Security Basics mailing list archives

Re: TCP/IP Port Security

From: Kurt <kryptology () gmail com>
Date: Wed, 19 Oct 2005 00:17:45 -0400

Shot in the dark, but you could try using snort to profile your
existing network traffic and catalogue it in a smarter way than just
reviewing ethereal output, but maybe you could whip up a smart way to
do it that would work for you.  Lots of cool projects out there that
might help like http://www.snort.org/dl/contrib/patches/snort-perl/ or
http://www.chaotic.org/guardian/

It is probably much easier to list just the ports/protocols/signatures
you allow on the network, and then ban everything else. No need to
worry about the dynamic nature of X11 if you don't have it on your
network.

Good luck!

-----Original Message-----
From: rchdynasty () msn com [mailto:rchdynasty () msn com]
Sent: Tuesday, October 18, 2005 10:20 AM
To: security-basics () securityfocus com
Subject: TCP/IP Port Security

My company is currently looking to develop a port registry and cataloging
process. All TCP ports will be required to be cataloged (Dynamic or
Private/Registered/Well Known). All platforms will be addressed since we use
various platforms.
My question is what would be the most effect way to develop this process.
I'm also looking for websites for reference.

Current thread:

TCP/IP Port Security rchdynasty (Oct 18)
- Re: TCP/IP Port Security Jay Taylor (Oct 18)
- RE: TCP/IP Port Security Burton Strauss (Oct 18)
  - Re: TCP/IP Port Security Kurt (Oct 21)
- Re: TCP/IP Port Security ilaiy (Oct 18)
- Re: TCP/IP Port Security Alloishus BeauMains (Oct 18)