Jump to content

Recommended Posts

Hi,

 

I've read the FAQ (http://support.immunet.com/index.php?/topic/2327-my-immunet-agent-is-offline-what-do-i-do/ and http://support.immunet.com/index.php?/topic/1849-manually-configure-ports-in-your-firewall/) which states the ports; The UDP port 53 and the TCP ports 80, 443 and 32137 needs to be open in the firewall.

 

What domains and IP addresses are immunet using? I'm running an IPS on my firewall and I want to whitelist your domains and IPs aswell.

  • Like 1

Share this post


Link to post
Share on other sites

Hello idarlund, may I suggest you send this Administrator a personal message regarding your inquiries pertaining to this information. http://support.immunet.com/index.php?/user/33373-bcouncil/

 

Regards, Ritchie...

 

Thanks for your reply Ritchie. I've sent my question to bcouncil the 7th of January and a follow up on the 19th of January. He has not responded to either.

Does anyone else know what domains and IPs this service is using?

Share this post


Link to post
Share on other sites

He is a she btw. That's what Christine wanted me to do, send any questions or issues her way if I can't provide the correct answers myself. I have no idea why you didn't get a response to your original PM to her.

 

I don't think that this is considered proprietary information that shouldn't be divulged considering I have easy access to some of that data with the Comodo Firewall that I use.

 

My advice would be to send her another personal message and if no response within a day or two then try contacting Support directly via email at this URL: support@immunet.com.

 

Thanks for your patience regarding this.

Cheers, Ritchie... 

Share this post


Link to post
Share on other sites

Got a reply from Christine.

Since this could be of interest for more than me, I'm posting the reply here:

 

Here is a list of domains and urls used by Immunet. Most of them use ports 80, 443.

 

 

These domains mostly  useport  443/ssl, but may fall back to  80/http, and also occasionally use 32137  tcp & udp.

 

update.immunet.com

cloud-consumer-asn.immunet.com  

cloud-nfm.immunet.com

fmd.immunet.com

submit.immunet.com

console.amp.cisco.com

https://crash.immunet.com

cloud-consumer-est.immunet.com

https://consumer-event.immunet.com

https://consumer-mgmt.immunet.com

https://policy.amp.cisco.com

50.16.57.96

50.16.120.26

50.16.122.1

50.16.157.87

67.202.39.9

174.129.187.1

184.72.79.33

184.72.92.143

 

public-cloud.immunet.com

ws.immunet.com

http://www.immunet.com/

http://support.immunet.com/

https://enterprise-m....sourcefire.com

 

 

 

current.cvd.win.clamav.net is accessed via a dns query (port 53), and returns  the ip of the nearest least busy clam AV definitions server. Keep an eye on the Up to date icon in the bottom right of Immunity’s interface and if it’s not a green checkmark  click update now and if it still doesn’t change to a green checkmark after the update finishes then likely immunet can’t reach the appropriate clamAV definitions sever. 

 

Unfortunately the direct ip addresses immunet connects to aren’t necessarily long lived can’t reliably be whitelisted.   There generally only used in the case of dns lookups failing continuously.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×