Re: IDS Management - Port Numbers

From: andy cuff (talisker@tiscali.co.uk)
Date: 12/13/01 

From: "andy cuff" <talisker@tiscali.co.uk>
To: "Tom Love" <tlove@tjlovejr.com>, <focus-ids@securityfocus.com>
Date: Thu, 13 Dec 2001 20:19:46 -0000

Tom

I think Robert was looking for IDS specific port numbers, ie the default
ports used by each IDS product for passing events and reporting.

Personally, I always (try to) move away from the default ports. There are
many who hate security through obscurity but I feel every little helps.

-andy
http://www.networkintrusion.co.uk
----- Original Message -----
From: "Tom Love" <tlove@tjlovejr.com>
To: <focus-ids@securityfocus.com>
Sent: Thursday, December 13, 2001 4:28 PM
Subject: RE: IDS Management - Port Numbers

>
> http://www.iana.org/assignments/port-numbers
>
> -----Original Message-----
> From: robert.d.turner@bt.com [mailto:robert.d.turner@bt.com]
> Sent: Tuesday, December 11, 2001 9:17 AM
> To: focus-ids@securityfocus.com
> Subject: IDS Management - Port Numbers
>
>
> Hi
>
> Does anyone know of a list of recognised (standard) port numbers for IDS/
> Firewall/Management applications? I've been looking around intermittently
> for a while, and there does not seem to be a collected list.
>
> I'm looking for something along the lines of
>
> IDS Package A Client to Manager Bi-directional A,B,C
> IDS Package A Client to Manager D,E,F
> IDS Package A Manager to Client G,H,I
> IDS Package B .....
> IDS Package C .....
> Firewall Package A .....
> Management System A .....
>
> I would be prepared to collate a list if no-one knows of one, so if anyone
> knows information about even one package this would be most useful.
>
> For information, this search follows taking over a security setup, and
> taking about three weeks to get full information from a vendor about the
> ports that needed punching through various firewalls!
>
> TIA
>
> Robert
>
> --
> Robert Turner GCIA
> Security Solutions Designer & Analyst
>
> Ignite Solutions - Secure Business Services
> T: +44 (0)113 244 5951 F: +44 (0)113 244 5657
> Robert.D.Turner@bt.com
>
>
>

Relevant Pages

  • RE: about mirroring port
    ... I would recommend that you not try any 'mirroring' or 'port ... This creates numerous problems within a network, ... On some Cisco routers, I believe that you can use a 'tap port', which allows ... onto multiple IDSes. ...
    (Focus-IDS)
  • Re: TAP location
    ... progressing onto the ISS document. ... If you have any further questions concerning tap implementation, ... > I am working on a new hotel/congress setup and I need to install 3 IDS ... > port to a consolidated switch to witch I will attach the sniffing port of ...
    (Focus-IDS)
  • RE: TAP location
    ... > IDS might get you in trouble. ... that you should own the switch, and enforce the rules of configuring the ... going between the direct NIC and the Switch port. ... >>Utilising DNS port as a back channel: I use a forwarder for my internet ...
    (Focus-IDS)
  • RE: Stopping File Sharing Programs...
    ... Make it corporate policy that these programs are not permitted ... application layer firewalls will not actually block these guys over port 80. ... then when your IDS sees a user using one of the ... Kazaa by blocking the port 1214. ...
    (Security-Basics)
  • Antwort: TAP location
    ... Subject: Antwort: TAP location ... >that in no condition can the IDS be compromise from the network segment ... >port to a consolidated switch to witch I will attach the sniffing port of ... >to monitor, can I connect port A of the TAP to a hub port, attach the IDS ...
    (Focus-IDS)