All, I have googled and searched all over the internet to find a repository of common ports. Its possible I overlooked it, but can someone point me in the right direction. Let me clarify my question before everyone starts pointing me towards /etc/services. I am looking for a document/set of documents that give the following type of information: + Standard services + SSH Incoming 22 tcp - High ports for the connection + HTTP Incoming 80 tcp + DNS Requests 53 tcp - zone x-fers 53 udp - zone x-fers 53 tcp - zone x-fers high port tcp ... + AIM + connection outgoing 5190 tcp + Talk port(s) (voice) ??? tcp + File Transfer Port(s) ??? tcp + IRC + Connection Port 6667 tcp Etc. I think you all get the idea. The goal of the question is to be able to open up a firewall for just DNS with zone transfers to a machine or just allow AIM connection to some machines and talking (voice) to other machines. I understand that some of this can be accomplished with tcp_wrappers and other such useful items as well, but I want to know the iptables portion. Thanks in advance. -- Eric Lubow Guardian Digital Inc. http://www.guardiandigital.com/
http://www.iana.org/assignments/port-numbers On Wed, 5 Feb 2003 08:41:05 -0500 (EST) "Eric B. Lubow" <eric@guardiandigital.com> opened up to us and said:> All, > > I have googled and searched all over the internet to find a > repository > of common ports. Its possible I overlooked it, but can someone point > me in the right direction. Let me clarify my question before everyone > starts pointing me towards /etc/services. > > I am looking for a document/set of documents that give the > following > type of information: > > + Standard services > + SSH Incoming 22 tcp > - High ports for the connection > + HTTP Incoming 80 tcp > + DNS Requests 53 tcp > - zone x-fers 53 udp > - zone x-fers 53 tcp > - zone x-fers high port tcp > ... > + AIM > + connection outgoing 5190 tcp > + Talk port(s) (voice) ??? tcp > + File Transfer Port(s) ??? tcp > + IRC > + Connection Port 6667 tcp > > Etc. I think you all get the idea. The goal of the question is to > be > able to open up a firewall for just DNS with zone transfers to a > machine or just allow AIM connection to some machines and talking > (voice) to other machines. I understand that some of this can be > accomplished with tcp_wrappers and other such useful items as well, > but I want to know the iptables portion. Thanks in advance. > > -- > Eric Lubow > Guardian Digital Inc. > http://www.guardiandigital.com/ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users-- Paul Slinski System Administrator Global IQX http://www.globaliqx.com/ pauls@globaliqx.com
--On Wednesday, February 05, 2003 8:41 AM -0500 "Eric B. Lubow" <eric@guardiandigital.com> wrote:> All, > > I have googled and searched all over the internet to find a repository > of common ports. Its possible I overlooked it, but can someone point me > in the right direction. Let me clarify my question before everyone starts > pointing me towards /etc/services. >The common ones are listed at http://www.shorewall.net/ports.htm with references to other sources. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Actually I did find the IANA repository. It is just not enough of what I need. I have sat around with tcpdump many times and that is just entirely too tedious a way to obtain all ther information I am attempting to obtain. I want to keep it for just the reasons that you have stated below. I was to be able to say ALLOW users in 192.168.1.0/24 to access Kazaa and allow the users in the 10.10.10.0/24 network to access everything. Allow for DNS queries to 192.168.1.1 and zone transfers to 192.168.2.0/24. Those are the types of concepts I am shooting for. It is a long time from realizing that goal, however, a major part of it is finding out which services use which ports and which protocols. This is especially true because M$ doesn''t list many of the port requirements necessary run many of their apps. ie, It took me a bit of time to get NetMeeting to work through the firewall because I didn''t know that it required 5000 high UDP ports on top of the control port. I initially assumed, obviously incorrectly, that it would be considered an ESTABLISHED connection once it dropped from the control port (in the same manner as SSH might). Hence the reasoning for looking for all this information. So, if someone has a list of all this information, which ports Kazaa, Bearshare, WinMX, AIM, NetMeeting ... and the list goes on ... I would really appreciate being pointed in that direction. Thanks. -- Eric Lubow