Installation & Licensing

Reply
Mentor
jtbworld
Posts: 181
Registered: ‎08-03-2007
Message 1 of 5 (196 Views)

Why to specify a port number outside of the range 27000 through 27009 for lmgrd?

196 Views, 4 Replies
05-15-2012 10:45 PM

I found this addition in the License Administration Guide for FlexNet 11.10.1. “Note • For security purposes, best practice is not to use a default port for the license server. Instead, specify a port number outside of the range 27000 through 27009.” Anyone know why? (Other than what is mentioned in this post Potential Security Vulnerability in FlexNet license manager, but should this not be fixed?)

Jimmy Bergmark
JTB World - Software development and consulting
Specialities: AutoCAD, AutoCAD Architecture and Revit
http://www.jtbworld.com

JTB FlexReport - network license reports
http://www.jtbworld.com/jtbflexreport/index.htm
*Expert Elite*
TravisNave
Posts: 9,994
Registered: ‎01-14-2005
Message 2 of 5 (190 Views)

Re: Why to specify a port number outside of the range 27000 through 27009 for lm

05-16-2012 07:06 AM in reply to: jtbworld

Jimmy,


If I had to speculate, I'd say that because the master daemon lmgrd is known to use ports 27000~27009, it becomes easier to locate the vulerability by testing known ports.  Whereas if you used a non default port, it may get overlooked.  Just my two cents...

Travis Nave Send TravisNave a Private Message                       Need help in your post? Mention me with @TravisNave
Mentor
jtbworld
Posts: 181
Registered: ‎08-03-2007
Message 3 of 5 (185 Views)

Re: Why to specify a port number outside of the range 27000 through 27009 for lm

05-16-2012 10:28 AM in reply to: TravisNave

Yes, that was my thought also but on the other hand there are not that many ports anyway to test on as it would be automated.

Jimmy Bergmark
JTB World - Software development and consulting
Specialities: AutoCAD, AutoCAD Architecture and Revit
http://www.jtbworld.com

JTB FlexReport - network license reports
http://www.jtbworld.com/jtbflexreport/index.htm
*Expert Elite*
TravisNave
Posts: 9,994
Registered: ‎01-14-2005
Message 4 of 5 (183 Views)

Re: Why to specify a port number outside of the range 27000 through 27009 for lm

05-16-2012 10:31 AM in reply to: jtbworld

Yeah, I am not even sure that there are any cases of this even being exploited other than something they may have found internally.  I'm certainly not going to make a habit on making the NLM use a different port.

Travis Nave Send TravisNave a Private Message                       Need help in your post? Mention me with @TravisNave
Mentor
jtbworld
Posts: 181
Registered: ‎08-03-2007
Message 5 of 5 (180 Views)

Re: Why to specify a port number outside of the range 27000 through 27009 for lm

05-16-2012 10:37 AM in reply to: TravisNave

I agree, I think the only good thing to do is to at least update the FlexNet exe files once in a while.

Jimmy Bergmark
JTB World - Software development and consulting
Specialities: AutoCAD, AutoCAD Architecture and Revit
http://www.jtbworld.com

JTB FlexReport - network license reports
http://www.jtbworld.com/jtbflexreport/index.htm

You are not logged in.

Log into access your profile, ask and answer questions, share ideas and more. Haven't signed up yet? Register

Announcements
Are you familiar with the Autodesk Expert Elites? The Expert Elite program is made up of customers that help other customers by sharing knowledge and exemplifying an engaging style of collaboration. To learn more, please visit our Expert Elite website.

Need installation help?

Start with some of our most frequented solutions to get help installing your software.

Ask the Community


Up & Ready Blog

Boldly Install, Configure and Deploy Autodesk Software.

AutodeskHelp Blog

Your one-stop shop for the latest solutions, breaking news, and behind the scenes access to the world of Autodesk support.

Connect with Us

Twitter

Pinterest

Blog

Youtube