Re: question about RIPE DB
-
To: Katie Petrusha katie@localhost
-
From: Nguyen Huu Bach bachng@localhost
-
Date: Mon, 30 Oct 2006 20:26:42 +0900
-
Cc: db-help@localhost
-
Organization: NTT Communications
-
Reply-to: bachng@localhost
Dear Katie Petrusha
Thank you very much for your reply.
We choose to modify the source to permit only to the localhost to access
the config port.
Here is the patch (in case someone has interest in this issue)
--- ./src/modules/sv/server.c.old Mon Oct 30 20:18:53 2006
+++ ./src/modules/sv/server.c Mon Oct 30 20:19:41 2006
@@ -619,7 +619,9 @@
/* Currently binds to INADDR_ANY. Will need to get specific address */
/* SV_whois_sock = SK_getsock(SOCK_STREAM,whois_port,whois_addr); */
/* config interface socket */
- SV_config_sock = SK_getsock(SOCK_STREAM, config_port, 5, INADDR_ANY);
+ /* SV_config_sock = SK_getsock(SOCK_STREAM, config_port, 5,
INADDR_ANY); */
+ SV_config_sock = SK_getsock(SOCK_STREAM, config_port, 5,
htonl(INADDR_LOOPBACK));
+
/* nrt socket */
SV_mirror_sock = SK_getsock(SOCK_STREAM,mirror_port, 128, INADDR_ANY);
Thank you very much.
Nguyen,
NTT Communications.
Katie Petrusha wrote:
On Sun, Oct 29, 2006 at 01:35:57AM +0900, Nguyen Huu Bach wrote:
Dear Nguyen,
This port is used for the command-line interface to some of the whois
server's threads. You can see the threads that are currently running in
the server. You can use it for instance to block certain IP
addresses from retrieving information from your database, and to see
which queries are running at the moment and for how long and from which
IP.
Try connecting:
telnet <your_hostname> 53002
(hit enter to see list of commands)
There is no password-protected mechanism, built in the server,
to access this port.
You can restrict it in your systems network settings, so that
only local connections (from localhost) are accepted to this port.
You might also be able, depending on your system, to restrict
connections with only certain usernames to this port.
This is not a feature supported by the whois server itself, you would
need to set it up in your system.
Katie Petrusha
RIPE NCC
Dear all,
My name is Nguyen. I'm a newbee trying to deploy a RIPE database.
I have a simple question and would be appriciate to hear from you.
I've tried to search for the question but still could not find any answer.
My questions:
What is the purpose of the config port (default is 43002)?
When I started the whois_server, it allways listens on this port.
Is there any way to disable this or apply a authenticate mechanism on
this port ?
Thank you very much.