3 Replies Latest reply on Mar 4, 2014 3:58 PM by rharland2012

    Downsides to opening 2055 to the world for NTA?

    sritchie

      My on-net IP blocks are already cleared through the firewall I have protecting my Solarwinds deployment, but I also have a large swath of off-net IP'd devices to get into NTA. Not having to make individual exceptions in the firewall would be a time-saver, but there's obvious security concerns. Anybody else done it this way? Would you consider it an acceptable risk?

        • Re: Downsides to opening 2055 to the world for NTA?
          jswan

          Think about the traffic patterns: NetFlow is stateless and unidirectional (i.e., receive only). If you configure your firewall to accept UDP 2055 traffic inbound only (with no outbound traffic permitted), you'd have to hypothesize a mechanism by which an attacker could exploit the box over that port without ever receiving return traffic. Since the service wouldn't respond to port scans, the attacker would also have to know in advance that the service was running (or be running obscure blind exploits at random). While this is not outside the realm of possibility, it wouldn't be super high on my list of things to worry about. Of course, this is contingent on having the firewall configured correctly.