Security Incidents mailing list archives

Re: Port 65535

From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Sat, 4 Mar 2000 18:14:17 +0100


On Thu, 2 Mar 2000, Murray, Mike wrote:

Feb 29 07:12:25 firepower kernel: Packet log: private1 DENY eth0 PROTO=6
192.115.221.125:65535 207.245.232.127:65535 L=28 S=0x00 I=15817 F=0x00B8 T=47
(#7)


This is a fragment (F stands for fragment offset). ipchains leave port
numbers equal to (u_short)(-1) if the fragment does not include a
(complete) TCP/UDP header.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Current thread:

Re: auto-reporting to ISPs, (continued)
- - - Re: auto-reporting to ISPs Greg A. Woods (Mar 02)
    - Re: auto-reporting to ISPs Rasmus Andersson (Mar 02)
    - CNET Hackers hit e-commerce site Vincent Lee (Mar 02)
    - UDP Probes (?) from port 28432 to 28431 ? Xander Jansen (Mar 04)
    - Re: UDP Probes (?) from port 28432 to 28431 ? Alexander Schreiber (Mar 07)
    - UDP Probes (?) from port 28432 to 28431 ? Klaus Moeller (Mar 07)
    - Re: UDP Probes (?) from port 28432 to 28431 ? Xander Jansen (Mar 09)
    - Re: CNET Hackers hit e-commerce site Chris Davis (Mar 04)
    - Port 65535 Murray, Mike (Mar 02)
    - @home: Is *anyone* really home there??? (fwd) Light Of Day (Mar 04)
    - Re: Port 65535 Pavel Kankovsky (Mar 04)
    - Re: Port 65535 Murray, Mike (Mar 04)
    - Re: Port 65535 Richard Bejtlich (Mar 04)
    - Re: Port 65535 Keith Pachulski (Mar 06)
    - Re: auto-reporting to ISPs wozz () LUVEWE BONCH ORG (Mar 02)
    - Re: auto-reporting to ISPs Stuart Staniford-Chen (Mar 06)
  - Re: @home: Is *anyone* really home there??? Wozz (Feb 29)
- Re: @home: Is *anyone* really home there??? Erick Brockway (Feb 29)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Feb 29)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Feb 29)
- Re: @home: Is *anyone* really home there??? Rob Quinn (Mar 01)

(Thread continues...)