Penetration Testing mailing list archives
Re: [PEN-TEST] Lotus Notes
From: Kevin Flynn <mailtech2 () YAHOO COM>
Date: Wed, 27 Sep 2000 11:29:14 -0700
Lotus Notes uses Port 1352 for it's Remote Procedure Call and Notes Replication. If you want to run a Lotus Notes Server, then port 1352 typically needs to be open, or another port should be defined in the Notes.ini file. Typically companies have this port open to perform replication with remote hub servers (whether they be mail, application, etc.) via TCP/IP. A good configuration will encrypt all such traffic, but server-side security must also be well defined. If not (won't go into the details of Domino server security here), leaving this port open through the firewall could leave your mail server wide open to spoofing. --- D V <mysecurite () YAHOO FR> wrote:
Hi everybody, I would like to have your opinion regarding a point on Lotus Notes Security. Imagine you have a Lotus Notes Server connecting to the Internet, you can have access to databases througth HTTP and access to the TCP port 1352 (Lotus Notes port). So what is the risk associated to have the 1352 port open on the Internet ? Intrusion, DoS ? And how to exploit the vulnerability ? Thanks by Advance.
___________________________________________________________
Do You Yahoo!? -- Pour dialoguer en direct avec vos amis, Yahoo! Messenger : http://fr.messenger.yahoo.com
__________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/
Current thread:
- [PEN-TEST] Lotus Notes D V (Sep 27)
- <Possible follow-ups>
- Re: [PEN-TEST] Lotus Notes Kevin Flynn (Sep 27)
- Re: [PEN-TEST] Lotus Notes WEISZ-KOVES, Aaron (Sep 27)