Re: [PLUG] Unprivileged ports to unprivileged ports...
Agree with using DROP for bad traffic. IMO, the only time to expend the effort to REJECT is if you care about the client. On Fri, Apr 21, 2017, 19:06 Chuck Hastwrote: > I have always liked "drop". > > On Fri, Apr 21, 2017 at 6:05 PM, Cryptomonkeys.org < > lou...@cryptomonkeys.org > > wrote: > > > Typically, connections come from unprivileged ports. The destination is a > > mixed bag. Some services run on privileged ports, some done. Web and mail > > are examples of things that run on privileged ports. Databases (mysql > 3306, > > postgresql 5432) are examples of things that don’t run on privileged > ports. > > > > Best practice is to either block or drop connections to ports where you > > aren’t running services. The choice is yours. The difference is that > block > > sends a communication back to the sender letting them know communication > is > > prohibited, drop does not do this. > > > > > > > On Apr 21, 2017, at 7:02 PM, Michael Christopher Robinson < > > mich...@robinson-west.com> wrote: > > > > > > I'm getting a lot of probes from unprivileged TCP ports to unprivileged > > > TCP ports on my Internet connected server. No connections, but I'm > > > wondering if I should just reject these? Same for UDP. What protocols > > > might I use that would require connection in the unprivileged port > > > range for both client and server? I'm not running ftp on this server. > > > ___ > > > PLUG mailing list > > > PLUG@lists.pdxlinux.org > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > > > > > > -- > > Louis Kowolowskilou...@cryptomonkeys.org > > Cryptomonkeys: > > http://www.cryptomonkeys.com/ > > > > Making life more interesting for people since 1977 > > > > ___ > > PLUG mailing list > > PLUG@lists.pdxlinux.org > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > > -- > > Chuck Hast -- KP4DJT -- > Glass, five thousand years of history and getting better. > The only container material that the USDA gives blanket approval on. > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Unprivileged ports to unprivileged ports...
I have always liked "drop". On Fri, Apr 21, 2017 at 6:05 PM, Cryptomonkeys.orgwrote: > Typically, connections come from unprivileged ports. The destination is a > mixed bag. Some services run on privileged ports, some done. Web and mail > are examples of things that run on privileged ports. Databases (mysql 3306, > postgresql 5432) are examples of things that don’t run on privileged ports. > > Best practice is to either block or drop connections to ports where you > aren’t running services. The choice is yours. The difference is that block > sends a communication back to the sender letting them know communication is > prohibited, drop does not do this. > > > > On Apr 21, 2017, at 7:02 PM, Michael Christopher Robinson < > mich...@robinson-west.com> wrote: > > > > I'm getting a lot of probes from unprivileged TCP ports to unprivileged > > TCP ports on my Internet connected server. No connections, but I'm > > wondering if I should just reject these? Same for UDP. What protocols > > might I use that would require connection in the unprivileged port > > range for both client and server? I'm not running ftp on this server. > > ___ > > PLUG mailing list > > PLUG@lists.pdxlinux.org > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > > -- > Louis Kowolowskilou...@cryptomonkeys.org > Cryptomonkeys: > http://www.cryptomonkeys.com/ > > Making life more interesting for people since 1977 > > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > -- Chuck Hast -- KP4DJT -- Glass, five thousand years of history and getting better. The only container material that the USDA gives blanket approval on. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Unprivileged ports to unprivileged ports...
Typically, connections come from unprivileged ports. The destination is a mixed bag. Some services run on privileged ports, some done. Web and mail are examples of things that run on privileged ports. Databases (mysql 3306, postgresql 5432) are examples of things that don’t run on privileged ports. Best practice is to either block or drop connections to ports where you aren’t running services. The choice is yours. The difference is that block sends a communication back to the sender letting them know communication is prohibited, drop does not do this. > On Apr 21, 2017, at 7:02 PM, Michael Christopher Robinson >wrote: > > I'm getting a lot of probes from unprivileged TCP ports to unprivileged > TCP ports on my Internet connected server. No connections, but I'm > wondering if I should just reject these? Same for UDP. What protocols > might I use that would require connection in the unprivileged port > range for both client and server? I'm not running ftp on this server. > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > > -- Louis Kowolowskilou...@cryptomonkeys.org Cryptomonkeys: http://www.cryptomonkeys.com/ Making life more interesting for people since 1977 ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] Unprivileged ports to unprivileged ports...
I'm getting a lot of probes from unprivileged TCP ports to unprivileged TCP ports on my Internet connected server. No connections, but I'm wondering if I should just reject these? Same for UDP. What protocols might I use that would require connection in the unprivileged port range for both client and server? I'm not running ftp on this server. ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug