After carrying out a pen test on our servers, we find there’s multiple Netdrive ports open. Are we able to close these to the public WAN adapter or restrict them to a set of Netdrive servers IP’s?
Ports showing open below.
ndagent.exe (Netdrive) TCP:48879, TCP:48880, TCP:49879
bdcrashsender.exe (Netdrive) TCP: 50011, TCP:50012
Those ports are used to communicate between NetDrive processes. You can restrict access to those ports with ‘Windows Defender Firewall with Advanced Security’ tool.
Please add inbound rules to restrict access from public network.
Thanks support team. Is there a specific range of ports that I can block externally for net drive or have I already covered them, TCP 48879, 48880 , 49879 , 50011, 50012 & 32564?
NetDrive’s subprocess ndagent looks for available ports from 48879 and pick two ports available.
NetDrive’s subprocess nd3svc looks ports from 49879 and pick a port available.
Bdcrashsender looks for available ports from 50011 and pick two ports available.
I’m not sure about NetDrive.exe’s port 32564. Is it listening on 0.0.0.0 on port 32564?
Yep It’s listening on 32564 on 0.0.0.0 but after looking further that’s NetDrive2 application which we can uninstall, as the servers using the netdrive3 app.