RE: IDS Management - Port Numbers

From: Joseph E. Krause (joek@trustwave.com)
Date: 12/13/01

Previous message: Mike Disley: "RE: SPAN Port Question"
Maybe in reply to: robert.d.turner@bt.com: "IDS Management - Port Numbers"
Next in thread: Jamie French: "Re: IDS Management - Port Numbers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 13 Dec 2001 15:56:41 -0500
From: "Joseph E. Krause" <joek@trustwave.com>
To: <focus-ids@securityfocus.com>

Quick point of clarification -

Enterasys Dragon uses Blowfish encrypted TCP connections - default port
is 9111, although this is easily changed by the IDS administrator - not
encrypted ICMP tunnels.

Joe

-----Original Message-----
From: Brian [mailto:bmc@snort.org]
Sent: Thursday, December 13, 2001 2:17 PM
To: robert.d.turner@bt.com
Cc: focus-ids@securityfocus.com
Subject: Re: IDS Management - Port Numbers

According to robert.d.turner@bt.com:
> Does anyone know of a list of recognised (standard) port numbers for
IDS/
> Firewall/Management applications? I've been looking around
intermittently
> for a while, and there does not seem to be a collected list.

Older RealSecure installations listened on 2998 and 901 by default.
The port is reconfigurable. The standard encryption plugin has the
banner:
ISS ECNRA Built-In Provider, Strong Encryption Version

Dragon uses encrypted ICMP tunnels. I've taken down my test dragon
sensors at work, so I don't know what types & codes they use.

Most vendors recommend having a seperate network for administration
and data transfer for your remote sensors. Where this is not
available, I suggest using vtun, ipsec, or any other strong encryption
VPN.

-- 
"Why does everyone always pick on Attila as the archetypal right wing
nutcase?"  "Attila is less hated than Hitler, better known than Franco,
and lacks Mussolini's comic charm." -- Ben Aveling and Bill Cole, ASR

Previous message: Mike Disley: "RE: SPAN Port Question"
Maybe in reply to: robert.d.turner@bt.com: "IDS Management - Port Numbers"
Next in thread: Jamie French: "Re: IDS Management - Port Numbers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: How to setup trust between 2003 SP1/R2 and MIT 1.4.3 ?
... It works when I change the encryption types in krb5.conf to only ... to opensuse.suse.home (no port 88 traffic) ... Protocol: IP ... NOT a forwarded ticket ...
(comp.protocols.kerberos)
Re: Using a home T-1 line to evade company filtering
... She just simply set the listening ports on her machine to port ... to outwit the boss. ... uses SSL/SSH encryption between her machine and my computer in Australia. ...
(comp.security.firewalls)
Re: Configuring SSL in IIS SMTP
... non-standard port). ... This is because OE does STARTTLS on port ... assuming you mean start-to-finish encryption if you ... SMTPS session, this means having a test bed that is broken from the ...
(microsoft.public.inetserver.iis.smtp_nntp)
Re: Multiple SMTP Virtual Servers on a single public IP
... I will try port 26 as you used, but from what ive tried, Outlook 2003 ... attempts and secure my clients email with encryption. ...
(microsoft.public.exchange.admin)
Re: Blocking LDAP at Domain Controller to protect sensitive inform
... I'm more of an applications guy than an infrastructure guy. ... Applications using AD can request encryption on port 389 if they use ... servers use for finding the correct domain controller to use will do an LDAP ...
(microsoft.public.windows.server.active_directory)