[27308] in North American Network Operators' Group
Re: Cisco says attacks are due to operational practices
daemon@ATHENA.MIT.EDU (Bora Akyol)
Fri Feb 11 14:04:03 2000
Message-ID: <38A45BC0.73084959@pluris.com>
Date: Fri, 11 Feb 2000 10:58:08 -0800
From: Bora Akyol <akyol@pluris.com>
MIME-Version: 1.0
To: "John M. Brown" <jmbrown@ihighway.net>
Cc: Chris Cappuccio <chris@dqc.org>,
Paul Ferguson <ferguson@cisco.com>, nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Unfortunately, ssh on linux regularly assigns ports when ssh'ing out from a box
below 1024, I think this is a bug, but make writing firewall commands annoying.
Bora
"John M. Brown" wrote:
> Umm, lets see, hosts are supposed to assign ports for sessions above 1024.
> Ports below 1024 are "priv / root" ports and are assigned for specific
> services.
>
> We filter <1023 >1023 we don't care about so much, except for a couple of
> well known ones.
>
> On Thu, Feb 10, 2000 at 07:02:25PM -0800, Chris Cappuccio wrote:
> >
> > Did anyone even read the post I was responding to ??
> >
> > >On Thu, 10 Feb 2000, John M. Brown wrote:
> > >| We have always built martian filters on our edge routers. In addition we
> > >| built specific filters for ports that are not used, or are bad on the net.
> >
> > "Ports that are not used" What about when the tcp stack on a particular
> > machine dynamically allocates a particular port for some tcp connection and
> > you are filtering that port ? etc....
> >
> >
> >
> > On Thu, 10 Feb 2000, Paul Ferguson wrote:
> >
> > | I did't see anyone talking about port-level filtering. What
> > | I did see, on the other hand, was someone talking about about
> > | filtering Martian network traffic -- stuff which should not
> > | be there in the first place.
> > |
> > | - paul
> > |
> > |
> > |
> >
> > ---
> > Gates' Law: Every 18 months, the speed of software halves.
> >
> >
