Dear all, My name is Nguyen. I'm a newbee trying to deploy a RIPE database. I have a simple question and would be appriciate to hear from you. I've tried to search for the question but still could not find any answer. My questions: What is the purpose of the config port (default is 43002)? When I started the whois_server, it allways listens on this port. Is there any way to disable this or apply a authenticate mechanism on this port ? Thank you very much.
On Sun, Oct 29, 2006 at 01:35:57AM +0900, Nguyen Huu Bach wrote: Dear Nguyen, This port is used for the command-line interface to some of the whois server's threads. You can see the threads that are currently running in the server. You can use it for instance to block certain IP addresses from retrieving information from your database, and to see which queries are running at the moment and for how long and from which IP. Try connecting: telnet <your_hostname> 53002 (hit enter to see list of commands) There is no password-protected mechanism, built in the server, to access this port. You can restrict it in your systems network settings, so that only local connections (from localhost) are accepted to this port. You might also be able, depending on your system, to restrict connections with only certain usernames to this port. This is not a feature supported by the whois server itself, you would need to set it up in your system. Katie Petrusha RIPE NCC
Dear all,
My name is Nguyen. I'm a newbee trying to deploy a RIPE database. I have a simple question and would be appriciate to hear from you. I've tried to search for the question but still could not find any answer. My questions:
What is the purpose of the config port (default is 43002)? When I started the whois_server, it allways listens on this port. Is there any way to disable this or apply a authenticate mechanism on this port ?
Thank you very much.
-- Katie Petrusha RIPE NCC
Dear Katie Petrusha Thank you very much for your reply. We choose to modify the source to permit only to the localhost to access the config port. Here is the patch (in case someone has interest in this issue) --- ./src/modules/sv/server.c.old Mon Oct 30 20:18:53 2006 +++ ./src/modules/sv/server.c Mon Oct 30 20:19:41 2006 @@ -619,7 +619,9 @@ /* Currently binds to INADDR_ANY. Will need to get specific address */ /* SV_whois_sock = SK_getsock(SOCK_STREAM,whois_port,whois_addr); */ /* config interface socket */ - SV_config_sock = SK_getsock(SOCK_STREAM, config_port, 5, INADDR_ANY); + /* SV_config_sock = SK_getsock(SOCK_STREAM, config_port, 5, INADDR_ANY); */ + SV_config_sock = SK_getsock(SOCK_STREAM, config_port, 5, htonl(INADDR_LOOPBACK)); + /* nrt socket */ SV_mirror_sock = SK_getsock(SOCK_STREAM,mirror_port, 128, INADDR_ANY); Thank you very much. Nguyen, NTT Communications. Katie Petrusha wrote:
On Sun, Oct 29, 2006 at 01:35:57AM +0900, Nguyen Huu Bach wrote:
Dear Nguyen,
This port is used for the command-line interface to some of the whois server's threads. You can see the threads that are currently running in the server. You can use it for instance to block certain IP addresses from retrieving information from your database, and to see which queries are running at the moment and for how long and from which IP.
Try connecting: telnet <your_hostname> 53002 (hit enter to see list of commands)
There is no password-protected mechanism, built in the server, to access this port. You can restrict it in your systems network settings, so that only local connections (from localhost) are accepted to this port. You might also be able, depending on your system, to restrict connections with only certain usernames to this port. This is not a feature supported by the whois server itself, you would need to set it up in your system.
Katie Petrusha RIPE NCC
Dear all,
My name is Nguyen. I'm a newbee trying to deploy a RIPE database. I have a simple question and would be appriciate to hear from you. I've tried to search for the question but still could not find any answer. My questions:
What is the purpose of the config port (default is 43002)? When I started the whois_server, it allways listens on this port. Is there any way to disable this or apply a authenticate mechanism on this port ?
Thank you very much.
participants (2)
-
Katie Petrusha -
Nguyen Huu Bach