Re: What to look at, source or destination port?

Wed, 23 Jul 2003 08:19:44 -0700

Hi there,

UDP is not a connection-oriented protocol as TCP is, so it is more difficult to track it by a mean firewall (i.e. it's quite difficult to find out which peer is the origin of the communication). You should determine if there is more entries in the logs like those, group them by source port and see if the destination port it's the same.

Anyway it's a good practice to allow to pass through the firewall only packets belonging to well known UDP protocols.

I hope this information is useful to you.

Best regards,
Jose Joaquin.




From: "Nathan" <[EMAIL PROTECTED]>
Reply-To: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
CC: <[EMAIL PROTECTED]>
Subject: What to look at, source or destination port?
Date: Tue, 22 Jul 2003 12:57:06 -0400

07/19/2003 04:33:30.688 - UDP packet dropped - Source:10.30.9.60, 1042,
LAN - Destination:remote.ip.address.x, 1948, WAN - -
07/19/2003 04:35:48.912 - UDP packet dropped - Source:10.30.9.60, 1042,
LAN - Destination:remote.ip.address.x, 1948, WAN - -
07/19/2003 04:37:34.384 - UDP packet dropped - Source:10.30.9.60, 1042,
LAN - Destination:remote.ip.address.x, 1948, WAN - -
07/19/2003 04:40:41.576 - UDP packet dropped - Source:10.30.9.60, 1042,
LAN - Destination:remote.ip.address.x, 1948, WAN - -
07/19/2003 03:16:22.432 - UDP packet dropped - Source:10.30.9.60, 1042,
LAN - Destination:remote.ip.address.x, 1948, WAN - -

I recently saw these logs come across my friends firewall. I'm trying to
determine what is going on here. I looked up the remote.ip.address.x and it
was a AT&T Worldnet user. The destination port, 1948, is listed as eye2eye.
Well, I looked at eye2eye's website (www.iosoftware.com) and found nothing
about 1948. A user would have to configure the securesite software to use
that port specifically - which is not the case. My question to the list is,
is the source port what I should be looking at in these connections, or the
destination port?

-Nathan


_________________________________________________________________
Localiza y ponte en contacto con tus antiguos compa�eros de clase en MSN Compa�eros. http://mipasado.msn.es/


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Reply via email to