Salesforce

Appserver Agent stops abnormally after a port scanner performs a full scan

Printable View
« Go Back

Information

 
TitleAppserver Agent stops abnormally after a port scanner performs a full scan
URL Name000051835
Article Number000134919
EnvironmentProduct: OpenEdge
Version: 10.x, 11.x
OS: All supported platforms
Other: Appserver
Question/Problem Description
Appserver Agent stops abnormally after a Port Scanner performs a full scan.
Agent displays message (5565).
Agent stops with after reading a message with error = -4010
All agents have disconnected from the Broker when destination IP address and the port range of agents are scanned
Server.log shows the following messages for each disconnected agent:
-- Connection failure for host <IP Address> port <port number> transport TCP. (9407)
Depending on the message received by the port scanner Agents either crash or have to be killed manually at the OS level
 
 
Steps to Reproduce
Clarifying Information
Full scan on ports is applied to the machine.

Agent extended logging is used with the options: srvrLogEntryTypes=ASPlumbing,DB.Connects,UBNET 
Error MessagePROGRESS AppServer network protocol mismatch. (5565)
AS UBNET read_msg(0x2888348) error = -4010
Defect NumberEnhancement PSC00311786
Enhancement Number
Cause
Port scanning on the ports used by any OpenEdge Server products is not supported.  

Understanding that due to regulatory requirements, corporate policy, and security best practices, vulnerability scanning is required to run periodically against all systems that are vulnerable, enhancements to our Server Products ability to work with other security products are being rolled out in later OpenEdge versions as specific reproducible cases are identified.
Resolution
Upgrade to OpenEdge 11.5.0 where as part of this product Enhancement, messages other than those received from an AppServer type connection are ignored. The details of these changes have not been made publicly available.
Workaround
The following workaround which will not meet overall corporate needs due to regulatory requirements to scan the entire system without exclusions, will at least keep the OpenEdge production environments running.

Add all OpenEdge ports to the Port Scanning Software's exclusion lists.

If the OpenEdge ports in use cannot be excluded from Port Scanning utilities, then ensure all OpenEdge socket processes are shutdown before port scanning is run.
Notes
Keyword Phrase
Last Modified Date11/20/2020 7:24 AM
Powered by