Avishai Wool wrote:
>
> Not sure where those port >60000 packets are coming from, but:
>
> I've seen tftp implementations that do funny things with port numbers.
> Specifically, if C is client and S is server,
> C --> S src-port=N1 dst-port=69
> S --> C src-port=N2 dst-port=N1
That's how TFTP works. It negotiates dynamic port numbers to use
in the file transfer. It gets a LOT more interesting when the TFTP
server chooses ports in the 1024--10000 range. (Argh!)
>From http://www.ietf.org/rfc/rfc1350.txt page 5:
1. Host A sends a "WRQ" to host B with source= A's TID,
destination= 69.
2. Host B sends a "ACK" (with block number= 0) to host A with
source= B's TID, destination= A's TID.
Where "TID" is "Transaction ID", which is to be "randomly chosen";
the standard places no constraints on the TIDs other than that they
should be 1--65535 except for 69. The TIDs are used as port numbers.
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
"Senex semper diu dormit"
--
Firewalls mailing list - [ [EMAIL PROTECTED] ]
To unsubscribe: http://www.isc.org/services/public/lists/firewalls.html