Hello Elisabeth, looks like you are running Sun Solaris somewhere, because this is one of the ports Solaris regularly uses for an RPC service.
Try 'rpcinfo -p' on the offending system (if it is Sun) and check for a rule, allowing RPC traffic. Check Point defines RPC as an RPC service number (like 100003 is NFS) independent of the port and automatically tracks the ports. Chris. > -----Urspr�ngliche Nachricht----- > Von: Elisabeth Wonders [mailto:[EMAIL PROTECTED]] > Gesendet: Montag, 22. Oktober 2001 16:36 > An: [EMAIL PROTECTED] > Betreff: [FW-1] multiple connections using service 32778 > > > During a 15 minute span this morning, my active log showed 40-50 > connections from about 10 different source IPs (some of which I could > resolve, some not) to my firewall, all using service 32778. > One of the > IP's had 20 concurrent connections. > > Two questions: > > What is that service used for? It was listed as unassigned > at IANA's site > http://www.iana.org/assignments/port-numbers > > Why did my "Any -- firewall -- Any -- Drop" rule not catch this? > > I've added a rule just to block this mystery traffic until I > get a handle > on what it is. > > TIA for any help/opinions you may have to offer. > > Elisabeth > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
