Gotcha, these are all outbound ports. We have pretty much everything
inbound blocked. I'm just curious as to what they are originating from.
Unfortunately the owner of my company wants everyone who works here to
have complete access to the internet... including chat apps, napster
clones, etc. It's a pain in the butt let me tell you. Again, thanks for
everyones assistance, you guys have been great.
James
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 7:31 AM
To: James Drake
Cc: [EMAIL PROTECTED]
Subject: Re: Port info
If you are looking for clues about incoming packets, also look at the
source address.
We seem to have a lot of packets which use a well-known in source port
to
attempt to evade simple packet filters that allow "established"
conections
on well-knows ports (http on port 80/tcp for instance).
In these instances the destination port is not that important
(generally
just slightly > 1024 or >32000).
The intruders are attempting network mapping looking for the FIN versus
RST flags.
To:
[EMAIL PROTECTED]
cc:
(bcc: Bill Royds/HullOttawa/PCH/CA)
Subject:
Port info
Perhaps I should have included a bit more information in my port info
request. I have looked high and low for information on these ports. I
have 4 or 5 different lists sitting in front of me, but nothing on these
particular ones. I apologize if I confused anyone. And, by the way,
thanks to all the guys who sent my pointers for the Iana link, you guys
are on top of it.
James
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
