If you are looking for clues about incoming packets, also look at the
source address.
We seem to have a lot of packets which use a well-known in source port to
attempt to evade simple packet filters that allow "established" conections
on well-knows ports (http on port 80/tcp for instance).
In these instances the destination port is not that important (generally
just slightly > 1024 or >32000).
The intruders are attempting network mapping looking for the FIN versus
RST flags.
To:
[EMAIL PROTECTED]
cc:
(bcc: Bill Royds/HullOttawa/PCH/CA)
Subject:
Port info
Perhaps I should have included a bit more information in my port info
request. I have looked high and low for information on these ports. I
have 4 or 5 different lists sitting in front of me, but nothing on these
particular ones. I apologize if I confused anyone. And, by the way,
thanks to all the guys who sent my pointers for the Iana link, you guys
are on top of it.
James
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
