see when you are running OSSEC on a SIP server for example that has lots of calls - obviously lots of these sockets will be used ( every call uses local ports). Since we have lots of servers already up and running I do not want to change the settings of the SIP on them.
but I would like however to install the agents, only with the ability to define the scope of source ports so they wont interfere.... On Thu, Jan 15, 2015 at 7:18 AM, Yaniv Ron <[email protected]> wrote: > I have my application that listens on these ports on some of my > servers...:/ its causing our application lots of problems... > > On Wed, Jan 14, 2015 at 9:51 PM, David Lang <[email protected]> wrote: > >> On Wed, 14 Jan 2015, Yaniv Ron wrote: >> >> I am using 30000-60000 (source ports) on my servers, how can I change the >>> source port that the agent is using ? >>> >> >> Why are you wanting to change the source port? >> >> "well known ports" are destination ports, not source ports. Your browser >> talks to a website on port 80, but it talks _from_ a random high port. >> >> This is the normal way that all software works. >> >> David Lang >> >> On Wed, Jan 14, 2015 at 4:53 PM, dan (ddp) <[email protected]> wrote: >>> >>> On Wed, Jan 14, 2015 at 3:32 AM, Yaniv Ron <[email protected]> wrote: >>>> >>>>> Hi, >>>>> I found that one of the agents was using a very strange UDP port : >>>>> >>>>> ossec-age 7055 ossec 7u IPv4 437537314 0t0 >>>>> UDP 10.10.10.10:56594->ossec1 >>>>> >>>>> >>>> 10.10.10.10 is the agent and ossec1 is the manager? If so, then 56594 >>>> is the source port chosen at random. >>>> >>>> This server (as well as the rest of my agents) is behind a NAT. >>>>> I tried to find information about ALL the ports that OSSEC agents use >>>>> >>>> and I >>>> >>>>> didn't found any reasonable information for that. >>>>> >>>>> I would like to disable my ossec-agents to use these unkown ports - can >>>>> >>>> you >>>> >>>>> please advise about the following : >>>>> >>>>> 1) why was this port was in use ? what is it ? >>>>> 2) how can I disable it >>>>> >>>>> Thanks, >>>>> -- >>>>> Yaniv Ron >>>>> +972-3-7298582 >>>>> Security Department | Viber S.a.r.l | www.viber.com | [email protected] >>>>> >>>>> -- >>>>> >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups >>>>> "ossec-list" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an >>>>> email to [email protected]. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups >>>> "ossec-list" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an >>>> email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>>> >>> >>> >>> >>> > > > -- > *Yaniv Ron* > +972-3-7298582 > *Security Department | Viber S.a.r.l *| www.viber.com | yron@viber > <http://twitter.com/viber>.com > -- *Yaniv Ron* +972-3-7298582 *Security Department | Viber S.a.r.l *| www.viber.com | yron@viber <http://twitter.com/viber>.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
