Disable non-secure XCOM for Windows listener port 8044

book

Article ID: 224762

calendar_today

Updated On:

Products

CA XCOM Data Transport CA XCOM Data Transport - Windows

Issue/Introduction

Using CA XCOM for Windows and need to disable the non-secure port 8044 due to a security vulnerability exposed by our penetration testers.

Environment

Release : 11.6

Component : CA XCOM Data Transport for Windows

Resolution

This can be done using the XCOM GUI interface.
See CA XCOM™ Data Transport® for Windows 11.6 Service Packs > Using > How to Use the GUI Global Parameters > TCP/IP Parameters
Under "Choose Listeners change the default "IPV4 Listeners" to "IPV4 SSL Listener" to only start the secure/SSL IPV4 listener.
There is no need to change port 8044 to 8045 under the "Server Settings" Port Number because the separate section "Secure Socket Server Settings" has the SSL Port Number parameter value 8045 and the IPV4 SSL Listener uses that value.

After making the change and restarting the xcomd service, the file "%XCOM_HOME%\xcom.log" will show the change from starting the 2 listeners on ports 8044 & 8045 to just starting the one SSL listener on port 8045:
+++
2021/09/27 08:39:47  PRG=xcomd PID=9672
    XCOMN0088I The XCOMD CA XCOM Data Transport Scheduler Service started, Version r11.6 21030 SP03 64bit for Windows Family (CPIC & TCP/IP).

2021/09/27 08:39:47 PRG=caxcgsvr PID=18220
    XCOMN1000I CA XCOM TCP/IPV4 listener active on port 8044.

2021/09/27 08:39:47 PRG=caxcgsvr PID=18220
    XCOMN1001I CA XCOM TCP/IPV4 SSL listener active on port 8045.

[Mon, 9/27/2021 at 08:40:55 AEST] XCOMN3557I Parameters Updated
2021/09/27 08:40:59 PRG=caxcgsvr PID=18220
    XCOMN1008E CA XCOM TCP/IPV4 listener stopped on port 8044.

2021/09/27 08:40:59 PRG=caxcgsvr PID=18220
    XCOMN1009E CA XCOM TCP/IPV4 SSL listener stopped on port 8045.

2021/09/27 08:40:59  PRG=xcomd PID=9672
    XCOMN0089I The XCOMD CA XCOM Data Transport Scheduler Service ended.

2021/09/27 08:41:06  PRG=xcomd PID=8840
    XCOMN0088I The XCOMD CA XCOM Data Transport Scheduler Service started, Version r11.6 21030 SP03 64bit for Windows Family (CPIC & TCP/IP).

2021/09/27 08:41:06 PRG=caxcgsvr PID=16468
    XCOMN1001I CA XCOM TCP/IPV4 SSL listener active on port 8045.
+++

Also, the command netstat can be used to compare the before and after behaviour i.e.
BEFORE CHANGE:
C:\>netstat -an | findstr "804"
  TCP    0.0.0.0:8044           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:8045           0.0.0.0:0              LISTENING

AFTER CHANGE:
C:\>netstat -an | findstr "804"
  TCP    0.0.0.0:8045           0.0.0.0:0              LISTENING