...
Port # | Protocol | Service Name | Connection Initiation | Application | Notes | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|
N/A | ICMP | ping | Server to Device | Open-AudIT | Discovery - ICMP Message Types 8 and 0 | ||||||
22 | TCP | SSH | Server to Device | Open-AudIT | Discovery | ||||||
23 | TCP | Telnet | Server to Device | Open-AudIT | Discovery | ||||||
25 or 587 | TCP | SMTP | Server to Email Server | Open-AudIT | Scheduled Reports | ||||||
53 | UDP | DNS | Server to DNS Server | Open-AudIT | Discovery | ||||||
53 | TCP | DNS | Server to DNS Server | Open-AudIT | Discovery | ||||||
80 | TCP | HTTP | Device to Server | Open-AudIT | Upload of audit result | ||||||
80 | TCP | HTTP | Server to Device | Open-AudIT | Discovery | ||||||
135 | TCP | WMI | Server to Device | Open-AudIT | Discovery | ||||||
139 | TCP | File and Print Sharing | Server to Device | Open-AudIT | Discovery | ||||||
161 | UDP | SNMP | Server to Device | Open-AudIT | Discovery | ||||||
443 | TCP | HTTPS | Server to Device | Open-AudIT | Discovery | ||||||
443 | TCP | HTTPS | Device to Server | Open-AudIT | Upload of audit result | ||||||
445 | TCP | File and Print Sharing | Server to Device | Open-AudIT | Discovery | 445 | TCP | Active Directory | Server to AD Controller | Open-AudIT | Authentication and Discovery |
49152-65535 | TCP | WMI / AD | Server to Device | Open-AudIT | Discovery - MS Server 2008 and above, MS Vista and above targets | ||||||
1025-5000 | TCP | WMI / AD | Server to Device | Open-AudIT | Discovery - MS 2000, XP, 2003 targets |
...
Port # | Protocol | Service Name | Connection Initiation | Application | Notes | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|
N/A | ICMP | ping | Server to Device | Open-AudIT | Discovery - ICMP Message Types 8 and 0 | ||||||
22 | TCP | SSH | Server to Device | Open-AudIT | Discovery | 23 | TCP | Telnet | Server to Device | Open-AudIT | Discovery |
25 or 587 | TCP | SMTP | Server to Email Server | Open-AudIT | Scheduled Reports | ||||||
53 | UDP | DNS | Server to DNS Server | Open-AudIT | Discovery | ||||||
53 | TCP | DNS | Server to DNS Server | Open-AudIT | Discovery | ||||||
80 | TCP | HTTP | Device to Server | Open-AudIT | Upload of audit result | ||||||
80 | TCP | HTTP | Server to Device | Open-AudIT | Discovery | ||||||
135 | TCP | WMI | Server to Device | Open-AudIT | Discovery | ||||||
139 | TCP | Samba | Server to Device | Open-AudIT | Discovery | ||||||
161 | UDP | SNMP | Server to Device | Open-AudIT | Discovery | 443 | TCP | HTTPS | Server to Device | Open-AudIT | Discovery |
443 | TCP | HTTPS | Device to Server | Open-AudIT | Upload of audit result | ||||||
445 | TCP | Samba / RPC | Server to Device | Open-AudIT | Discovery | ||||||
445 | TCP | Active Directory | Server to AD Controller | Open-AudIT | Authentication and Discovery | 623 | UDP | IPMI | Server to Device | Open-AudIT | Discovery |
Network Management User Traffic for Open-AudIT
...
Port # | Protocol | Service Name | Connection Initiation | App | Notes |
---|---|---|---|---|---|
389 | TCP | LDAP | Server to LDAP Server | OA | User authentication and/or authorisation |
636 | TCP | LDAPS | Server to LDAP Server | OA | User authentication and/or authorisation |
Optional Collector Server traffic
If you are using Collectors for remote auditing you should consider the following.
Port # | Protocol | Service Name | Connection Initiation | App | Notes |
---|---|---|---|---|---|
80 | TCP | HTTP | Collector to Server | OA | Not secure. Use HTTPS below instead if required |
443 | TCP | HTTPS | Collector to server | OA | Requires HTTPS/TLS setup on the Server to operate. |
Note: You may also wish to consider the day to day administration of the operating system and open-audit configurations on the server e.g. enable ssh access to the device.
Notes
Microsoft’s DCOM/WMI services typically use a large range of random ports to function.
...