.0.0.1:28009 & 127.0.0.1:5001 respectively. 

We were informed that SiteScope normally listens on these ports for very specific communication proprietary to SiteScope & MicroFocus, however it might be beneficial to open these ports only in cases where troubleshooting requires these ports to be opened to further reduce risk in cases where hardening is a mission critical step.

Part of our findings is also that SiteScope does not appear to need these ports open in order to carry out its primary functions and full-functionality is expected when these ports are specifically blocked on local firewall.

Thanks and respects.

 

  • Hello 

     

    Those are apache required ports for SiteScope.

     

    You'll need to change the ports before disabling those ports because if you disable the ports Sitescope will break.

     

    Additional details for : 5001

    /it_ops_mgt/ops_bdg/f/itrc-162/51631/sitescope-ports

    port: 

    28005 --> Tomcat Shutdown

    28009 --> Tomcat AJP connector

     

    Regards,

     

  • Good day,

    While I see the point that shutting or blocking the ports isn't ideal, I would like to reinforce that we need those ports to be tied to "localhost" (when SiS starts) so that even if the ports are up and listening, they are not reachable externally.

     

    We had worked this situation out with 2 support staff and concluded that blocking the ports locally would not cause SiS to malfunction, but I am curious on your thoughts on how it would.

    I'd appreciate your thoughts. 

    Thanks and respects