Hi John, Are your saying that you have or are thinking of configuring your firewall to filter out packets with non-privileged ports in the *source* address? If you could I would think this would shutdown a great deal of incoming traffic!! This is not what you want.
Jim Grossl Boise, Idaho USA -----Original Message----- From: John Horne [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 7:10 AM To: [EMAIL PROTECTED] Subject: Re: non-privileged port selection - how is it done? On 23-May-2002 at 12:56:33 Larry Mitchell wrote: > For a service like SMTP and POP the ports the servers use to talk are > actually VERY specific to my knowledge. Either being 25 for SMTP or 110 > for POP. Keep in mind that the random numbered ports are on the ORIGIN > end not the destination. In other words Your machien/server would > connect with a source port of #### but the destination port on the > receiving host is always 25 or 110 for email. Some goes with FTP and > Telnet. In truth it is pretty much the same for ANY port based service > short of filesharing and gaming. > Thanks for this. Yes, I understand what is basically going on with respect to which ports are used. My concern though is that if we block incoming non-privileged source ports then are we not, in effect, blocking services from working correctly. If we block connections from source port 2222, and some external mail server tries to send us mail using that port - the destination port will be 25, but the source 2222 - then the mail transfer will fail won't it? Regards, John. ------------------------------------------------------------------------ John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] PGP key available from public key servers
