Hi! I have tons of drop entries in my log for TCP port 4616, coming from the (inter)net. What is this port used for? Thanks, Felix
On Wednesday 19 February 2003 15:21, Felix Ostrowski wrote:> Hi! > > I have tons of drop entries in my log for TCP port 4616, coming from the > (inter)net. What is this port used for? > > Thanks, >Felix, the file /etc/services lists all the ports numbers and the services assigned thereto. Richard
Except that 4616 isn''t in there... A better reference is at http://www.iana.org/assignments/port-numbers. Nothing there either, so I imagine the 4616 is the source port, maybe you could post an example of a dropped packet? Cheers -----Original Message----- From: Richard Atcheson [mailto:ratcheson@earthlink.net] Sent: Wednesday, February 19, 2003 2:39 PM To: shorewall-users@lists.shorewall.net Subject: Re: [Shorewall-users] TCP Port 4616 On Wednesday 19 February 2003 15:21, Felix Ostrowski wrote:> Hi! > > I have tons of drop entries in my log for TCP port 4616, coming fromthe> (inter)net. What is this port used for? > > Thanks, >Felix, the file /etc/services lists all the ports numbers and the services assigned thereto. Richard _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.shorewall.net http://lists.shorewall.net/mailman/listinfo/shorewall-users
Hi. * Jeff Oliver <jeff@bravenet.com> [2003-02-20 10:11]:> Except that 4616 isn''t in there... > > A better reference is at http://www.iana.org/assignments/port-numbers. > > Nothing there either, so I imagine the 4616 is the source port, maybe > you could post an example of a dropped packet? >Turns up as a source port for the MS-SQL worm if you do a google search for ''port 4616'' Regards, Michael> Cheers > > > > -----Original Message----- > From: Richard Atcheson [mailto:ratcheson@earthlink.net] > Sent: Wednesday, February 19, 2003 2:39 PM > To: shorewall-users@lists.shorewall.net > Subject: Re: [Shorewall-users] TCP Port 4616 > > On Wednesday 19 February 2003 15:21, Felix Ostrowski wrote: > > Hi! > > > > I have tons of drop entries in my log for TCP port 4616, coming from > the > > (inter)net. What is this port used for? > > > > Thanks, > > > Felix, the file /etc/services lists all the ports numbers and the > services > assigned thereto. > Richard > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users
Hi! I don''t know how I could miss that search result...but I did. Thanks for the /etc/services hint ;-) Felix ----- Original Message ----- From: "Michael Firkins" <michael@home.lyppard.com.au> To: <shorewall-users@lists.shorewall.net> Sent: Thursday, February 20, 2003 12:47 AM Subject: Re: [Shorewall-users] TCP Port 4616> Hi. > * Jeff Oliver <jeff@bravenet.com> [2003-02-20 10:11]: > > Except that 4616 isn''t in there... > > > > A better reference is at http://www.iana.org/assignments/port-numbers. > > > > Nothing there either, so I imagine the 4616 is the source port, maybe > > you could post an example of a dropped packet? > > > > Turns up as a source port for the MS-SQL worm if you do a google searchfor ''port> 4616'' > > Regards, > > Michael > > > Cheers > > > > > > > > -----Original Message----- > > From: Richard Atcheson [mailto:ratcheson@earthlink.net] > > Sent: Wednesday, February 19, 2003 2:39 PM > > To: shorewall-users@lists.shorewall.net > > Subject: Re: [Shorewall-users] TCP Port 4616 > > > > On Wednesday 19 February 2003 15:21, Felix Ostrowski wrote: > > > Hi! > > > > > > I have tons of drop entries in my log for TCP port 4616, coming from > > the > > > (inter)net. What is this port used for? > > > > > > Thanks, > > > > > Felix, the file /etc/services lists all the ports numbers and the > > services > > assigned thereto. > > Richard > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.shorewall.net > > http://lists.shorewall.net/mailman/listinfo/shorewall-users > > > > > > > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.shorewall.net > > http://lists.shorewall.net/mailman/listinfo/shorewall-users > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users
Hi again. The MS-SQL worm attacks on port 1433, originating from different ports. My log entries show connection attempts TO port 4616... Feb 19 03:01:22 tor kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MACSRC=80.136.128.121 DST=80.133.154.71 LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=6528 PROTO=TCP SPT=1476 DPT=4616 WINDOW=16384 RES=0x00 SYN URGP=0 The source port varies. Felix ----- Original Message ----- From: "Felix Ostrowski" <felix@filzlaus.org> To: <shorewall-users@lists.shorewall.net> Sent: Thursday, February 20, 2003 1:38 AM Subject: Re: [Shorewall-users] TCP Port 4616> Hi! > > I don''t know how I could miss that search result...but I did. > > Thanks for the /etc/services hint ;-) > > Felix > > ----- Original Message ----- > From: "Michael Firkins" <michael@home.lyppard.com.au> > To: <shorewall-users@lists.shorewall.net> > Sent: Thursday, February 20, 2003 12:47 AM > Subject: Re: [Shorewall-users] TCP Port 4616 > > > > Hi. > > * Jeff Oliver <jeff@bravenet.com> [2003-02-20 10:11]: > > > Except that 4616 isn''t in there... > > > > > > A better reference is at http://www.iana.org/assignments/port-numbers. > > > > > > Nothing there either, so I imagine the 4616 is the source port, maybe > > > you could post an example of a dropped packet? > > > > > > > Turns up as a source port for the MS-SQL worm if you do a google search > for ''port > > 4616'' > > > > Regards, > > > > Michael > > > > > Cheers > > > > > > > > > > > > -----Original Message----- > > > From: Richard Atcheson [mailto:ratcheson@earthlink.net] > > > Sent: Wednesday, February 19, 2003 2:39 PM > > > To: shorewall-users@lists.shorewall.net > > > Subject: Re: [Shorewall-users] TCP Port 4616 > > > > > > On Wednesday 19 February 2003 15:21, Felix Ostrowski wrote: > > > > Hi! > > > > > > > > I have tons of drop entries in my log for TCP port 4616, coming from > > > the > > > > (inter)net. What is this port used for? > > > > > > > > Thanks, > > > > > > > Felix, the file /etc/services lists all the ports numbers and the > > > services > > > assigned thereto. > > > Richard > > > _______________________________________________ > > > Shorewall-users mailing list > > > Shorewall-users@lists.shorewall.net > > > http://lists.shorewall.net/mailman/listinfo/shorewall-users > > > > > > > > > > > > _______________________________________________ > > > Shorewall-users mailing list > > > Shorewall-users@lists.shorewall.net > > > http://lists.shorewall.net/mailman/listinfo/shorewall-users > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.shorewall.net > > http://lists.shorewall.net/mailman/listinfo/shorewall-users > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users
Hi, I''m having trouble with OpenVPN connections when using them on ADSL at 2 firewalls. Both firewalls run Shorewall 1.3.14 :) , but I have to specify the remote point of the VPN in the tunnels file. Sadly enough, both ADSL connections might go down/switch ip, etc.. So I would like to set 1 firewall (as proposed in openvpn docs/faq at their website) to accept connections on UDP 5000 (or whatever) from ''any'' external ip. (authentication has to be done by openvpn keys..) Can''t seem to do this? Is that possible? If I leave out the remote connection point in the tunnels file it doesn''t work. I must fill in something, any quick solution for this? Oh, I''m running a similar setup like this at 2 sites, but there I don''t use the openvpn support yet (it wasn''t available back then) and I use ''manual'' lines to configure the ''accept openvpn from all'' situation.. Any advice on this? Greetings, Kristof.
Kristof Hardy schrieb:> > Hi, > > I''m having trouble with OpenVPN connections when using them on ADSL at 2 > firewalls. > > Both firewalls run Shorewall 1.3.14 :) , but I have to specify the > remote point of the VPN in the tunnels file. Sadly enough, both ADSL > connections might go down/switch ip, etc.. So I would like to set 1 > firewall (as proposed in openvpn docs/faq at their website) to accept > connections on UDP 5000 (or whatever) from ''any'' external ip. > (authentication has to be done by openvpn keys..) > > Can''t seem to do this? Is that possible? If I leave out the remote > connection point in the tunnels file it doesn''t work. I must fill in > something, any quick solution for this?As the docs state, you should be able to define 0.0.0.0/0 as the GATEWAY adress. HTH Simon> > Oh, I''m running a similar setup like this at 2 sites, but there I don''t > use the openvpn support yet (it wasn''t available back then) and I use > ''manual'' lines to configure the ''accept openvpn from all'' situation.. > > Any advice on this? > > Greetings, > > Kristof. > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users
Hi, Am Mit, 2003-02-19 um 23.39 schrieb Richard Atcheson:> On Wednesday 19 February 2003 15:21, Felix Ostrowski wrote: > > Hi! > > > > I have tons of drop entries in my log for TCP port 4616, coming from the > > (inter)net. What is this port used for? > > > > Thanks, > > > Felix, the file /etc/services lists all the ports numbers and the services > assigned thereto. > Richarddepends on what your services file contains ;) Seems to be no well known port. A little research on google showed up, that the SQLSlammer worm starts scanning at random ports (4616 is one of them) ending up at 1433. Maybe that helps... Dennis -- Dennis Borngraeber "I use my boots of speed to run after him. What do you mean he just went through the wall ?"