Guardian Digital Inc. http://www.guardiandigital.com/ On Wed, 5 Feb 2003 mike808@users.sourceforge.net wrote:> "Eric B. Lubow" <eric@guardiandigital.com> writes: > > I have googled and searched all over the internet to find a repository > > of common ports. Its possible I overlooked it, but can someone point me > > in the right direction. Let me clarify my question before everyone starts > > pointing me towards /etc/services. > > I suppose you did not find the IANA repository. I did by googling on: > "IANA common tcp udp port assignments" > > http://www.iana.org/assignments/port-numbers > > Then there''s also this hyperlinked resource with additional detail on > common usages. > > http://www.networksorcery.com/enp/protocol/ip/ports00000.htm > > That said, there is no obligation on the part of application developers > to actually heed any published standards and practices to be generally > followed in the IANA publication. Obviously, applications with unknown and > possibly nefarious purposes in mind will use assigned and documented ports > in obscure and non-standard ways, or will use unassigned ports in > an undocumented manner. > > And usually, what you want in /etc/services should be limited only > to the services your system consumes or produces. The reason is that this > file is used to obtain a port number based on the service name, a common > coding technique. If your machine does not use telnet, for example, there > is no need for your /etc/services file to define the mapping of the > "telnet" service to the standard port 23, thus increasing the chance that > an unauthorized or unknown use of that system function (get service by name) > will fail. > > You may want to keep a copy of the IANA file somewhere as a reference, > and a supplemental file with new information you find along the way. > I use them to cross reference the Shorewall logs with SRC and DST ports, > and then track down the stragglers, adding them to the supplemental file. > Usually it''s an attempt by the latest P2P or Windows MSTD virus making the > rounds to infect my network. > > Mike808/ > > --------------------------------------------- > http://www.valuenet.net > >
Here''s a good one: http://www.blackcode.com/trojans/ports.php -- Christopher Barry Manager of Information Systems InfiniCon Systems http://www.infiniconsys.com office: 610.233.4747 direct: 610.233.4870 cell: 267.879.8321 -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Wednesday, February 05, 2003 10:17 AM To: shorewall-users@lists.shorewall.net Subject: Re: [Shorewall-users] Search for a port repository --On Wednesday, February 05, 2003 8:41 AM -0500 "Eric B. Lubow" <eric@guardiandigital.com> wrote:> All, > > I have googled and searched all over the internet to find a repository > of common ports. Its possible I overlooked it, but can someone point me > in the right direction. Let me clarify my question before everyone starts > pointing me towards /etc/services. >The common ones are listed at http://www.shorewall.net/ports.htm with references to other sources. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.shorewall.net http://lists.shorewall.net/mailman/listinfo/shorewall-users
And one more with mucho-info as well: http://www.linux-firewall-tools.com/linux/ On Wed, 5 Feb 2003 14:49:29 -0500 "Barry, Christopher" <cbarry@infiniconsys.com> opened up to us and said:> Here''s a good one: > http://www.blackcode.com/trojans/ports.php > > -- > Christopher Barry > Manager of Information Systems > InfiniCon Systems > http://www.infiniconsys.com > office: 610.233.4747 > direct: 610.233.4870 > cell: 267.879.8321 > > > -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Wednesday, February 05, 2003 10:17 AM > To: shorewall-users@lists.shorewall.net > Subject: Re: [Shorewall-users] Search for a port repository > > > > > --On Wednesday, February 05, 2003 8:41 AM -0500 "Eric B. Lubow" > <eric@guardiandigital.com> wrote: > > > All, > > > > I have googled and searched all over the internet to find a > > repository > > of common ports. Its possible I overlooked it, but can someone > > point me in the right direction. Let me clarify my question before > > everyone starts pointing me towards /etc/services. > > > > The common ones are listed at http://www.shorewall.net/ports.htm with > references to other sources. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://www.shorewall.net > Washington USA \ teastep@shorewall.net > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users-- Paul Slinski System Administrator Global IQX http://www.globaliqx.com/ pauls@globaliqx.com