On 13 Jul 95 at 13:00, firewalls @
greatcircle .
com wrote:
Hello Firewallers!
>
Quoting myself...
> From time to time I analyze the logged packet filter denies from our
> firewall. Most denies are clear, but some hosts from the outside try
> strange UDP and TCP port numbers.
>
> Does anyone have a recent list of well-known services for TCP and UDP
> ports? Where can I obtain it?
Thanks for the responses. I had a services list from different books
like the one from Cheswick/Bellovin, but some tips of you made it
feasable for me to extend this list:
RFC 1700
strobe.services from the program strobe by Julian Assange
(ftp://suburbia.net/pub/strobe.tgz)
I found out that most denied packets are ftp data connections (tcp
src gt 1023 dst gt 1023) used by the Netscape WWW browser. This seems to
be a dangerous fact: browsers like Mosaic use the assigned ftp-data
channel, but Netscape uses non-privileged ports nearly at random. Of
course, some of the services found in strobe.services or RFC1700 are
perfectly overridden ;-)
Any ideas, how to handle ftp from WWW-browsers (except from removing
the ftp-gateway pages)?
Greetings,
Frank
--
***** The expressed opinions are totally mine! *****
Frank M. Heinzius MMS Communication GmbH
frimp @
mms-gmbh .
de Eiffestrasse 598
Phone: +49 40 2111105-0 Fax: +49 40 210 32 210
|
|
