Hello.
I've noticed something a bit bizarre in the firewall log today.
Our firewall is on a DMZ, behind a Cisco router. I have packet filtering set
up on the router, allowing in only the things that are required. One of the
few things it lets through, which might have relevance to what I'm about to
say, is that ftp-data connections can be initiated to the firewall from
outside the company (otherwise FTP won't work).
What I found in the logs was a series of connections rising from source port
1024 and destination port 33434 to source port 1113 and destination port
33523. These connections were from our router to our firewall.
Now, because of the ftp-data rule on the router, connections with source
ports of 1024 and higher are allowed through to port 20 (or is it 21, I
always get those two muddled up?) on the firewall. But they're not allowed
through to any other destination ports! And another thing that strikes me as
bizarre is that these connections came from the router, and not apparently
from outside.
I'm afraid I've only fairly recently installed the router, and haven't yet
gotten around to setting up logging and auditing on it (which is something I
am desperately trying to get around to doing), so there's nothing useful I
can pull from there.
Any suggestions on this would be greatly appreciated.
Regards,
Matt.
--
Matt Brock, System Administrator, IPD
0171 643 9228 [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
