port scanning

Posted by ChUIMonster on 31-Jul-2018 13:27

Have there been any improvements in the way that OpenEdge executables react to security teams running port scans?

I know from first hand experience that this used to be a pretty good way to crash the db back in the good old days.

I'm particularly wondering if 4gl servers and app servers are known to be immune or at least more robust with up to date releases -- the customer would consider upgrading to 11.7 if we can point to something that says that Progress' behavior when being scanned has been improved.  Or even better - fixed completely and is known to be perfectly safe :)

There is one kbase that says that sqlsrv2 has been addressed but it doesn't say if any of the other components that might get scanned (like app server ports or 4gl servers or replication...) are vulnerable:


All Replies

Posted by ChUIMonster on 01-Aug-2018 05:12

A clear and unequivocal statement that one should not run port scanners that poke at OpenEdge ports would also be helpful.

This thread is closed