VMware Communities
martin23
Contributor
Contributor
‎11-14-2012 02:18 AM
Jump to solution

How to close TCP 443 and 902 ? (WS 9.0.1 on Linux host)

When hosted on Linux (Ubuntu 12.04), VMware Workstation 9.0.1 listens on TCP ports 443 and 902, on all network interfaces (0.0.0.0).  This happens as soon as the host OS finishes booting, even if you don't launch the VMware GUI or start up any VM guests.

This creates a potential attack surface, on a machine which may be used on hostile networks, and normally has no listening TCP ports open.

Can these two listeners safely be stopped ? 

Or, can we reconfigure these listeners to bind only to the loopback address (127.0.0.1) ?

Of course we could solve this issue by switching on the Linux firewall on the host, but this seems like using a sledgehammer to crack a nut!  There's no business reason for VMware Workstation to bind to anything other than the loopback address, so it would be simpler if there was a change to the VMware startup scripts to solve the problem at source.

Thanks for any pointers!

- Martin.

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
WoodyZ
Immortal
Immortal
‎11-15-2012 05:27 AM
Jump to solution

vmware-authdlau 1419 root    8u  IPv4  12139      0t0  TCP *:902 (LISTEN)
hostd-worker    1732 root   27u  IPv4   8818      0t0  TCP *:https (LISTEN)
hostd-worker    1732 root   32u  IPv4   8822      0t0  TCP localhost:8307 (LISTEN)

I haven't done it however If you're not going to use Shared VM's then I see no harm in commenting out the above entries.  It wouldn't permanently break anything and you certainly can easily uncomment if/when necessary.

View solution in original post

0 Kudos
5 Replies
continuum
Immortal
Immortal
‎11-15-2012 04:00 AM
Jump to solution

you could try to run without hostd in case you do not need it


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos
martin23
Contributor
Contributor
‎11-15-2012 05:21 AM
Jump to solution

Well, I'm a bit reluctant to edit the scripts in /etc/init.d/vmware* without knowing which daemons can safely be commented out.

The processes involved seem to be hostd-worker and vmware-authdlauncher:

# lsof +c 0 -i TCP -s TCP:LISTEN
COMMAND          PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
cupsd           1199 root    8u  IPv6  12725      0t0  TCP ip6-localhost:ipp (LISTEN)
cupsd           1199 root    9u  IPv4  12726      0t0  TCP localhost:ipp (LISTEN)
vmware-authdlau 1419 root    8u  IPv4  12139      0t0  TCP *:902 (LISTEN)
hostd-worker    1732 root   27u  IPv4   8818      0t0  TCP *:https (LISTEN)
hostd-worker    1732 root   32u  IPv4   8822      0t0  TCP localhost:8307 (LISTEN)

# ps axwl | grep vmware-authdlau

5     0  1419     1  20   0  30168   908 poll_s Ss   ?          0:00 /usr/sbin/vmware-authdlauncher

0 Kudos
WoodyZ
Immortal
Immortal
‎11-15-2012 05:27 AM
Jump to solution

vmware-authdlau 1419 root    8u  IPv4  12139      0t0  TCP *:902 (LISTEN)
hostd-worker    1732 root   27u  IPv4   8818      0t0  TCP *:https (LISTEN)
hostd-worker    1732 root   32u  IPv4   8822      0t0  TCP localhost:8307 (LISTEN)

I haven't done it however If you're not going to use Shared VM's then I see no harm in commenting out the above entries.  It wouldn't permanently break anything and you certainly can easily uncomment if/when necessary.

0 Kudos
martin23
Contributor
Contributor
‎11-15-2012 06:21 AM
Jump to solution

Ah...  Simpler than I thought!    I've successfully bodged the VMware host startup scripts as follows.

1. In /etc/init.d/vmware

Comment out the line:

         vmware_exec 'VMware Authentication Daemon' vmware_start_authdlauncher
Add the following line:
         echo 'Skipping: VMware Authentication Daemon'

2. In /etc/init.d/vmware-workstation-server

After the line:

          ### END INIT INFO

Add two new lines:

          echo Aborting launch of vmware-workstation-server

          exit 0

After rebooting the host, the listeners on port 443 and 902 are no longer present.  But the VMware Workstation still works perfectly when started successfully from the GUI (Ubuntu 12.04). Smiley Happy

Is there a simple way to report this to VMware for review?   It shouldn't be necessary to bodge their startup scripts to prevent unnecessary services from launching by default.

Kind regards,

- Martin

0 Kudos
WoodyZ
Immortal
Immortal
‎11-15-2012 08:31 AM
Jump to solution

Is there a simple way to report this to VMware for review?   It shouldn't be necessary to bodge their startup scripts to prevent unnecessary services from launching by default.

Have a look at: Making a VMware feature request

0 Kudos