Security Incidents mailing list archives

RE: Is it possible to derease gradually the number of Client port (add up time table) ?

From: "Rob Shein" <shoten () starpower net>
Date: Wed, 10 Mar 2004 12:12:25 -0500

I see what you're referring to now; indeed, they are decrementing.  Is this
traffic to a listening port; in other words, are these undesired network
probes that are being blocked, or is this valid traffic?

As for why client ports have to change, the answer is simple; if the client
were to use the same source port every time, it would only be able to make
one connection at a time, and every application would have to cooperate to
make sure that they knew which one was talking at any point in time.  By
incrementing source ports, applications need not be aware of each other to
avoid trying to use the same port at the same time, and they can all
establish multiple simultaneous connections (like a web browser does) as
needed.

-----Original Message-----
From: Todd Jang [mailto:dhwinner () coponet com] 
Sent: Tuesday, March 09, 2004 10:41 PM
To: Rob Shein; incident
Cc: leehong () coponet com
Subject: RE: Is it possible to derease gradually the number 
of Client port (add up time table) ?


I add up time table below logs which are blocked.
I dimly remember. someone said the reason decreased port 
number may be a specific of O.S or application's logic 
operated in client. Is there any reason Why The port number 
always has to increase ? 
 

Feb 13 07:07:14 fw21_out FI b en0   tcp x.x.235.25 19247   
x.x.100.201 1018
Feb 13 07:07:47 fw21_out FI b en0   tcp x.x.235.25 19246   
x.x.100.201 1018
Feb 13 07:07:53 fw21_out FI b en0   tcp x.x.235.25 19246   
x.x.100.201 1018
Feb 13 07:08:05 fw21_out FI b en0   tcp x.x.235.25 19246   
x.x.100.201 1018
Feb 13 07:08:29 fw21_out FI b en0   tcp x.x.235.25 19246   
x.x.100.201 1018
Feb 13 07:09:03 fw21_out FI b en0   tcp x.x.235.25 19245   
x.x.100.201 1018
Feb 13 07:09:09 fw21_out FI b en0   tcp x.x.235.25 19245   
x.x.100.201 1018
Feb 13 07:09:21 fw21_out FI b en0   tcp x.x.235.25 19245   
x.x.100.201 1018
Feb 13 07:09:45 fw21_out FI b en0   tcp x.x.235.25 19245   
x.x.100.201 1018
Feb 13 07:10:19 fw21_out FI b en0   tcp x.x.235.25 19244   
x.x.100.201 1018
Feb 13 07:10:25 fw21_out FI b en0   tcp x.x.235.25 19244   
x.x.100.201 1018
Feb 13 07:10:37 fw21_out FI b en0   tcp x.x.235.25 19244   
x.x.100.201 1018
Feb 13 07:11:01 fw21_out FI b en0   tcp x.x.235.25 19244   
x.x.100.201 1018
Feb 13 07:11:35 fw21_out FI b en0   tcp x.x.235.25 19243   
x.x.100.201 1018
Feb 13 07:11:41 fw21_out FI b en0   tcp x.x.235.25 19243   
x.x.100.201 1018
 



-----Original Message-----
From: Rob Shein [mailto:shoten () starpower net]
Sent: Wednesday, March 10, 2004 3:17 AM
To: 'toddjang'; incidents () securityfocus com
Cc: dhwinner () coponet com
Subject: RE: Is it possible to derease gradually the number 
of Client port ?


I don't see time information; are you sure the number is 
decreasing?  If you're looking at it in the wrong order, it 
may actually be increasing, which is normal.

-----Original Message-----
From: toddjang [mailto:toddjang () whitewindow net]
Sent: Tuesday, March 09, 2004 2:45 AM
To: incidents () securityfocus com
Cc: dhwinner () coponet com
Subject: Is it possible to derease gradually the number of 
Client port ?


As you look the log format below,
As gradually decreased the number of client port and trying
to connect 
continually to destination. I"ve never seen before. 
Is it possible to decrease gradually the client port numner ? 
or bad traffic ?

Feb 16 x.x.235.25,15040 -&gt; x.x.100.201,1018 len 20 44 -S Feb 16 
x.x.235.25,15039 -&gt; x.x.100.201,1018 len 20 44 -S Feb 16 
x.x.235.25,15039 -&gt; x.x.100.201,1018 len 20 44 -S Feb 16 
x.x.235.25,15039 -&gt; x.x.100.201,1018 len 20 44 -S Feb 16 
x.x.235.25,15039 -&gt; x.x.100.201,1018 len 20 44 -S Feb 16 
x.x.235.25,15038 -&gt; x.x.100.201,1018 len 20 44 -S

.....abbreviation

below....


thanks.


_________________________________
coponet. sert - todd jang
security emergency response team

 _________________________________



---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------

Current thread:

Is it possible to derease gradually the number of Client port ? toddjang (Mar 09)
- RE: Is it possible to derease gradually the number of Client port ? Rob Shein (Mar 09)
  - RE: Is it possible to derease gradually the number of Client port (add up time table) ? Todd Jang (Mar 10)
    - RE: Is it possible to derease gradually the number of Client port (add up time table) ? Rob Shein (Mar 10)
    - Re: Is it possible to derease gradually the number of Client port (add up time table) ? Lionel Ferette (Mar 10)
    - Re: Is it possible to derease gradually the number of Client port (add up time table) ? Frank Knobbe (Mar 11)
    - Re: Is it possible to derease gradually the number of Client port (add up time table) ? Ben Timby (Mar 11)