Re: [PLUG] Unprivileged ports to unprivileged ports...

2017-04-21 Thread Nathan Williams 
Agree with using DROP for bad traffic. IMO, the only time to expend the
effort to REJECT is if you care about the client.

On Fri, Apr 21, 2017, 19:06 Chuck Hast  wrote:

> I have always liked "drop".
>
> On Fri, Apr 21, 2017 at 6:05 PM, Cryptomonkeys.org <
> lou...@cryptomonkeys.org
> > wrote:
>
> > Typically, connections come from unprivileged ports. The destination is a
> > mixed bag. Some services run on privileged ports, some done. Web and mail
> > are examples of things that run on privileged ports. Databases (mysql
> 3306,
> > postgresql 5432) are examples of things that don’t run on privileged
> ports.
> >
> > Best practice is to either block or drop connections to ports where you
> > aren’t running services. The choice is yours. The difference is that
> block
> > sends a communication back to the sender letting them know communication
> is
> > prohibited, drop does not do this.
> >
> >
> > > On Apr 21, 2017, at 7:02 PM, Michael Christopher Robinson <
> > mich...@robinson-west.com> wrote:
> > >
> > > I'm getting a lot of probes from unprivileged TCP ports to unprivileged
> > > TCP ports on my Internet connected server.  No connections, but I'm
> > > wondering if I should just reject these?  Same for UDP.  What protocols
> > > might I use that would require connection in the unprivileged port
> > > range for both client and server?  I'm not running ftp on this server.
> > > ___
> > > PLUG mailing list
> > > PLUG@lists.pdxlinux.org
> > > http://lists.pdxlinux.org/mailman/listinfo/plug
> > >
> > >
> >
> > --
> > Louis Kowolowskilou...@cryptomonkeys.org
> > Cryptomonkeys:
> > http://www.cryptomonkeys.com/
> >
> > Making life more interesting for people since 1977
> >
> > ___
> > PLUG mailing list
> > PLUG@lists.pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
>
>
>
> --
>
> Chuck Hast  -- KP4DJT --
> Glass, five thousand years of history and getting better.
> The only container material that the USDA gives blanket approval on.
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Unprivileged ports to unprivileged ports...

2017-04-21 Thread Chuck Hast 
I have always liked "drop".

On Fri, Apr 21, 2017 at 6:05 PM, Cryptomonkeys.org  wrote:

> Typically, connections come from unprivileged ports. The destination is a
> mixed bag. Some services run on privileged ports, some done. Web and mail
> are examples of things that run on privileged ports. Databases (mysql 3306,
> postgresql 5432) are examples of things that don’t run on privileged ports.
>
> Best practice is to either block or drop connections to ports where you
> aren’t running services. The choice is yours. The difference is that block
> sends a communication back to the sender letting them know communication is
> prohibited, drop does not do this.
>
>
> > On Apr 21, 2017, at 7:02 PM, Michael Christopher Robinson <
> mich...@robinson-west.com> wrote:
> >
> > I'm getting a lot of probes from unprivileged TCP ports to unprivileged
> > TCP ports on my Internet connected server.  No connections, but I'm
> > wondering if I should just reject these?  Same for UDP.  What protocols
> > might I use that would require connection in the unprivileged port
> > range for both client and server?  I'm not running ftp on this server.
> > ___
> > PLUG mailing list
> > PLUG@lists.pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> >
>
> --
> Louis Kowolowskilou...@cryptomonkeys.org
> Cryptomonkeys:
> http://www.cryptomonkeys.com/
>
> Making life more interesting for people since 1977
>
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>



-- 

Chuck Hast  -- KP4DJT --
Glass, five thousand years of history and getting better.
The only container material that the USDA gives blanket approval on.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Unprivileged ports to unprivileged ports...

2017-04-21 Thread Cryptomonkeys.org 
Typically, connections come from unprivileged ports. The destination is a mixed 
bag. Some services run on privileged ports, some done. Web and mail are 
examples of things that run on privileged ports. Databases (mysql 3306, 
postgresql 5432) are examples of things that don’t run on privileged ports.

Best practice is to either block or drop connections to ports where you aren’t 
running services. The choice is yours. The difference is that block sends a 
communication back to the sender letting them know communication is prohibited, 
drop does not do this.


> On Apr 21, 2017, at 7:02 PM, Michael Christopher Robinson 
>  wrote:
> 
> I'm getting a lot of probes from unprivileged TCP ports to unprivileged
> TCP ports on my Internet connected server.  No connections, but I'm
> wondering if I should just reject these?  Same for UDP.  What protocols
> might I use that would require connection in the unprivileged port
> range for both client and server?  I'm not running ftp on this server.
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
> 
> 

--
Louis Kowolowskilou...@cryptomonkeys.org
Cryptomonkeys:   http://www.cryptomonkeys.com/

Making life more interesting for people since 1977

___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Unprivileged ports to unprivileged ports...

2017-04-21 Thread Michael Christopher Robinson 
I'm getting a lot of probes from unprivileged TCP ports to unprivileged
 TCP ports on my Internet connected server.  No connections, but I'm
wondering if I should just reject these?  Same for UDP.  What protocols
might I use that would require connection in the unprivileged port
range for both client and server?  I'm not running ftp on this server.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug