Hi there, It turns out that it is for RealAudio. What puzzled me was it changed the deny filter rule to a permit one as shown in the logs. When the firewall is set to support RealAudio, it permits 7070/TCP outdoing to a RealAudio server. After that the data stream is sent from the server using a range of UDP ports. The firewall has a deny-all rule which normally denies all incoming traffic, including UDP. But when it is RealAudio, the firewall dynamically changes the deny rule to a permit one. After the TCP connection is gone, the rule becomes a deny rule as before. Don Kelloway wrote: > > You've partially answered your own question. Look at the domain name of the > source. <grin> > > Real Audio uses UDP ports 6970 through 7170 as well as TCP 7070 > > Best Regards, Donald Kelloway > http://www.commodon.com > > -----Original Message----- > From: Peter Zhang <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> > Date: Wednesday, June 30, 1999 12:38 PM > Subject: Port 6970 > > >Hi there, > > > >I have seen thousands of packets with a destination port 6970 UDP, and > >sometimes 6971 (UDP) coming to us. The sources are such as: > >ra4.netradio.net, lomotil-4.real.com, nr-g2-2.paix.cef.net, etc. > >I don't know any services assigned to these two ports. Can anyone > >give any clue about this? > > > >TIA, > >-- > >Peter Zhang > >UCS, University of Calgary > >Tel (403)-220-4061 > > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] -- Peter Zhang UCS, University of Calgary Tel (403)-220-4061
begin:vcard n:Zhang;Peter tel;fax:(403)-282-9361 tel;home:(403)-239-0397 tel;work:(403)-220-4061 x-mozilla-html:FALSE url:http://www.ucalgary.ca/~zhangc/ org:University of Calgary;University Computing Services version:2.1 email;internet:[EMAIL PROTECTED] title:Programmer Analyst adr;quoted-printable:;;ES1010=0D=0A2500 University Drive, NW=0D=0A;Calgary;Alberta;T2N 1N4;CANADA x-mozilla-cpt:;6464 fn:Peter C.Y. Zhang end:vcard
