In the first case, I believe destination ports are usually written into a software. When a system tries to connect to another system, usually it is an application trying to connect. Usually the app drives the destination port. So in general, I believe it will not try another port dynamically. In general, you would have to manully configure it to use a different destination port
In the second case, source ports are usually random at first and then sequential, unless an app has been written with other specific instructions. So in general, yes, the original system would re-initiate the connection, and it would next use 1215 as a source (providing notheing else had already used it, but you get the picture). The other thing you might take into consideration is "how is the *rule* applied?" Is this a firewall rule? Is it a stateful firewall (e.g. Check Point)? If it is CP, for example, the second scenario would never happen, because the FW would look at the packet, realize that it matched an outgoing request (via the state table), and allow it without running it through the rulebase. HTH Nick On Fri, 2001-12-28 at 15:42, Rich Richenberg wrote: > Hello All, > We're having a debate here about whether a computer will "walk" ports if it > tries to connect to another system on one port and is unsuccessful. The port > in question is 1214. There is a rule in place that essentially sends a reset > to both systems if any IP tries to connect to any IP via TCP using > destination port of 1214. The scenarios are: > 1) An internal system tries to connect to another system (internal or > external) via TCP using a destination port of 1214. The rule kicks in and > both systems are sent a reset. Will the originating system try another > connection using another destination port or will it give up? > 2) An internal system opens a connection via TCP with a destination port of > 80. The reset will not be sent. However, the internal system used a source > port of 1214 so when the return traffic tries to come into that port, the > reset will be sent. Will the destination system try another port or will the > originating system try another connection? > Thanks, > Rich > > > Rich Richenberg > Technical Security Manager > Peregrine Systems, Inc. > > 3611 Valley Centre Drive > San Diego, California 92130 > (858) 350-5792 > fax (858) 481- 1751 > www.peregrine.com > > This message is intended for the addressee(s) only and contains confidential > and proprietary information to Peregrine Systems Inc. If you have received > this message in error, please notify the sender and destroy the message. > -- Nick Network Security Consultant CISSP, CCSI, MCSE, CCNA Lucent Technologies/NPS Raleigh, NC _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
