Menu
▾
▴
Re: [opennms-devel] OpenNMS appears to be doing port scans (resubmit as member)
|
From: Les M. <les...@gm...> - 2012-05-16 19:23:19
|
On Wed, May 16, 2012 at 1:50 PM, Jeff Gehlbach <je...@op...> wrote:
> On 05/16/2012 02:12 PM, Les Mikesell wrote:
>
>> I'd contend that the behavior is incorrect if you unmanage a service,
>> though. When I have explicitly told it not to manage a service on a
>> specific interface it should quit probing it and triggering the
>> associated security exceptions.
>
> It's working as designed, Les, and as it's worked for the past twelve
> years plus. To "unmanage" a service is to tell the *poller* to ignore
> it. This has no bearing on Capsd / Provisiond, because those daemons
> are in a different business.
I understand why it does the wrong thing. I'm just saying that it is
wrong for a program to continue abusing a network port after being
told not to do it. You can interpret that as meaning that I am wishing
for a more convenient way for an operator to interact with all of the
disconnected portions of OpenNMS than editing filters into each
portion's xml config or imposing firewalls between them if you want.
But really, what business does capsd/provisiond have discovering
services on interfaces where you don't want them to be managed (or
more to the point, may be sending emails to a security officer each
time they are probed...).
--
Les Mikesell
les...@gm...
|