Hazelcast ports open on external interface on Enforce.

book

Article ID: 169555

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Port scanner found ports 5701, 5702, 5703 are open to external interface despite only being needed on localhost

Resolution

Open hazelcast-config.xml in %DLP_Home%/Protect/config and locate the section starting with "<properties>"
Add the following line to the bottom of the properties list:
<property name="hazelcast.socket.bind.any">false</property>
Save the file and restart VontuManager

Confirm hazelcast now listens on localhost by doing a “netstat –lnpt | egrep “(5701|5702|5703)”(Linux) or "netstat -nao | findstr “5701 5702 5703”(windows). The output should be something like this (on ipv4 systems, ipv6 would show up as tcp6 in “Proto” and :::* in the “Foreign Address” columns):

 
[[email protected]]# netstat -lnpt | egrep "(5701|5702|5703)"
tcp        0      0 127.0.0.1:5701          0.0.0.0:*               LISTEN      20071/java
tcp        0      0 127.0.0.1:5702          0.0.0.0:*               LISTEN      20198/java
tcp        0      0 127.0.0.1:5703          0.0.0.0:*               LISTEN      19989/java
[[email protected]]#
 

 

Note, this will also be addressed in a future release of DLP.