Securing SPD Server Against Unknown Client Attacks

Overview of SPD Server Security for Unknown Client Attacks

SPD Server is a client-server-based architecture that allows outside clients to connect to SPD Server processes on well-known published ports. SPD server also uses ephemeral (unpublished) ports for internal communication between SPD Server processes and clients.

SPD Server provides protection against attacks from unknown clients in the following ways:

SPD Server uses a proprietary communication protocol. All messages that are received are examined to determine whether they are valid. Any invalid message is discarded.
SPD Server provides the option of logging any unknown communications in the SPD Server log files. Unknown communications can be logged from the spdsnsrv process, the spdserv process, the spdssnet process, and the spdsbase process. The log messages include the IP address of the client that sent the message.
SPD Server processes effectively handle an invalid message by continuing to function properly for subsequent valid messages.

In some cases, third-party port checking software can cause unexpected growth in SPD Server logs. If this is the case, set the SPDSLOGBADCONNECT= environment variable in your rc.spds start-up script to control how port access attempts are logged.

SPDSLOGBADCONNECT= Environment Variable

To enable logging of invalid messages, export the SPDSLOGBADCONNECT=Y environment variable in your rc.spds start-up script. You must export the variable value before any SPD Server processes are started. All SPD Server processes that communicate will check the status of the environment variable on start-up, and log accordingly.

Usage:

Specify the SPDSLOGBADCONNECT=Y environment variable in your SPD Server rc.spds start-up script.

export SPDSLOGBADCONNECT=[Y|N]

Default:

The default value of SPDSLOGBADCONNECT= is N, which configures SPD Server processes to not log failed connections.

Last updated: February 3, 2017