tmuster2k 22 Posted March 21, 2019 Share Posted March 21, 2019 I get this question from time to time regarding remote clients connecting over the internet. Is there anything to worry about with this port open to the internet? Any other verbiage would be good so I can provide details. Link to comment Share on other sites More sharing options...
itman 1,543 Posted March 21, 2019 Share Posted March 21, 2019 https://www.auditmypc.com/tcp-port-2222.asp Example of a SSH attack exploiting an open port 2222: https://www.hackingarticles.in/ssh-penetration-testing-port-22/ . Bottom line - any open port on the WAN side of the network gateway is a risk. Link to comment Share on other sites More sharing options...
tmuster2k 22 Posted March 21, 2019 Author Share Posted March 21, 2019 any other recommendations? Customer is no VPN so is there any other option for Agent to connect other than what is relayed in >>hxxp://support.eset.com/kb3304/ ?? Link to comment Share on other sites More sharing options...
itman 1,543 Posted March 21, 2019 Share Posted March 21, 2019 (edited) Overall, I see nothing wrong with this: Quote Network configuration steps Create a NAT rule on your firewall/router that points traffic received on port 2222 TCP to the internal IP address of your ERA server. Add a new DNS record on your internal DNS server that points to the ERA server (in the example below, a record would be created pointing avserver.example.com to 192.168.0.123). Add a new DNS record via your domain name registrar that will allow clients outside of your internal network to locate the external IP of your ERA server. Make sure that all necessary ports are open on servers and client workstations. I assume there is necessary external access authorization in ERA? Again, external port 2222 traffic must be strictly routed; to the ERA server in this instance. Edited March 21, 2019 by itman Link to comment Share on other sites More sharing options...
greyjoy99 0 Posted March 22, 2019 Share Posted March 22, 2019 17 hours ago, tmuster2k said: I get this question from time to time regarding remote clients connecting over the internet. Is there anything to worry about with this port open to the internet? Any other verbiage would be good so I can provide details. We have our ESMC server in DMZ. Ports 2222 & 3128 are open but secured enough. Link to comment Share on other sites More sharing options...
itman 1,543 Posted March 22, 2019 Share Posted March 22, 2019 Also in regards to this: Quote Create a NAT rule on your firewall/router that points traffic received on port 2222 TCP to the internal IP address of your ERA server. Note that gateway NAT and firewall rules are separate entities and are processed in a different order depending on whether the Internet traffic is inbound or outbound. Here's a reference to that using pfsense as an example: https://docs.netgate.com/pfsense/en/latest/book/nat/ordering-of-nat-and-firewall-processing.html Link to comment Share on other sites More sharing options...
Recommended Posts