From owner-freebsd-questions Sun Aug 1 21:59:21 1999 Delivered-To: freebsd-questions@freebsd.org Received: from froggy.anchorage.ptialaska.net (froggy.anchorage.ptialaska.net [208.151.119.238]) by hub.freebsd.org (Postfix) with ESMTP id B8F8414EAA for ; Sun, 1 Aug 1999 21:59:14 -0700 (PDT) (envelope-from groggy@iname.com) Received: from froggy.anchorage.ptialaska.net (localhost [127.0.0.1]) by froggy.anchorage.ptialaska.net (8.8.8/8.8.8) with SMTP id VAA23461 for ; Sun, 1 Aug 1999 21:03:21 -0800 (AKDT) (envelope-from groggy@iname.com) Date: Sun, 1 Aug 1999 21:03:21 -0800 (AKDT) From: Steve Howe X-Sender: root@froggy.anchorage.ptialaska.net To: freebsd-questions Subject: Re: unknown ports Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >> i'm analyzing some ppp tcp/ip logs, and i see some >> source/destination pairs without any well known ports >> (from an ftp to ftp.cdrom.com) intermixed with the >> normal ftp sequences ... >> >> what does this mean, and should they be permitted? >> if so, how? since none of the ports are well known? >> >> ie: >> >> 111.111.111.111:1464 -> 222.222.222.222:6345 >According to http://www.isi.edu/in-notes/iana/assignments/port-numbers: >msl_lmd 1464/tcp MSL License Manager >msl_lmd 1464/udp MSL License Manager > 6345 is in all likelihood simply the random port on the local machine >that service connected to. However it's almost impossible to tell >anything more without the real IP numbers, and I have no idea what >ftp.cdrom.com has to do with your example. darn, i was hoping you wouldn't be SO good! these are the actual numbers .... ps. and why is a local net address sneaking out tun0? it is a dialup IP # that should be aliased. everything seems to be working OK otherwise ... no filters are in place with this log. tun0=ISP link ... this is FBSD 2.2.8, and the latest PPP from awfulhak.org. (123.123.123.123 is fictitious to protect the innocent :) tun0: IN TCP: 209.155.82.18:5715 123.123.123.123:1069 tun0: IN TCP: 209.155.82.18:5722 123.123.123.123:1070 tun0: IN TCP: 209.155.82.18:5849 192.168.0.5:1140 tun0: IN TCP: 209.155.82.18:5860 192.168.0.5:1141 tun0: IN TCP: 209.155.82.18:5872 123.123.123.123:1075 tun0: IN TCP: 209.155.82.18:5949 123.123.123.123:1078 tun0: IN TCP: 209.155.82.18:6064 123.123.123.123:1081 tun0: IN TCP: 209.155.82.18:6077 123.123.123.123:1082 tun0: IN TCP: 209.155.82.18:6094 192.168.0.5:1148 tun0: IN TCP: 209.155.82.18:6125 192.168.0.5:1149 tun0: IN TCP: 209.155.82.18:6258 123.123.123.123:1087 tun0: IN TCP: 209.155.82.18:6275 123.123.123.123:1090 tun0: IN TCP: 209.155.82.18:6304 192.168.0.5:1153 tun0: IN TCP: 209.155.82.18:6334 123.123.123.123:1096 tun0: IN TCP: 209.155.82.18:6348 123.123.123.123:1097 tun0: IN TCP: 209.155.82.18:6362 192.168.0.5:1157 tun0: IN TCP: 209.155.82.18:6397 123.123.123.123:1101 tun0: IN TCP: 209.155.82.18:6512 123.123.123.123:1108 tun0: IN TCP: 209.155.82.18:6524 123.123.123.123:1109 tun0: IN TCP: 209.155.82.18:6606 123.123.123.123:1113 tun0: IN TCP: 209.155.82.18:6680 192.168.0.5:1161 tun0: IN TCP: 209.155.82.18:6763 123.123.123.123:1116 tun0: IN TCP: 209.155.82.18:6840 192.168.0.5:1165 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message