Firewalls: Ports 1417-1420

Firewalls
(November 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Ports 1417-1420
From:	Dave Glosser <daveg @ interport . net>
Date:	Wed, 27 Nov 1996 20:22:02 -0500 (EST)
To:	firewalls @ greatcircle . com

Morningstar Packet Filter. I blocked ports 1417-1420
since they are used by Timbuktu. (A program to remotely
control another computer).  Our users are on Macs
running Netscape 2.0 or 2.1. Suddenly the following messages
appear in the syslog:



Nov 25 12:13:51 Psi-Gateway frd[11]: tcp 149.xx.xx.xx/1418 ->
204.71.177.68/www
 44 syn !pass (30)
Nov 25 12:13:53 Psi-Gateway frd[11]: tcp 149.xx.xx.xx4/1419 ->
204.71.177.68/www
 44 syn !pass (30)
Nov 25 12:16:27 Psi-Gateway frd[11]: tcp 149.xx.x.xxx/1417 ->
204.162.96.34/www
44 syn !pass (30)
Nov 25 12:16:27 Psi-Gateway frd[11]: tcp 149.xx.x.xxx/1418 ->
204.162.96.34/www
44 syn !pass (30)
Nov 25 12:16:28 Psi-Gateway frd[11]: tcp 149.xx.x.xxx/1419 ->
204.162.96.34/www
44 syn !pass (30)
Nov 25 12:16:30 Psi-Gateway frd[11]: tcp 149.xx.x.xxx/1417 ->
204.162.96.34/www
44 syn !pass (30)
Nov 25 12:16:30 Psi-Gateway frd[11]: tcp 149.xx.x.xxx/1418 ->
204.162.96.34/www

149.xx is our subnet. The other sites listed are known sites such as
yahoo, cnn, netscape, etc. What kind of information is sent over those
ports?  Ports 1417-1420 are listed in the IANA as assigned to TB2. Can
Netscape be using these ports? Any information is appreciated.
I'll summarize.
Thanks, 
David Glosser
daveg @
 interport .
 net

Follow-Ups:

Re: Ports 1417-1420
From: lists @ lina . inka . de (Bernd Eckenfels)

Indexed By Date	Previous:	FW-1 Authentication with SecurID From: "Steve M. Dussault" <steve @ awuwi . mv . com>
Indexed By Date	Next:	FW-1 for ISP's From: felipe @ pty . com (Ing. Felipe Tribaldos)
Indexed By Thread	Previous:	FW-1 Authentication with SecurID From: "Steve M. Dussault" <steve @ awuwi . mv . com>
Indexed By Thread	Next:	Re: Ports 1417-1420 From: lists @ lina . inka . de (Bernd Eckenfels)