[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fw: Esignal warning on Bugtraq



PureBytes Links

Trading Reference Links


> I was relaying what Esignal said- with regard to my comments earlier. I
> should have mentioned that.  I had no intention of 'shooting the
messenger'.
> And extend my appreciation if indeed his comments are true.
>
> Best Wishes,
> Marc Miller
>
> ----- Original Message ----- 
> From: "Sven Napolean Montessori" <snm@xxxxxxxxxxxxxxx>
> To: <Code2@xxxxxxx>
> Cc: <omega-list@xxxxxxxxxx>
> Sent: Friday, March 26, 2004 2:59 PM
> Subject: Re: Esignal warning on Bugtraq
>
>
> >
> >    From: Code 2 <Code2@xxxxxxx>
> >
> >    I checked my firewall configuration and eSignal's firewall
> configuration
> >    recommendations (
> http://www.esignalcentral.com/support/esignal/firewall.asp )
> >    and local port 80 needn't be open to incoming traffic.  In fact, you
> >    need only permit outbound traffic and permit it to remote ports
> >    2189-2196.
> >
> >    Just for good measure, I added a rule to block incoming TCP and
> >    UDP traffic to local port 80, but I think that's redundant.
> >
> >    Am I misunderstanding the vulnerability?
> >
> >
> > Alas, lacking an Esignal feed, I cannot really answer.  I have been
> > reading Bugtraq for years and have never seen trading software
> > mentioned before.  Since most omega list readers don't read Bugtraq, I
> > thought it would be prudent to pass it along.
> >
> > I believe that there are different types of Esignal software products
> > available.  Some of the simpler ones may run on port 80 datafeeds and
> > the warning may be directed towards those.  The CMEs websheet product
> > does run on a web interface, but it uses a different port eventually.
> >
> > Without fully understanding your network setup, I am somewhat hesitant
> > to make a recommendation, but it would seem that limiting network
> > traffic on ports 2189-2196 to esignals server ips would be a safe move.
> > That is what I used for CMEs websheet.
> >
>