port scanning - Forum - OpenEdge General - Progress Community
 Forum

port scanning

This question is not answered

Have there been any improvements in the way that OpenEdge executables react to security teams running port scans?

I know from first hand experience that this used to be a pretty good way to crash the db back in the good old days.

I'm particularly wondering if 4gl servers and app servers are known to be immune or at least more robust with up to date releases -- the customer would consider upgrading to 11.7 if we can point to something that says that Progress' behavior when being scanned has been improved.  Or even better - fixed completely and is known to be perfectly safe :)

There is one kbase that says that sqlsrv2 has been addressed but it doesn't say if any of the other components that might get scanned (like app server ports or 4gl servers or replication...) are vulnerable:

knowledgebase.progress.com/.../Database-crashes-1280-1055-2526-portscanning-sqlsrv2-ports

--
Tom Bascom
tom@wss.com

All Replies
  • A clear and unequivocal statement that one should not run port scanners that poke at OpenEdge ports would also be helpful.

    --
    Tom Bascom
    tom@wss.com