IDH Open canary required ports to communicate with manager

[Carlos-mb]

EDIT: It's not a real problem, it was my fault but I left it here just in case could be useful for someone.

Hello!

I have installed IDH this way:

      ROUTER 
   ______|________
   |                    |
IDH            pfSense
               ______|______
               |                  |
             SO          All my devices

I have configured pfSense to allow IDH to communicate only with SO's IP

I wonder that if an attacker could take control of IDH would also be able to access do SO and from SO to all my network.

That's why I want to increase security allowing IDH to connect to SO using only the required ports and blocking all the others like SSH, FTP, HTTP, etc. Making more difficult to exploit an vulnerability.

I haven't found accurate information about which ports should I open so, I have left the system work for a couple of days and I have used Kibana / Discover to check the used port. This is what it reports:

Top values
4,506 (90.1%)
443 (5%)
8,220 (4.4%)
4,505 (0.1%)
5,055 (0.1%)
8,086 (< 0.1%)
36,632 (< 0.1%)
46,204 (< 0.1%)
49,284 (< 0.1%)
50,108 (< 0.1%)
Other (< 0.1%)

Trying different configurations, I have discovered that I have to open from 4506 to 8086 in order to let reports and status info from IDH to SO and it makes sense to me, but, What are the other ports? They look like random ports.

Does anyone know if I have to open this ports too or IDH will use random ports to communicate with SO? In that case, I have to allow all the ports and, in that case, I will be allowing SSH and FTP ports. Wouldn't it be a security risk in case someone were abe to take control of IDH server?

I hope you find my questions interesting :)

Best regards
Carlos

[Carlos-mb]

The random ports where from connection I started from SO when I tried to SSH to IDH.