Security Incidents mailing list archives
RE: Is it possible to derease gradually the number of Client port (add up time table) ?
From: "Rob Shein" <shoten () starpower net>
Date: Wed, 10 Mar 2004 12:12:25 -0500
I see what you're referring to now; indeed, they are decrementing. Is this traffic to a listening port; in other words, are these undesired network probes that are being blocked, or is this valid traffic? As for why client ports have to change, the answer is simple; if the client were to use the same source port every time, it would only be able to make one connection at a time, and every application would have to cooperate to make sure that they knew which one was talking at any point in time. By incrementing source ports, applications need not be aware of each other to avoid trying to use the same port at the same time, and they can all establish multiple simultaneous connections (like a web browser does) as needed.
-----Original Message----- From: Todd Jang [mailto:dhwinner () coponet com] Sent: Tuesday, March 09, 2004 10:41 PM To: Rob Shein; incident Cc: leehong () coponet com Subject: RE: Is it possible to derease gradually the number of Client port (add up time table) ? I add up time table below logs which are blocked. I dimly remember. someone said the reason decreased port number may be a specific of O.S or application's logic operated in client. Is there any reason Why The port number always has to increase ? Feb 13 07:07:14 fw21_out FI b en0 tcp x.x.235.25 19247 x.x.100.201 1018 Feb 13 07:07:47 fw21_out FI b en0 tcp x.x.235.25 19246 x.x.100.201 1018 Feb 13 07:07:53 fw21_out FI b en0 tcp x.x.235.25 19246 x.x.100.201 1018 Feb 13 07:08:05 fw21_out FI b en0 tcp x.x.235.25 19246 x.x.100.201 1018 Feb 13 07:08:29 fw21_out FI b en0 tcp x.x.235.25 19246 x.x.100.201 1018 Feb 13 07:09:03 fw21_out FI b en0 tcp x.x.235.25 19245 x.x.100.201 1018 Feb 13 07:09:09 fw21_out FI b en0 tcp x.x.235.25 19245 x.x.100.201 1018 Feb 13 07:09:21 fw21_out FI b en0 tcp x.x.235.25 19245 x.x.100.201 1018 Feb 13 07:09:45 fw21_out FI b en0 tcp x.x.235.25 19245 x.x.100.201 1018 Feb 13 07:10:19 fw21_out FI b en0 tcp x.x.235.25 19244 x.x.100.201 1018 Feb 13 07:10:25 fw21_out FI b en0 tcp x.x.235.25 19244 x.x.100.201 1018 Feb 13 07:10:37 fw21_out FI b en0 tcp x.x.235.25 19244 x.x.100.201 1018 Feb 13 07:11:01 fw21_out FI b en0 tcp x.x.235.25 19244 x.x.100.201 1018 Feb 13 07:11:35 fw21_out FI b en0 tcp x.x.235.25 19243 x.x.100.201 1018 Feb 13 07:11:41 fw21_out FI b en0 tcp x.x.235.25 19243 x.x.100.201 1018 -----Original Message----- From: Rob Shein [mailto:shoten () starpower net] Sent: Wednesday, March 10, 2004 3:17 AM To: 'toddjang'; incidents () securityfocus com Cc: dhwinner () coponet com Subject: RE: Is it possible to derease gradually the number of Client port ? I don't see time information; are you sure the number is decreasing? If you're looking at it in the wrong order, it may actually be increasing, which is normal.-----Original Message----- From: toddjang [mailto:toddjang () whitewindow net] Sent: Tuesday, March 09, 2004 2:45 AM To: incidents () securityfocus com Cc: dhwinner () coponet com Subject: Is it possible to derease gradually the number of Client port ? As you look the log format below, As gradually decreased the number of client port and trying to connect continually to destination. I"ve never seen before. Is it possible to decrease gradually the client port numner ? or bad traffic ? Feb 16 x.x.235.25,15040 -> x.x.100.201,1018 len 20 44 -S Feb 16 x.x.235.25,15039 -> x.x.100.201,1018 len 20 44 -S Feb 16 x.x.235.25,15039 -> x.x.100.201,1018 len 20 44 -S Feb 16 x.x.235.25,15039 -> x.x.100.201,1018 len 20 44 -S Feb 16 x.x.235.25,15039 -> x.x.100.201,1018 len 20 44 -S Feb 16 x.x.235.25,15038 -> x.x.100.201,1018 len 20 44 -S.....abbreviationbelow.... thanks. _________________________________ coponet. sert - todd jang security emergency response team_________________________________
--------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_incidents_040301 ----------------------------------------------------------------------------
Current thread:
- Is it possible to derease gradually the number of Client port ? toddjang (Mar 09)
- RE: Is it possible to derease gradually the number of Client port ? Rob Shein (Mar 09)
- RE: Is it possible to derease gradually the number of Client port (add up time table) ? Todd Jang (Mar 10)
- RE: Is it possible to derease gradually the number of Client port (add up time table) ? Rob Shein (Mar 10)
- Re: Is it possible to derease gradually the number of Client port (add up time table) ? Lionel Ferette (Mar 10)
- Re: Is it possible to derease gradually the number of Client port (add up time table) ? Frank Knobbe (Mar 11)
- Re: Is it possible to derease gradually the number of Client port (add up time table) ? Ben Timby (Mar 11)
- RE: Is it possible to derease gradually the number of Client port (add up time table) ? Todd Jang (Mar 10)
- RE: Is it possible to derease gradually the number of Client port ? Rob Shein (Mar 09)