[Koha] Why are there two SIP2 ports in Koha?

Chris Cormack chrisc at catalyst.net.nz
Wed Aug 29 07:34:30 NZST 2018


Some self check machines operate SIP2 over telnet instead of raw. It's no more secure but some older machines work that way.

Of course SIP2 is hideously insecure so those ports should never be exposed except on localhost and run through stunnel or a VPN.

If you expose unencrypted SIP2 traffic on a network then you are sending all sorts of personal info unencrypted, most likely violating the GDPR. And definitely opening yourself up to being compromised

(it's trivial to capture the user and password of the SIP2 user at the very least)

Chris 

On 29 August 2018 7:21:03 AM NZST, Michael Kuhn <mik at adminkuhn.ch> wrote:
>Hi
>
>When using the standard configuration in file "SIPconfig.xml" after 
>enabling and starting the SIP2 servers there are two ports:
>
>     <service
>       port="8023/tcp"
>       transport="telnet"
>       protocol="SIP/2.00"
>       timeout="60" />
>
>     <service
>       port="127.0.0.1:6001/tcp"
>       transport="RAW"
>       protocol="SIP/2.00"
>       client_timeout="600"
>       timeout="60" />
>
>We have just reconfigured the following line
>
>       port="10.0.0.1:6001/tcp"
>
>and our 3M SelfCheck System Model 8420 can successfully connect and 
>communicate via port 6001, without needing to add any sign in commands 
>in expect syntax (which is needed when using port 8023 via telnet, as
>it 
>is described in 
>https://wiki.koha-community.org/wiki/Setting_up_Koha_SIP_and_3M_machines
>).
>
>Can someone please explain why there are two ports? Are these just 
>offering the same functionality in two different ways (telnet, RAW), or
>
>is it maybe recommended to use telnet for some unknown security
>reasons?
>
>Best wishes: Michael
>-- 
>Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg.
>Fachausweis
>Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz
>T 0041 (0)61 261 55 61 · E mik at adminkuhn.ch · W www.adminkuhn.ch
>_______________________________________________
>Koha mailing list  http://koha-community.org
>Koha at lists.katipo.co.nz
>https://lists.katipo.co.nz/mailman/listinfo/koha

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.


More information about the Koha mailing list