Looks like port 2002 might be something to do with the "Integrated Web
Application Server for i (IAS)" that was PTF'ed back to v5r4....

Perhaps the admin for it???

Strange that the page comes up with "Websphere Application Server"
when the information I've found says IAS is a light weight alternative
to WAS built on the open source "Open Services Gateway initiative
(OSGi) technology"

Yeah, don't get me started about v5r4 :D

Charles


On Fri, Aug 17, 2012 at 4:09 PM, <rob@xxxxxxxxx> wrote:
NETSTAT *CNN should tell you who's listening on port 2002. Bet the farm
you're right though. Wait, iNav already shows you that. Could be, start
out 2001 with http, switch to 2002 https?

If you don't use it then shut it down and disable it. While you're doing
that, shoot yourself in the foot several times as you'll have a rough time
applying certificates and stuff.

I'd ask IBM about trying to just upgrade WAS. You can run multiple
versions of WAS on an i. That's as simple as just another option in
RSTLICPGM. The trick is upgrading the application from running on WAS x
to WAS y.

We have IBM do benevolent hacking. For a long time we were getting dinged
by IBM for running an old version of DNS with some security implications.
It took person X from IBM security services and person Y from IBM i team
and smacking their heads together to get the i to upgrade their dns level.

The question becomes: Will IBM upgrade ADMIN on 5.4 to meet this threat?
Or will they tell you to upgrade OS?

The clock is ticking on V5R4 support. Don't wait to ask.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: Charles Wilt <charles.wilt@xxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>,
Websphere Development Studio Client for iSeries <wdsci-l@xxxxxxxxxxxx>,
Date: 08/17/2012 03:58 PM
Subject: ADMIN server instance uses WAS and listens on multiple
ports?
Sent by: midrange-l-bounces@xxxxxxxxxxxx



(cross posted to MIDRANGE-L and WEB400)

All,

Our security scanning vendor is reporting a vulnerability due to the
fact that they see an old v6 version of Websphere Application server
running on port 2002...

When I hit that port with a browser I get

WebGroup Not Found

A WebGroup/Virtual Host to handle / has not been defined.

IBM WebSphere Application Server


This is a v5r4 system...

We don't have any WAS servers defined, nor Tomcat for that matter.

Using iNav to look at the network connections and corresponding job,
it appears that it's the ADMIN server instance listening on port
2002.... even though the ADMIN is configured for port 2001 and comes
up when I use that port.

I couldn't find any information about the ADMIN instance listening on
multiple ports, nor that WAS is involved (though I guess it makes
sense)

Can anybody clue me in as to what's going on? Preferably with link to
IBM docs...

Also, if we were to upgrade to WAS v7, would that upgrade whatever the
ADMIN server is using or is that embedded someway?

Thanks!
Charles
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.