[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSEFirewall doesn't work?



Markus A. Radner wrote:
> If you
> take a look at the following entry of my log file you will see that someone 
> from source port 80 is connecting to (or trying to?) my local port 1077. So I 
> am curious. Which software is running there, or at any other (high) port of 
> interest? Is there any way to find out? (OK, I know that there's a list of 
> ports and protocolls for low ports in /etc/protocolls; but what about higher 
> ports?)
> 
> SuSE-FW-ACCEPT IN=eth0 OUT= MAC=00:a0:d1:d5:b4:3c:00:09:5b:a8:3e:c0:08:00 
> SRC=64.151.x.x DST=192.168.0.2
>  LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=2083 PROTO=TCP SPT=80 DPT=1077 
> WINDOW=7504 RES=0x00 ACK URGP=0 OPT (0101080A91D5DF560015679A)

Again, this is the *answer* from the http server at 64.151.x.x, port 80.
Basically (most times), tcp/udp services accept connections on low ports
(<1024), and clients connect to these services using high ports (>1024).
Return packets use the same connection (ports).

Robbert

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here