I'm using an old Dell Laptop (E7440) as home server. A nmap scan shows the following udp port open:
This took me by surprise as the firewall rules should have blocked all of the udp ports apart from 445 and 2049. Here is my etc/pf.conf
It seems that 623/udp is used by some kind of remote monitoring protocol:
ASF = Alert Standard Format
RMCP = Remote Management and Control Protocol
However, I don't know how to remove it or take advantage of it. I have looked at bios settings to see if this could be switched off, but no success. It is also a bit strange that PF can't block it, unless I'm missing something.
Does anyone have experience with similar protocols? Any advice about security risk?
Code:
PORT STATE SERVICE
623/udp open|filtered asf-rmcp
This took me by surprise as the firewall rules should have blocked all of the udp ports apart from 445 and 2049. Here is my etc/pf.conf
Code:
xt_if="em0"
tcp_services = "{22 445 2049}"
udp_services = "{445 2049}"
set block-policy return
scrub in on $ext_if all fragment reassemble
set skip on lo
table <jails> persist
nat on $ext_if from <jails> to any -> ($ext_if:0)
rdr-anchor "rdr/*"
block in log all
pass out quick keep state
antispoof for $ext_if inet
pass in inet proto tcp from any to any port $tcp_services flags S/SA keep state
pass in inet proto tcp from any to any port $udp_services keep state
It seems that 623/udp is used by some kind of remote monitoring protocol:
ASF = Alert Standard Format
RMCP = Remote Management and Control Protocol
However, I don't know how to remove it or take advantage of it. I have looked at bios settings to see if this could be switched off, but no success. It is also a bit strange that PF can't block it, unless I'm missing something.
Does anyone have experience with similar protocols? Any advice about security risk?