![]() ![]() These ports showed in the terminal seem not open I'll do some checks on my own later but I also would like to hear some points related to it. For the 2,500 open udp ports, if the server sends out a UDP packet, will the system only use one of them as the ephemeral port?.Are these ports available for all NICs permanently? or if some socket is used for some service, this port is used specifically for that NIC. But from the output, we can see that windows also provide port for that is shared for all NICs. Usually different interfaces have different ports which means if NIC A and NIC B both have port C open, then, A's C and B's are different things.Right now, I have the following questions: However, it doesn't have LISTENING but I guess it's open in this case. Thus, it's a socket waiting to be connected. The first *, in *:*, means connections can come from any IP address, and the second *, in *:*, means the connection can originate from any port on the remote machine. The total amount is about 2k.įrom spec 0.0.0.0 means the port is listening on all interfaces. This is just part of what my terminal showed. I had never heard of that before so I did some checking in my own environment and found out this: Thus, if some ephemeral port is used within 2500 open UDP ports, it'll be difficult for attack to be able to know which port is used since they are all open. Your choice will depend upon your load, your budget and your personal preference.I chatted with one PhD student in my group and he told me that Windows has 2,500 open UDP ports. for a excellent firewall for free - you supply the hardware. You can create your own firewall box with ISA as mentioned above, or you may want to save some money and go with a linux based firewall. ![]() There are many of the shelf firewall devices available, some are great, some are not so good. ISA does fairly well if you move it to a dedicated machine with two network cards, but not worth the expense.Ī separate device to act as a firewall is a good idea. MS does offer some other options with W2K, IPSec policies and RRAS or ISA server, neither of which is much of an improvement. Not really as secure as they would make it out to be. ![]() If you really just want to batten down a few ports, you could set up TCP/IP filetering. The fact that you are worried would indicate that you are concerned about security is a good thing, just somewhat misguided at this point. The point was, port 500 is not a big security risk. RE: NETSTAT and UDP Port 500 gregfranklin (MIS) Probably not something to worry about unless you see connections to other ports from the same address at or near the same time. What you are seeing is probably the result of a connection or an attempted connection to a site that is setup to use IPSec in some form. There are several ways to trigger an attempted key negotiation without knowing it. In other words, the key exchange that takes place on UDP 500 is not limited to VPNs. Even if you unknowly attempt to connect to the port with no intention of a secure connection it will still attempt the key exchange irregardless of the client OS. predamarcel assumed that since you posted in a linux forum that you were indeed running linux, and as such if you were to type 'socklist' at a # prompt you would see a list of ports in use with information about the process that was using each port.Īnother scenario is if you or the remote site are using W2K withĪ connection to any port configured with one of the two above rules you result in attempted key exchange and the hit in the logs. You don't need to know anything about Perl scripts (although if you are running linux, you might find it interesting and useful). ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |