]HackingTeam[ KnowledgeBase Product
Search:     Advanced search

Firewall Collector

Article ID: 78
Last updated: 18 Feb, 2015


Contrary to the DB server, the Collector system is exposed to Internet because it has to communicate with the anonymizers (sometimes also with Google Maps). The DB server is located on an internal network.



Collector configuration:

  • rcs-collector-config -u[user] -p[password] -t
  • rcs-collector-config –u[user] –p[password] -s
  • -d [name or backend address]

Three services run on the collector:

  • RCS Collector listens to the port 80, receives the evidences coming from the nearest anonymizer and saves them locally;
  • RCS Carrier takes the evidences saved locally and sends them to the DB server;
  • RCS Controller checks if the anonymizers are online (outgoing connection).

!!! ⇒ The reason why we speak of outgoing connection is that the Windows firewall is configured to ALLOW all outgoing connections and DENY all ingoing connections (all but the following two).

When the RCS Collector service runs, it creates 2 rules in the Windows firewall:

  1. RCS_FWC Master to collector allows the (ingoing) connection through the port 443 of DB server towards any local port;

  2. RCS_FWC First Anonymizer to Collector allows ingoing connection through port 80 ONLY to the first anonymizer.

The second rule is used to avoid leaving the port 80 open to all and filter only connections coming from the IP of the first anonymizer.

It could happen that when you start the RCS Collector service, the anonymizer chain is not yet configured. In this case the rule no. 2 cannot be created because the first anonymizer IP address is not yet known.

Article ID: 78
Last updated: 18 Feb, 2015
Revision: 3
document Public
Views: 9
Comments: 0
This article was:   Helpful | Not helpful
collector firewall

Prev   Next
Configure the communication between Frontend and Backend     Firewall rules