Nmap Announce mailing list archives
Re: Intrusion detection question.
From: Tomi Ollila <Tomi.Ollila () tfi net>
Date: Thu, 10 Feb 2000 12:54:51 +0200 (EET)
Feb 10 09:51:15 +0100 2000 Michel Arboi <arboi () bigfoot com> wrote:
A couple of ideas: - are there different allocation algorithms for source ports? e.g., first free port above 1023, or random free port above 1023...
It would be nice is Linux IP masquerading code would allocate the ports from the same space than normal connections originating from the box. (maybe some trickery needed to make everything behave well but anyway). But since Linux 2.4.x will use Netfilter which offers more sophisticated NAT features than the current Linux 2.2 masquerading code I doupt any change will be developed for "current" code. It is pretty easy th change the port range from 61000-65000 from ip masquerading code in Linux sources. Maybe just the #defines that sets the range is enough to do the change (better to check that nothing else breaks...)
- when will a TCP port be reused once the connection is closed?
In ip masquerading code I think it works pretty much the same as normal port allocation scheme. I think the port counter wraps when it hits the upper limit and it always checks whether the wanted 5-tuple (source ip, port - destination ip, port - protocol) is already used and takes the port that satisfies a non-used tuple.
mailto:arboi () bigfoot com http://www.bigfoot.com/~arboi/
Tomi
Current thread:
- Intrusion detection question. Daniel Swan (Feb 09)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
- Re: Intrusion detection question. Jose Nazario (Feb 10)
- fooling nmap Bep Verberk (Feb 10)
- Re: fooling nmap Lance Spitzner (Feb 10)
- Re: fooling nmap CyberPsychotic (Feb 11)
- Re: fooling nmap Vanja Hrustic (Feb 11)
- Re: fooling nmap The Cyberiad (Feb 11)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
- Re: Intrusion detection question. Tomi Ollila (Feb 10)
- Re: Intrusion detection question. Michel Arboi (Feb 14)
- Re: Intrusion detection question. Tomi Ollila (Feb 21)