Hi Chris,
Rest assured that your box is behaving normally. It's normal to send data
to a registered port (http, ftp, etc) and receive data back on a 'high port'
(1024-65535). Most ipchains scripts include rules to allow return traffic
in on ports 1024-65535. Hopefully the 2.4 kernel with it's stateful
inspection will be released soon and we can plug this hole.
Are there specific high ports you need to block for some reason? I have seen
firewall scripts that will block out the high ports used by netbus, back
orifice, trinoo, etc. but since many of these 'programs' allow the hacker to
change the ports, I don't bother. I do block the xwindows ports
(6000-6004), however.
Anyway, I hope I answered your questions.
Good Luck!
Kevin
>From: "Chris Harvey" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: <[EMAIL PROTECTED]>
>Subject: Port education required
>Date: Thu, 12 Oct 2000 14:03:19 -0400
>
>Folks,
>I'm trying to close down some of the ports on my machine that are in the
>1024 to 65535 range, and ideally I'd like to close them all down unless
>there is an application that I know is listening on that given port.
>
>What I see happening though is kind of interesting. If I make a DNS call or
>SMTP, or basically anything including HTTP. The initial call goes out of
>the
>registered port, 53, 25 and 80 respectively. However the response may come
>back in on a completely different port, usually in the range of 1037 to
>about 28xx. Is this standard TCP/IP behaviour?
>
>I'm assuming my machine is making a call into another machine on the
>registered port for the service, but also passing an alternative port
>number
>that a response should be sent back on.
>
>Therefore do I have to leave a range of ports open so that these
>conversations can happen between applications without opening up the whole
>range? Is the range defined anywhere, can I define it? Anyone know of any
>sources I can read up on this?
>
>BTW: I don't have portmapper running on the machine as I heard that was for
>NFS. Is that right?
>
>Chris
>
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
