Brian Millett wrote:
Hello, A question about ports.
I tried to go to mirror ftp://fedora.namibia.na and when I did, my
firestarter lit up with two events from 196.44.128.220 which is the
fedora.namibia.na site. They were ICMP requests on ports 5949 & 15076.
My understanding is that ICMP does not have ports, but does have various
types. The ports given seem more like either udp or tcp port numbers...
Why? What are those ports? A google really gave me nothing.
ethereal-gnome.
Capture everything for your connected net connection. Repeat what you
mentioned triggered the detection, then stop the ethereal capture.
Try filtering the capture on:
icmp
tcp
udp
tcp and not tcp.port==80 (ie filter out normal web port).
not tcp.port==80
and see if you/we can make sense of the capture.
Perhaps it is really tcp ports for an active ftp connection: this is
where when you request a file, the ftp server creates a new inbound data
connection to the connected address. Two ways around it:
. tell the ftp client to use passive mode instead.
. use the ftp application layer gateway (ftp connection track) in iptables.
DaveT.
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list