 |
LiveResponse Desktop Application Discussion, troubleshooting and feedback for LiveResponse Desktop Application for Microsoft Windows.
 |
| | LinkBack | Thread Tools | Search this Thread | Display Modes |
| ||||||||||||
|
|
| | LinkBack | Thread Tools | Search this Thread | Display Modes |
(#1)
  |
| Member Posts: 138 Join Date: Apr 2006 |  Security concern -
09-03-2007, 05:05 PM
I have determined that SupportSuite/LiveResponse is making netbios requests to the machines that are visiting a site with the LiveResponse tracking code. Now, my outbound firewall is blocking these accesses but if someone does not have an outbound firewall then these requests are surely getting through to the person/company browsing your website. This has GOT TO BE BAD FOR BUSINESS... as when someone visits your website their firewall software is going to alert them that someone is trying to access UDP PORT 137... A sample log entry from my firewall is below. Note, SRC 192.168.5.20 is my machine, 12.96.101.101 is foreign machine that is "on the site" and visible in SupportSuite visitor tracking (IP addresses are faked to protect the innocent :-) 03-08-2007 08:42:43 Kernel.Warning 192.168.10.1 Mar 8 08:42:43 kernel: PF Dropped SMB: IN=eth0 OUT=eth1 SRC=192.168.5.20 DST=12.96.101.101 LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=52574 PROTO=UDP SPT=137 DPT=137 LEN=58 From what I can surmise this is due to a netbios name resolution lookup... please fix this! Cliff. |
| |  |
|
(#2)
|
| Community Moderator Posts: 701 Join Date: Jan 2005 |
09-03-2007, 05:43 PM
Actually, that's your machine trying to connect out to the server. Your firewall is blocking outbound UDP requests. The user visiting your site will only get that if they are running the LiveResponse app on their system like you are. |
| | |
|
(#3)
|
| Member Posts: 138 Join Date: Apr 2006 |
09-03-2007, 05:49 PM
If you look at the log entry it clearly shows that the request is leaving my machine destined for the external visitor, not my web server. This netbios request is NOT GENERATED unless LiveResponse/SupportSuite is running. This is a security issue for SupportSuite. Cliff. |
| | |
|
(#4)
|
| Community Moderator Posts: 701 Join Date: Jan 2005 |
09-03-2007, 07:12 PM
All it's trying to do is determine the hostname of the connecting machine. This is not a security risk. |
| | |
|
(#5)
|
| Member Posts: 138 Join Date: Apr 2006 |
09-03-2007, 07:29 PM
I understand that it may not be a "risk" in the lose all your data sense... but it is a risk in the "why am I getting these firewall messages, I better leave this website risk" and it sure as heck looks bad when someone visits your website and their inbound firewall suddenly has to start blocking incoming UDP requests on Netbios ports... I still maintain that this is a serious issue. Cliff. |
| | |
|
(#6)
|
| Developer  Posts: 128 Join Date: Feb 2006 Location: Columbus, OH |
14-03-2007, 07:30 AM
I've got a fix for this. It will be available in the morning. -------------------------------------------------------------------
|
| | |
|
(#7)
|
| Member Posts: 138 Join Date: Apr 2006 |
14-03-2007, 08:10 PM
Excellent. I will look for this. Thank you. |
| | |
|
(#8)
|
| Developer Posts: 128 Join Date: Feb 2006 Location: Columbus, OH |
19-03-2007, 07:46 PM
Please install the latest build here: http://forums.kayako.com/showpost.ph...6&postcount=48 It should fix this problem. -------------------------------------------------------------------
|
| | |
|
(#9)
|
| Member Posts: 138 Join Date: Apr 2006 |
20-03-2007, 03:54 PM
Can I use the new client with the 3.04.10 build? I haven't decided to take the plunge on the new codebase but this might help push me to do it. Cliff. |
| | |
|
(#10)
|
| Chief Operating Officer  Posts: 855 Join Date: May 2005 Location: Boise, Idaho |
20-03-2007, 11:20 PM
Yes, you can use the new client with 3.04.10. -------------------------------------------------------------------
|
| | |
|
| Tags |
| concern |
| Thread Tools | Search this Thread |
| Display Modes | |
| |
Linear Mode
