The SBC Core includes several management daemons which operate in the background to handle various requests for services without user intervention. To prevent security loopholes and vulnerability from outside attacks, both the Linux and SBC management daemons are restricted to send and receive management traffic to/from management interfaces only.

In addition, this solution prohibits packets received on packet interfaces from reaching management applications. For example, if the port scan (e.g. nmap) sends packets to packet interfaces, it does not discover the management daemons’ ports as open state.

The management daemons use one of the following addresses to listen for requests for service:

  • ANY address (0.0.0.0 for IPv4). Management applications which need to communicate with external network entities will continue to use this same IP address since the packets received on packet interfaces will not reach management applications.
  • The loopback IP address (127.0.0.1)

HA IP addresses on active (169.254.99.1) and standby (169.254.88.1).

  • No labels