Security Incidents mailing list archives
Re: Is it possible to derease gradually the number of Client port (add up time table) ?
From: Lionel Ferette <lionel.ferette () belnet be>
Date: Wed, 10 Mar 2004 18:08:50 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Todd, List, In the wise words of Todd Jang, on Wednesday 10 March 2004 04:41:
I add up time table below logs which are blocked. I dimly remember. someone said the reason decreased port number may be a specific of O.S or application's logic operated in client. Is there any reason Why The port number always has to increase ?
[SNIP Log] Well, before you connect() to a socket, you can use bind() to request specific characteristics, like for example a specific IP address to use (useful in case of multi-homed hosts) or a port number. If the port number is specified, and if it is still free, the OS usually grants that port. If the port number is left unspecified, the OS chooses a free port, and these usually come in increasing order. So if the guy who wrote the scanner implemented a reverse loop to acquire ports, that can account for the behavior seen in your logs. Might be to evade some IDS rules that check for connections with increasing port numbers... HTH, Lionel - -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin Lionel Ferette BELNET CERT Coordinator Rue de la Science 4 Tel: +32 2 7903333 1000 Brussels Fax: +32 2 7903335 Belgium PGP Key Id: 0x5662FD4B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAT0uqDd3gqVZi/UsRAngWAKCixW6zYjLefYPEVBa7o9n+1AMSiACdHOhI 67vyuR0J1wqgC4L58IqDC5A= =afed -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_incidents_040301 ----------------------------------------------------------------------------
Current thread:
- Is it possible to derease gradually the number of Client port ? toddjang (Mar 09)
- RE: Is it possible to derease gradually the number of Client port ? Rob Shein (Mar 09)
- RE: Is it possible to derease gradually the number of Client port (add up time table) ? Todd Jang (Mar 10)
- RE: Is it possible to derease gradually the number of Client port (add up time table) ? Rob Shein (Mar 10)
- Re: Is it possible to derease gradually the number of Client port (add up time table) ? Lionel Ferette (Mar 10)
- Re: Is it possible to derease gradually the number of Client port (add up time table) ? Frank Knobbe (Mar 11)
- Re: Is it possible to derease gradually the number of Client port (add up time table) ? Ben Timby (Mar 11)
- RE: Is it possible to derease gradually the number of Client port (add up time table) ? Todd Jang (Mar 10)
- RE: Is it possible to derease gradually the number of Client port ? Rob Shein (Mar 09)