Re: [PEN-TEST] Lotus Notes

[Kevin Flynn <mailtech2 () YAHOO COM>]

Lotus Notes uses Port 1352 for it's Remote Procedure
Call and Notes Replication. If you want to run a Lotus
Notes Server, then port 1352 typically needs to be
open, or another port should be defined in the
Notes.ini file.

Typically companies have this port open to perform
replication with remote hub servers (whether they be
mail, application, etc.) via TCP/IP.  A good
configuration will encrypt all such traffic, but
server-side security must also be well defined.  If
not (won't go into the details of Domino server
security here), leaving this port open through the
firewall could leave your mail server wide open to
spoofing.


--- D V <mysecurite () YAHOO FR> wrote:
> Hi everybody,
>
> I would like to have your opinion regarding a point
> on
> Lotus Notes Security. Imagine you have a Lotus Notes
> Server connecting to the Internet, you can have
> access
> to databases througth HTTP and access to the TCP
> port
> 1352 (Lotus Notes port).
>
> So what is the risk associated to have the 1352 port
> open on the Internet ? Intrusion, DoS ?
> And how to exploit the vulnerability ?
>
> Thanks by Advance.
___________________________________________________________
> Do You Yahoo!? -- Pour dialoguer en direct avec vos
> amis,
> Yahoo! Messenger : http://fr.messenger.yahoo.com


__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/