[27290] in North American Network Operators' Group
Re: Cisco says attacks are due to operational practices
daemon@ATHENA.MIT.EDU (John M. Brown)
Thu Feb 10 23:59:27 2000
Message-ID: <20000210221147.E9859@abq-mail-01.ihighway.net>
Date: Thu, 10 Feb 2000 22:11:47 -0700
From: "John M. Brown" <jmbrown@ihighway.net>
To: Chris Cappuccio <chris@dqc.org>,
Paul Ferguson <ferguson@cisco.com>
Cc: nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <Pine.BSO.4.21.0002101900210.11838-100000@dqc.org>; from Chris Cappuccio on Thu, Feb 10, 2000 at 07:02:25PM -0800
Errors-To: owner-nanog-outgoing@merit.edu
Umm, lets see, hosts are supposed to assign ports for sessions above 1024.
Ports below 1024 are "priv / root" ports and are assigned for specific
services.
We filter <1023 >1023 we don't care about so much, except for a couple of
well known ones.
On Thu, Feb 10, 2000 at 07:02:25PM -0800, Chris Cappuccio wrote:
>
> Did anyone even read the post I was responding to ??
>
> >On Thu, 10 Feb 2000, John M. Brown wrote:
> >| We have always built martian filters on our edge routers. In addition we
> >| built specific filters for ports that are not used, or are bad on the net.
>
> "Ports that are not used" What about when the tcp stack on a particular
> machine dynamically allocates a particular port for some tcp connection and
> you are filtering that port ? etc....
>
>
>
> On Thu, 10 Feb 2000, Paul Ferguson wrote:
>
> | I did't see anyone talking about port-level filtering. What
> | I did see, on the other hand, was someone talking about about
> | filtering Martian network traffic -- stuff which should not
> | be there in the first place.
> |
> | - paul
> |
> |
> |
>
> ---
> Gates' Law: Every 18 months, the speed of software halves.
>
>
