cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Kiwi Secure Tunnel listening ports

Hi,

For compliance purposes we must document all listening ports on certain systems, including network management stations.

We run Kiwi Secure Tunnel Server, and in addition to the user defined TCP ports, the application also listens on apparently random high UDP ports.

I need some sort of documentation from the vendor/developer about these listening ports and SolarWinds support suggested I post here.

Thanks!

0 Kudos
6 Replies

>> Kiwi Secure Tunnel Server, and in addition to the user defined TCP ports, the application also listens on apparently random high UDP ports.

You lost me there.  All of the ports in the Kiwi Secure Tunnel system are configurable.  In the Kiwi Secure Tunnel client (the software that receives Syslog messages and forwards them over an SSH link) you configure up to 10 listening ports in the "Properties" dialog.  These listen for Syslog traffic, of course, but can be either UDP or TCP.  In the Kiwi Secure Tunnel server (the software that takes Kiwi Secure Tunnel client input and emits Syslog traffic) you only configure one listening port, a TCP port that listens for incoming SSH connections. 

I copied in a couple of screenshots with default settings below. 

TunnelClientConfig.pngTunnelServerConfig.png

Do you have some "netstat -an" or "netstat -anb" output you could share showing additionally bound high UDP ports? 

0 Kudos
Level 7

We configured the tunnel server to listen on tcp/222. This first screen shot is of netstat -ano, then filter for 222.  the -o switch gives the process id, so the next command filters for that process ID (2120).  The last line shows PID 2120 is listening on UDP 52079. 

Screen Shot 2013-05-02 at 4.38.23 PM.png

here's netstat -bano, but only the applicable portion - KiwiTSS.exe is the .exe identified.

Screen Shot 2013-05-02 at 4.40.26 PM.png

...and further down the screen, here's the UDP port again.

Screen Shot 2013-05-02 at 4.40.06 PM.png

Thanks for your reply.

0 Kudos

I set up a quick test on my machine.  As soon as I started to push some Syslog traffic across I saw the same thing:

C:\Users\mynamehere>netstat -ano | find "7116"

  TCP    127.0.0.1:2225         0.0.0.0:0              LISTENING       7116

  TCP    127.0.0.1:2225         127.0.0.1:55878        ESTABLISHED     7116

  UDP    0.0.0.0:65066          *:*                                    7116

Essentially, I think what Kiwi Secure Tunnel Server is doing is establishing an facility from which it can send outbound UDP-based messages, much like DNS.  It looks like it establishes one of these for every UDP Outgoing Port you configure, and they are established at start-up. 

From a firewall perspective, as long as you allow UDP packets from the Secure Tunnel Server to your final syslog server, you should be fine.  (There's no reason to allow UDP packets to hit the Secure Tunnel Server.)

Level 7

Jonathan,

That makes sense, thank you.  We have to document this stuff for compliance reasons, every TCP and UDP listening port.  This program isn't the only one that listens on a random, high UDP port, and in almost every case the high UDP port is undocumented and stumps support. 

Do you happen to be a developer of the product?  I see you are jonathan at solarwinds, so that should be official enough.

Thanks again.

0 Kudos

>> Do you happen to be a developer of the product?  I see you are jonathan at solarwinds, so that should be official enough.

Yes, I work here.  Did the orange shirt polo and khaki pants give it away?   

0 Kudos
Level 7

Oh, here's the server properites sheet as well.

Screen Shot 2013-05-02 at 4.51.58 PM.png

0 Kudos