North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco says attacks are due to operational practices

  • From: John M. Brown
  • Date: Fri Feb 11 00:01:07 2000

Umm, lets see, hosts are supposed to assign ports for sessions above 1024.
Ports below 1024 are "priv / root" ports and are assigned for specific 
services.

We filter <1023  >1023 we don't care about so much, except for a couple of 
well known ones.


On Thu, Feb 10, 2000 at 07:02:25PM -0800, Chris Cappuccio wrote:
> 
> Did anyone even read the post I was responding to ??
> 
> >On Thu, 10 Feb 2000, John M. Brown wrote:
> >| We have always built martian filters on our edge routers.  In addition we
> >| built specific filters for ports that are not used, or are bad on the net.
> 
> "Ports that are not used" What about when the tcp stack on a particular
> machine dynamically allocates a particular port for some tcp connection and
> you are filtering that port ? etc....
> 
> 
> 
> On Thu, 10 Feb 2000, Paul Ferguson wrote:
> 
>  | I did't see anyone talking about port-level filtering. What
>  | I did see, on the other hand, was someone talking about about
>  | filtering Martian network traffic -- stuff which should not
>  | be there in the first place.
>  | 
>  | - paul
>  | 
>  | 
>  | 
> 
> ---
> Gates' Law: Every 18 months, the speed of software halves.
> 
>