Request Ports 28009 and 5001 To Listen on LocalHost Only
I would like to request that ports 28009 and 5001 listen on localhost by default as there are concerns on whether untrusted or malicious external communication can be established using these ports as they normally appear to be listening from 0.0.0.0:28009 & 0.0.0.0:5001 by default, versus 127.0.0.1:28009 & 127.0.0.1:5001 respectively.
We were informed that SiteScope normally listens on these ports for very specific communication proprietary to SiteScope & MicroFocus, however it might be beneficial to open these ports only in cases where troubleshooting requires these ports to be opened to further reduce risk in cases where hardening is a mission critical step.
Part of our findings is also that SiteScope does not appear to need these ports open in order to carry out its primary functions and full-functionality is expected when these ports are specifically blocked on local firewall.
Thanks and respects.
Those are apache required ports for SiteScope.
You'll need to change the ports before disabling those ports because if you disable the ports Sitescope will break.
Additional details for : 5001
28005 --> Tomcat Shutdown
28009 --> Tomcat AJP connector
Micro Focus SW Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
[Opinions expressed in my postings are mine alone, and do not reflect the opinions of my employer.No warranties express or implied for any solution/suggestion posted.]
While I see the point that shutting or blocking the ports isn't ideal, I would like to reinforce that we need those ports to be tied to "localhost" (when SiS starts) so that even if the ports are up and listening, they are not reachable externally.
We had worked this situation out with 2 support staff and concluded that blocking the ports locally would not cause SiS to malfunction, but I am curious on your thoughts on how it would.
I'd appreciate your thoughts.
Thanks and respects