Not entirely correct.
When system A makes an TCP connection to system B, the connection to B will be
on a well known or pre-arranged port number (for this discussion, I will use
port 80).
When the connection leaves system A it will be on given port (lets use 21000).
OK, the tuples for the connection are A:21000 <-> B:80. Now then, lets open up a
new
connection (as a lot of HTTP clients do) to the same system. So A sends a
connection
to port 80 on system B. What port is opened up an A to send the connection from
???
Well, if it tries port 21000, it will fail as the port is still open for the
first connection. But,
even if it did (due to programatic error) manage to open up port 21000 again,
the real
problem is in the traffic flow.
Picture this:
1) Connection 1, System A(21000) sends a packet to System B(80)
2) Connection 2, System A(21000) sends a packet to System B(80)
3) System B(80) sends back a reply to System A(21000).
Question ??????? What connection does the reply get received by ????
So that said, every TCP connection is made up of 4 units (i think they are
called tuples).
they are:
1) Source Address
2) Source Port
3) Destination Address
4) Destination Port
Combined, they must be unique for every session. The same 4 tuples may be
used after the connection is closed and a certain amount of time has expired.
Does this help ???
--------------------------------------------------------------------------------
Jerry T. Kendall, CISSP Celestica International Inc.
Manager, Worldwide Information Security 12 Concorde Place, 7th Floor
Corporate Information Security Toronto, Ontario, M3C 3R8, CANADA
http://www.celestica.com Tel: +1.416.386.7739
[EMAIL PROTECTED] Fax: +1.416.386.7707
--------------------------------------------------------------------------------
Wolfgang Rau <[EMAIL PROTECTED]> on 12/17/99 03:45:30 AM
To: Oscar Rau <[EMAIL PROTECTED]>
cc: Firewalls <[EMAIL PROTECTED]> (bcc: Jerry Kendall/Inc/Celestica)
Subject: Re: Question about ports
Port 113/tcp: authentication.
The other port is random (see RFC for TCP and SMTP).
Wolfgang Rau
On Thu, 16 Dec 1999, Oscar Rau wrote:
>
> I have a question about ports. When you access some server you get a
connection
> back on a different port. For example, Netscape server is on port 80 and it
comes
> back to a different port on the client.
>
> My mail server is on port 25. When the mail goes out, the relay server
connects
> back on port 1590 and 113. Why is this done? Is it some form of
acknowledgement or
> authentication?
>
> Oscar Rau
> [EMAIL PROTECTED]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
att1.eml
