General discussion


Security Against Port 4899 Abuse

By bryan ·
Hello Mates,

Well i am in mauritius and we run some windows 2000 servers with sp4 and all updates. We are connected to the internet and used Norton Corporate Antivirus. Unfortunately i am having some people accessing my servers using the port 4899 vulnerability as i use Remote Admin V2.1.
Can you people please suggest a way i can protect myself and my network againts that kind of intrusing

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by Joseph Moore In reply to Security Against Port 489 ...

There is an exploit out for RemoteAdmin 2.1 (and 2.0, AFAIK). It does allow remote code execution in the RemoteAdmin service. This is possibly what people are using against your servers.
There is NO new version of RemoteAdmin, nor a patch to fix this.
So, how can you protect your servers???
DON'T run RemoteAdmin on servers that you can connect to over the Internet!
It is a better thing to run a VPN connection into your network, then launch RemoteAdmin through the VPN tunnel. This way, you don't open the RemoteAdmin port on the machines at the firewall, so no Internet access to the port. Only VPN-authenticated users could connect to RA.

Collapse -

by alicef In reply to Security Against Port 489 ...

You can configure Radmin to use any port number you like if it's easier than using VPN - make it a bizarre number only your people know. You can also use NT security to restrict access.

There is also a new version of Radmin v3.0 which is currently in beta and which you get as a free upgrade from v2.1. I don't know whether it addresses this concern - but you could check it out:

Collapse -

by paulo.sedrez In reply to Security Against Port 489 ...

Windows 2000: install ISA services and include an access filter to just allow acess to port 4899 from selected IPs.

Related Discussions

Related Forums