Solved: My IME (version 7.2.7 running

Colin Higgins · ‎01-12-2016

I have a windows server 2012 running IME for managing my legacy IPS devices on the network. When I do a nessus scan against this server, it tells me ports 22,80, and 443 are open, even though IIS is not running. I can SSH to the loopback, but cannot authenticate.

Does IME run a web daemon and open SSH on the host it runs on? I am trying to figure out what application/service is opening these ports.

Marvin Rhoads · ‎01-13-2016

My IME (version 7.2.7 running on Windows Server 2008 R2) only appears to open a reporting channel to the managed IPS sensors using https (tcp/443) as the target port and an ephemeral TCP port as the source. (process IMEjava.exe)

The other ports it's listening on are related to the PRTG server and Kiwi syslog daemon I am also running on that host.

View solution in original post

Karsten Iwen · ‎01-12-2016

I don't have a system to test with at the moment. But have you run a "netstat -b" to see which process is using the port?

Colin Higgins · ‎01-12-2016

when I did a netstat -b it did not show anything listening on 22 or 443

however, when I completely shut down all services related to IME, I could no longer SSH to the server, so that appears to be the culprit

Marvin Rhoads · ‎01-13-2016

My IME (version 7.2.7 running on Windows Server 2008 R2) only appears to open a reporting channel to the managed IPS sensors using https (tcp/443) as the target port and an ephemeral TCP port as the source. (process IMEjava.exe)

The other ports it's listening on are related to the PRTG server and Kiwi syslog daemon I am also running on that host.

Cisco IME question