Discussions specific to the VMware vSphere hypervisor
Post Reply
TimoW
Service Provider
Posts: 21
Liked: 2 times
Joined: Nov 27, 2014 2:20 pm
Full Name: Timo Wende
Contact:

Connections from ESXi to Veeam? (not Veeam to ESXi)

Post by TimoW »

Dear Community,
until now I was always of the opinion that Veeam does not need any incoming communication. However, yesterday we had a message from the virus scanner on the Veeam server that an incoming TCP connection was blocked.

Specifically, it was about the connection
Source: ESXi host
Destination: Veeam host, port tcp/902

That the communication in the other direction (Veeam -> ESXi) is needed is clear to me. But also in the opposite direction?
Or should I worry about possible malicious code on the ESXi host? Very strange.
Any clarification would be highly appreciated. Thank you!

Kind regards,
Timo

PetrM
Veeam Software
Posts: 2442
Liked: 393 times
Joined: Aug 28, 2013 8:23 am
Full Name: Petr Makarov
Location: Prague, Czech Republic
Contact:

Re: Connections from ESXi to Veeam? (not Veeam to ESXi)

Post by PetrM »

Hi Timo,

I'm not aware of any case when the incoming connection is needed. Any chance it was a false-positive alarm happened after TCP handshake or a technical issue with AV reporting?

I would try to find an exact timestamp from AV logs and look for the same timestamp in our debug logs. One more idea is to run Wireshark on Veeam Server or on proxy and to check whether there are some incoming packets. I believe our support team can help with both of these tasks.

Thanks!

Andreas Neufert
VP, Product Management
Posts: 6146
Liked: 1278 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Connections from ESXi to Veeam? (not Veeam to ESXi)

Post by Andreas Neufert »

Correct, there is no service from us operating on incoming TCP 902. Can you please ask the firewall team about the exact details of the connection drop.
Likely it was an asnwer to a malformed package header or so.

I would as well update to latest Veeam version and monitor it there.

soncscy
Expert
Posts: 637
Liked: 305 times
Joined: Aug 04, 2019 2:57 pm
Full Name: Harvey Carel
Contact:

Re: Connections from ESXi to Veeam? (not Veeam to ESXi)

Post by soncscy » 1 person likes this post

Was it actually a connection attempt blocked or was it just some signature alert that fired off?

If it's signature based scanning/reporting, almost certainly it's a false positive. If you don't see it happening repeatedly, I wouldn't spend the time chasing it down.

Andreas Neufert
VP, Product Management
Posts: 6146
Liked: 1278 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Connections from ESXi to Veeam? (not Veeam to ESXi)

Post by Andreas Neufert »

I saw similar reporting in firewalls when ESXi sent misformed package as answer back to our attempt to work with NFC (TCP902 on the ESXi host). => Can be ignored as when we do not get answer we will ask again.

Post Reply

Who is online

Users browsing this forum: bfzg and 12 guests