|
PureBytes Links
Trading Reference Links
|
> I was relaying what Esignal said- with regard to my comments earlier. I
> should have mentioned that. I had no intention of 'shooting the
messenger'.
> And extend my appreciation if indeed his comments are true.
>
> Best Wishes,
> Marc Miller
>
> ----- Original Message -----
> From: "Sven Napolean Montessori" <snm@xxxxxxxxxxxxxxx>
> To: <Code2@xxxxxxx>
> Cc: <omega-list@xxxxxxxxxx>
> Sent: Friday, March 26, 2004 2:59 PM
> Subject: Re: Esignal warning on Bugtraq
>
>
> >
> > From: Code 2 <Code2@xxxxxxx>
> >
> > I checked my firewall configuration and eSignal's firewall
> configuration
> > recommendations (
> http://www.esignalcentral.com/support/esignal/firewall.asp )
> > and local port 80 needn't be open to incoming traffic. In fact, you
> > need only permit outbound traffic and permit it to remote ports
> > 2189-2196.
> >
> > Just for good measure, I added a rule to block incoming TCP and
> > UDP traffic to local port 80, but I think that's redundant.
> >
> > Am I misunderstanding the vulnerability?
> >
> >
> > Alas, lacking an Esignal feed, I cannot really answer. I have been
> > reading Bugtraq for years and have never seen trading software
> > mentioned before. Since most omega list readers don't read Bugtraq, I
> > thought it would be prudent to pass it along.
> >
> > I believe that there are different types of Esignal software products
> > available. Some of the simpler ones may run on port 80 datafeeds and
> > the warning may be directed towards those. The CMEs websheet product
> > does run on a web interface, but it uses a different port eventually.
> >
> > Without fully understanding your network setup, I am somewhat hesitant
> > to make a recommendation, but it would seem that limiting network
> > traffic on ports 2189-2196 to esignals server ips would be a safe move.
> > That is what I used for CMEs websheet.
> >
>
|