You can configure your system to add additional ports the the range of ephemeral
ports. Given that the ossec agent is only using one port, if it's causing your
calls to fail you have other issues. Also, almost all software uses these
ephemeral ports for their outbound connections.
You can also adjust the settings for when you can re-use a port that was used
previously, you may want to adjust this for your system. There's even a setting
to allow a port to be used by more than one connection at a time (a connection
is a source port, source IP, destination port, destination IP, so just like you
have have lots of connections talking to a single destination port and IP, you
can have lots of connections using the same source port and IP, as long as they
are going to different destinations)
But the best thing for you is to probably increase the port range and shorten
the timeout for re-using them.
David Lang
On Thu, 15 Jan 2015, Yaniv Ron wrote:
see when you are running OSSEC on a SIP server for example that has lots of
calls - obviously lots of these sockets will be used ( every call uses
local ports).
Since we have lots of servers already up and running I do not want to
change the settings of the SIP on them.
but I would like however to install the agents, only with the ability to
define the scope of source ports so they wont interfere....
On Thu, Jan 15, 2015 at 7:18 AM, Yaniv Ron <[email protected]> wrote:
I have my application that listens on these ports on some of my
servers...:/ its causing our application lots of problems...
On Wed, Jan 14, 2015 at 9:51 PM, David Lang <[email protected]> wrote:
On Wed, 14 Jan 2015, Yaniv Ron wrote:
I am using 30000-60000 (source ports) on my servers, how can I change the
source port that the agent is using ?
Why are you wanting to change the source port?
"well known ports" are destination ports, not source ports. Your browser
talks to a website on port 80, but it talks _from_ a random high port.
This is the normal way that all software works.
David Lang
On Wed, Jan 14, 2015 at 4:53 PM, dan (ddp) <[email protected]> wrote:
On Wed, Jan 14, 2015 at 3:32 AM, Yaniv Ron <[email protected]> wrote:
Hi,
I found that one of the agents was using a very strange UDP port :
ossec-age 7055 ossec 7u IPv4 437537314 0t0
UDP 10.10.10.10:56594->ossec1
10.10.10.10 is the agent and ossec1 is the manager? If so, then 56594
is the source port chosen at random.
This server (as well as the rest of my agents) is behind a NAT.
I tried to find information about ALL the ports that OSSEC agents use
and I
didn't found any reasonable information for that.
I would like to disable my ossec-agents to use these unkown ports - can
you
please advise about the following :
1) why was this port was in use ? what is it ?
2) how can I disable it
Thanks,
--
Yaniv Ron
+972-3-7298582
Security Department | Viber S.a.r.l | www.viber.com | [email protected]
--
---
You received this message because you are subscribed to the Google
Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to [email protected].
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google
Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send
an
email to [email protected].
For more options, visit https://groups.google.com/d/optout.
--
*Yaniv Ron*
+972-3-7298582
*Security Department | Viber S.a.r.l *| www.viber.com | yron@viber
<http://twitter.com/viber>.com
