This would make an excellent FAQ. If one of you would like to write it up and finish it, I would be more than willing to format it and submit it.
On Monday 19 August 2002 01:34, Jeff Newmiller wrote: > On Sun, 18 Aug 2002, Greg Morgan wrote: > > Manfred Schuler wrote: > > > Hi all, > > > > > > in the last few weeks I discovered some unknown traffic on my > > > firewall. I inserted a rule to log all traffic on the input and > > > output chains and found that the incoming packet is neither > > > rejected nor denied, but answered by the firewall. I am using a > > > stock eigerstein2beta firewall with no port redirection and no > > > additional ports opened. > > > > > > What I don't understand is why the packets are not denied and who > > > is responding to this packets. > > > > <snip> > > > > Manfred, > > > > I've never seen these ports before, but hey with 65K available port > > numbers, there are all kinds of services available. ;-) I was > > curious so I spent some time looking into your question. I may or > > may not have answered the question for you, but I guess it did give > > me a chance to get up on the soap box. >:-> (evil grin) > > Careful... it looks unsteady up there... don't use a weak > foundation... > > > A port is also called a service. > > Not correctly. A service is the program that responds when the port > is accessed. > > > The services are defined in /etc/services. > > This file defines your mapping of services to ports. The fact that > we usually stick with the one provided is beside the point, and we > (and certainly the untrusted masses "out there") may choose to modify > it at any time, so all our interpolations from "ports" in the > firewall log is just overly-educated guesswork. :) > > > A protocol, > > which you failed to define in context... tcp and udp are the most > common protocols in the Internet Protocol sense of the word, and if > you are only interested in vanilla internet activity it is easy to > forget that others exist that don't even include the concept of > "ports". Many people also regard "http" and "ftp" and "CIFS" as > protocols, but that is a confusingly different usage of the term than > the one you are referring to. The only way to be sure which > "protocols" help define a socket is to refer to the software > documentation for your networking stack, because sockets are not > limited even to the Internet Protocol... they can be used with > Appletalk, IPX, or even "internal" communications methods that are > not network related. > > > plus, a port number, and an ip address > > equals a socket that an application uses to talk to another > > application. > > Via tcp or udp. Other protocols may omit the port and still have > sockets. In fact, the "ports" defined by udp may be assigned to > completely different services than the "ports" defined by tcp, though > in the typical case for a given "port number" only the tcp or udp > version is actually used and the other is reserved to avoid > confusion. > > > All this information is supplied in case you didn't know > > this. > > The "socket" is a software construct that is not really necessary to > understand in order to read a firewall log. Nice background if you > know it, but not germane to any of the points you make after this, > regrettably confusing if described correctly, and unfortunately wrong > if presented too simplistically. > > > I'd say that you didn't realize that you are running some sort of > > peer to peer file sharing service, or you are running one and > > didn't know the mechanics of how it works. Perhaps you are > > running Kazaa? > > I think you are on target from this point forward. > > [Very nice subsequent analysis based on ip addresses and ports > omitted.] > > --------------------------------------------------------------------- >------ Jeff Newmiller The ..... ..... > Go Live... DCN:<[EMAIL PROTECTED]> Basics: ##.#. > ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research > Engineer (Solar/Batteries O.O#. #.O#. with > /Software/Embedded Controllers) .OO#. .OO#. > rocks...2k > --------------------------------------------------------------------- >------ > > > > > ------------------------------------------------------- > This sf.net email is sponsored by: OSDN - Tired of that same old > cell phone? Get a new here for FREE! > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 > --------------------------------------------------------------------- >--- leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
