| Author |
Message
|
| Mangesh1187 |
 Posted: Wed Mar 27, 2013 11:51 pm Post subject: Alian ips are connecting to the SYSTEM.ADMIN.SVRCONN channel |
 |
|
Centurion
Joined: 23 Mar 2013
Posts: 116
|
Hi all,
We have one application conneting the queue manager in binding mode. (i.e. Queue Manager & Application resides on same server)
We found that some alian ips are connecting to the SYSTEM.ADMIN.SVRCONN channels of their QM , lets say QM1.
How ever the application is not using any of the SVRCONN channels.
Now the applciation team want to block these IPs form connecting to their Queue Manager. QM1.
The QM is runing on Windows and the MQ version is 7.0
Can anybody please advice, how can I proceed for this task. |
|
| Back to top |
|
 |
| Mr Butcher |
| Posted: Thu Mar 28, 2013 12:49 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
from within a company you should be able to find out about the IPs..... maybe you are using some remote administration utilities, montoring / administration software or similiar.
search here, securing channels, especially svrconn channels, has been discussed plenty times and in detail. you can stop the channel to block everybody from connection, or use channel security exits (blockip).... and mqv 7.1 ?!? comes with channel authentication records.....
however, i would first try to find out who is connecting and why.
then block all and only allow what is needed, because tomorrow a new alien may arrive with a new ip address not blocked by you.
you may want to check the other SVRCONN channels too to close all security holes ..... (e.g. SYSTEM.DEFAULT.SVRCONN can be used for a connection too)
_________________
Regards, Butcher |
|
| Back to top |
|
|
| exerk |
| Posted: Thu Mar 28, 2013 12:51 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Block the SYSTEM.ADMIN.SVRCONN and see who complains, and how do you know they're alien connections? The SYSTEM.ADMIN.SVRCONN should be locked down anyway so more fool you for not doing so in the first place...and perhaps you should check to see how many other back doors have been left open.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Mar 28, 2013 4:18 am Post subject: Re: Alian ips are connecting to the SYSTEM.ADMIN.SVRCONN cha |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| Mangesh1187 wrote: |
| Can anybody please advice, how can I proceed for this task. |
As others have said, you should have the SYSTEM objects locked down so that they can't be used.
You should also consider finishing what you started with BlockIP, which you started asking about here but seem to have decided isn't worth your valuable time going on with or indeed answering us. BlockIP is a very good way of preventing unknown IPs connecting.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Thu Mar 28, 2013 4:45 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Search here, and on google, for 'securing mq channels'.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| McueMart |
| Posted: Thu Mar 28, 2013 5:37 am Post subject: |
|
|
Chevalier
Joined: 29 Nov 2011
Posts: 490
Location: UK...somewhere
|
|
| Back to top |
|
|
| gbaddeley |
| Posted: Mon Apr 01, 2013 2:34 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
Display the IPs and app program names that are using the channel, eg. using runmqsc command "display chstatus('SYSTEM.ADMIN.SVRCONN ') current all".
Prevent the channel from being used, eg. using runmqsc command
"alter channel('SYSTEM.ADMIN.SVRCONN') chltype(svrconn) mcauser('nobody') maxmsgl(1)"
_________________
Glenn |
|
| Back to top |
|
|
|
|
