Incorrect 1024-65535 are the random TCP ACK ports.
Just do a netstat -an and you'll see TCP 0.0.0.0:{GT 5000) LISTENINGAlso, only a state based firewall will allow the TCP back channel ports by default. An access list in a router will need to have GT 1024 explicitly told to pass the back channel ports. RE: DNS on port 53. You only need TCP port 53 if you're doing zone transfers otherwise UDP 53 will be enough. I guess my question is why you're blocking outbound from your email server? Also, you said you were "shutting them down". How were you doing this? > >ON A WINDOWS MACHINE THE OUTGOING PORTS ARE BETWEEN 1024 AND > 5000 BY DEFAULT. > > However, a firewall won't care about the outgoing ports when > a connection is made to a server. > > For example, if you block all outgoing ports except port 80 > (to allow WWW connections from local computer to servers on > the Internet), the client will use a port between 1024 and > 5000. *But*, the firewall will still allow the connection to > go through (since it is *to* port 80). > > Therefore, it is never necessary to tell a firewall about > ports 1024 and 5000. > > -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
