Disable non-secure listener port 8044 on XCOM for Windows
search cancel

Disable non-secure listener port 8044 on XCOM for Windows

book

Article ID: 224762

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - Windows XCOM Data Transport - Linux PC

Issue/Introduction

Using XCOM for Windows and need to disable the non-secure port 8044 due to a security vulnerability exposed by our penetration testers.

Environment

  • XCOM™ Data Transport® for Windows
  • XCOM™ Data Transport® for UNIX/Linux PC

Resolution

This can be done using the XCOM GUI interface.
See XCOM™ Data Transport® for Windows 12.0 > Configure TCPIP
Under "Choose Listeners change the default "IPV4 Listeners" to "IPV4 SSL Listener" to only start the secure/SSL IPV4 listener.
There is no need to change port 8044 to 8045 under the "Server Settings" Port Number because the separate section "Secure Socket Server Settings" has the SSL Port Number parameter value 8045 and the IPV4 SSL Listener uses that value.

After making the change and restarting the xcomd service, the file "%XCOM_HOME%\xcom.log" will show the change from starting the 2 listeners on ports 8044 & 8045 to just starting the one SSL listener on port 8045:

2021/09/27 08:39:47  PRG=xcomd PID=9672
    XCOMN0088I The XCOMD CA XCOM Data Transport Scheduler Service started, Version r11.6 21030 SP03 64bit for Windows Family (CPIC & TCP/IP).

2021/09/27 08:39:47 PRG=caxcgsvr PID=18220
    XCOMN1000I CA XCOM TCP/IPV4 listener active on port 8044.

2021/09/27 08:39:47 PRG=caxcgsvr PID=18220
    XCOMN1001I CA XCOM TCP/IPV4 SSL listener active on port 8045.

[Mon, 9/27/2021 at 08:40:55 AEST] XCOMN3557I Parameters Updated
2021/09/27 08:40:59 PRG=caxcgsvr PID=18220
    XCOMN1008E CA XCOM TCP/IPV4 listener stopped on port 8044.

2021/09/27 08:40:59 PRG=caxcgsvr PID=18220
    XCOMN1009E CA XCOM TCP/IPV4 SSL listener stopped on port 8045.

2021/09/27 08:40:59  PRG=xcomd PID=9672
    XCOMN0089I The XCOMD CA XCOM Data Transport Scheduler Service ended.

2021/09/27 08:41:06  PRG=xcomd PID=8840
    XCOMN0088I The XCOMD CA XCOM Data Transport Scheduler Service started, Version r11.6 21030 SP03 64bit for Windows Family (CPIC & TCP/IP).

2021/09/27 08:41:06 PRG=caxcgsvr PID=16468
    XCOMN1001I CA XCOM TCP/IPV4 SSL listener active on port 8045.

Also, the command netstat can be used to compare the before and after behaviour i.e.

BEFORE CHANGE:

C:\>netstat -an | findstr "804"

  TCP    0.0.0.0:8044           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:8045           0.0.0.0:0              LISTENING

AFTER CHANGE:

C:\>netstat -an | findstr "804"

  TCP    0.0.0.0:8045           0.0.0.0:0              LISTENING

Additional Information

NOTES:
1. These settings are stored in the Windows registry and are not stored in the "%XCOM_HOME%\config\xcom.glb" file nor in any other XCOM config file.

2. For XCOM for Linux/UNIX please see : Disable non-secure listener ports (8044 & 8046) on XCOM for Linux/UNIX

Powered by Wolken Software