Just adding a short note:
It is correct that port 1590 probably is the - let's say the "client"-port
from A.
But port 113 is an authentication service from the remote mailserver.
In most cases you don't wanna let this through.
As mentioned in RFC1700:
auth 113/tcp Authentication Service
auth 113/udp Authentication Service
Sveinung
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 17. desember 1999 14:33
To: Wolfgang Rau
Cc: Oscar Rau; Firewalls
Subject: Re: Question about ports
Not entirely correct.
When system A makes an TCP connection to system B, the connection to B will
be
on a well known or pre-arranged port number (for this discussion, I will use
port 80).
When the connection leaves system A it will be on given port (lets use
21000).
OK, the tuples for the connection are A:21000 <-> B:80. Now then, lets open
up a
new
connection (as a lot of HTTP clients do) to the same system. So A sends a
connection
to port 80 on system B. What port is opened up an A to send the connection
from
???
Well, if it tries port 21000, it will fail as the port is still open for the
first connection. But,
even if it did (due to programatic error) manage to open up port 21000
again,
the real
problem is in the traffic flow.
Picture this:
1) Connection 1, System A(21000) sends a packet to System B(80)
2) Connection 2, System A(21000) sends a packet to System B(80)
3) System B(80) sends back a reply to System A(21000).
Question ??????? What connection does the reply get received by ????
So that said, every TCP connection is made up of 4 units (i think they are
called tuples).
they are:
1) Source Address
2) Source Port
3) Destination Address
4) Destination Port
Combined, they must be unique for every session. The same 4 tuples may be
used after the connection is closed and a certain amount of time has
expired.
Does this help ???
----------------------------------------------------------------------------
----
Jerry T. Kendall, CISSP Celestica International Inc.
Manager, Worldwide Information Security 12 Concorde Place, 7th Floor
Corporate Information Security Toronto, Ontario, M3C 3R8,
CANADA
http://www.celestica.com Tel: +1.416.386.7739
[EMAIL PROTECTED] Fax: +1.416.386.7707
----------------------------------------------------------------------------
----
Wolfgang Rau <[EMAIL PROTECTED]> on 12/17/99 03:45:30 AM
To: Oscar Rau <[EMAIL PROTECTED]>
cc: Firewalls <[EMAIL PROTECTED]> (bcc: Jerry
Kendall/Inc/Celestica)
Subject: Re: Question about ports
Port 113/tcp: authentication.
The other port is random (see RFC for TCP and SMTP).
Wolfgang Rau
On Thu, 16 Dec 1999, Oscar Rau wrote:
>
> I have a question about ports. When you access some server you get a
connection
> back on a different port. For example, Netscape server is on port 80 and
it
comes
> back to a different port on the client.
>
> My mail server is on port 25. When the mail goes out, the relay server
connects
> back on port 1590 and 113. Why is this done? Is it some form of
acknowledgement or
> authentication?
>
> Oscar Rau
> [EMAIL PROTECTED]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
