Port 524 is used by Netware NCP requests. This seems to be the central port for netware 5, see http://www.novell.com/coolsolutions/netware/features/a_ports_nw5_nw.html
Port 445 is used by M$ for SMB-Traffic without netbios support, see http://www.incidents.org/archives/intrusions/msg01945.html Manfred Michael D. Schleif schrieb: > > We are managing several remotely located DCD firewalls. > > Yesterday, on one of these firewalls, we began seeing several of these: > > Jan 8 17:12:31 trout kernel: Packet log: input DENY eth0 PROTO=6 > a.b.c.157:63882 x.y.z.86:524 L=48 S=0x00 I=15350 F=0x4000 T=112 SYN > (#45) > > Jan 8 17:12:55 trout kernel: Packet log: input DENY eth0 PROTO=6 > a.b.c.157:63884 x.y.z.86:445 L=48 S=0x00 I=15570 F=0x4000 T=112 SYN > (#45) > > Coincidentally, around these same times -- *no* direct correlation, yet > -- we were doing testing, trying to get windoze networking working > across the ipsec gateways, also established between these same two > firewalls. > > However, a.b.c and x.y.z are the un-encrypted, external addresses of > these firewalls. > > <http://www.echogent.com/cgi-bin/fwlog.pl> doesn't really answer the > questions about what is happening here. > > What do you think? > > -- > > Best Regards, > > mds > mds resource > 888.250.3987 > > Dare to fix things before they break . . . > > Our capacity for understanding is inversely proportional to how much we > think we know. The more I know, the more I know I don't know . . . > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user -- Manfred Schuler Beerenweg 4 31275 Lehrte Tel.: (0 51 75) 66 54 Fax: (07 21) 1 51 22 22 17 E_Mail: mailto:[EMAIL PROTECTED] _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
