At 15:53 21/06/01 -0400, Gary Flynn wrote:
>Truman Boyes wrote:
> >
> > if you are listening on 80/udp or 443/udp, sure its valid. if you are not,
> > then it is invalid. the same would be true for tcp, regardless if it is
> > common practice to bind web services on these ports. if are not running a
> > web server which is binding to these ports, then the traffic is invalid.
>
>Let me rephrase. Are there any known applications, other than DDOS tools,
>that use UDP packets and communicate on ports 80 or 443?
If 80/udp is used in a "standard" manner, then this should be HTTP over UDP.
(check the IANA port numbers).
http://www.sun.com/research/technical-reports/1999/abstract-71.html
http://www.ics.uci.edu/pub/ietf/http/draft-goland-http-udp-01.txt
same for 443/udp. that is, it should be http over ssl over udp.
If these packets are going to an windo$ host, you might want to read
http://www.pwg.org/hypermail/ipp/3704.html
(IPP stands for Internet Printing Protocol).
But Truman is right anyway! check the hosts to which these packets are
sent (if they are yours) and find what services are listening. If they are
legitimate, you should be able to find a documentation (otherwise, complain
to your vendor:)...
cheers,
mouss
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
