Typically, connections come from unprivileged ports. The destination is a mixed bag. Some services run on privileged ports, some done. Web and mail are examples of things that run on privileged ports. Databases (mysql 3306, postgresql 5432) are examples of things that don’t run on privileged ports.
Best practice is to either block or drop connections to ports where you aren’t running services. The choice is yours. The difference is that block sends a communication back to the sender letting them know communication is prohibited, drop does not do this. > On Apr 21, 2017, at 7:02 PM, Michael Christopher Robinson > <[email protected]> wrote: > > I'm getting a lot of probes from unprivileged TCP ports to unprivileged > TCP ports on my Internet connected server. No connections, but I'm > wondering if I should just reject these? Same for UDP. What protocols > might I use that would require connection in the unprivileged port > range for both client and server? I'm not running ftp on this server. > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > > -- Louis Kowolowski [email protected] Cryptomonkeys: http://www.cryptomonkeys.com/ Making life more interesting for people since 1977 _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
