Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

need MS networking to run BE and BERA?

Status
Not open for further replies.
gwu

gwu

MIS
Dec 18, 2002
239
US
I am trying to "harden" my w2k web server by:
-Turning off all unecessary services
-block all ports(using w2k built in ip filtering) except 80, 443, 10000, 53
-turn off netbios
-turn off "file and print sharing"
-turn off "client for MS networks"
-etc

Obvoiusly, after doing so I can not view the web server from BE's backup selection list(MS networking turned off).

I created a "User-defined selection" using the IP which seems to almost work but I am getting an error:

Code: 
An error was encoountered while attempting to browse the contents of \\10.1.2.22. An unknown error occurred within the NDMP subsystem.

Does veritas need MS networking to work? Am I supposed to use "User-defined selection"? What am I doing wrong?

Thanks
 
Sort by date Sort by votes
huh?

I said ports 80, 443, 10000, 53 are NOT being blocked.

I am guessing by your statement that veritas does not make use of ms networking? Whenever it talks to the remote agent it is using veritas communications over port 10000.

the BE and RA are communicating becaue there is successfull authentication.

Again, port 10000 is not being blocked.

Thanks



 
Upvote 0 Downvote
I enabled ms networking and open the port 445. But I did not set/open the dynamic port range stated in the article.

So now only 10000 and 445 are open and backup works perfect.

When I close 445 the backup fails.

What the F@ck!!!!!! Why would veritas force its users to use ms networking!!!!

Please help!!!
 
Upvote 0 Downvote
445 is used for SMB. Veritas uses 10000 to communicate with the remote agent but still uses 445 to move files from the remote machine to the backup server.

If you're really worried about it, why don't you put a hardware firewall in place and block any wan requests for port 445.

Additionally, for some reason I am thinking that there is a security threat from veritas and port 10000 that could allow a would be person to issue denial of service attacks on that port or something like that. I'm not sure if they have ever fixed it. I know I've blocked port 10000 from WAN requests and have only allowed it from certain machines on certain subnets in my network.

Hope this helps

Justin
 
Upvote 0 Downvote
There is a hardware firewall in place. I am adding an additional measure of protection by using windows ip security policy on the individual servers to block uneccesary ports. What if someone cracked in into "server A"(inside the firewall) then using "server A", cracked into "server B"(also inside the firewall) using port 445.

Are you sure about your statement: "the remote agent but still uses 445 to move files from the remote machine to the backup server"

can anyone verify that be always use port 445 to move the files to the media server?

Thanks
 
Upvote 0 Downvote
thats a shame. I am suprised Veritas would force use of such an insecure protocol.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

LucilleWJarrett
  • Locked
  • Question
All points are well and important
Replies
1
Views
586
iggsterman
iggsterman
Martha_SysAdm
  • Locked
  • Question
Which hardware and software can i consider for Backup and Disaster recovery 1
Replies
3
Views
802
goombawaho
goombawaho
Martha Sipe
  • Locked
  • Question
thread528-1602310 Wanted to talk a
Replies
1
Views
621
LucilleWJarrett
LucilleWJarrett
Adambtolbert
  • Locked
  • Question
Hard Drive Partition Deleted. Need Help!
Replies
3
Views
723
alexanealessia
alexanealessia
Robert Lee
  • Locked
  • Question
Rubber roller of Onstream drives have turned to goo in 2020.
Replies
7
Views
979
edfair
edfair

Part and Inventory Search

Sponsor

Back
Top