Re: Traffic from port 25 to high ports?
From: Ashish Gupta (ashishg@in.niksun.com)Date: 09/29/01
- Previous message: ___cliff rayman___: "Re: Snort question"
- Maybe in reply to: Naseer Bhatti: "Re: Traffic from port 25 to high ports?"
- Next in thread: Aaron Peterson: "Re: Traffic from port 25 to high ports?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3BB5433D.46573C2D@in.niksun.com> Date: Sat, 29 Sep 2001 09:12:54 +0530 From: Ashish Gupta <ashishg@in.niksun.com> To: Matt Simonsen <matt_lists@careercast.com> Subject: Re: Traffic from port 25 to high ports?
Well there might be a typical case of Port Forwarding which is typical of
ssh. For example I can say that forward all the traffic on port 25 of a
machine X to port 33543 of machine Y using SSH. Where in some cases X and Y
can be the same machine.
Cheers,
ag
Matt Simonsen wrote:
> I am seeing traffic regularly coming from remote servers' port 25
> destined to our servers' high ports, generally in the 1-3k range. Is
> this normal? I plan to block it all, from what I understand SMTP goes
> only from 25 to 25, but if that's the case I can't figure out what this
> would be.
>
> According to our IPFilter logs the traffic generally has -AFP set,
> please let me know off-line if a tidbit of info I could provide can help
> you answer my question.
>
> Thanks
> Matt Simonsen
- Previous message: ___cliff rayman___: "Re: Snort question"
- Maybe in reply to: Naseer Bhatti: "Re: Traffic from port 25 to high ports?"
- Next in thread: Aaron Peterson: "Re: Traffic from port 25 to high ports?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
