how to block connections running on non-default ports

From: Niranjan S Patil (niranjan.patil_at_gmail.com)
Date: 08/15/05

  • Next message: Yvonne McInally: "RE: Enterprise level firewall selection" 
    Date: Mon, 15 Aug 2005 21:06:02 +0530
To: security-basics@securityfocus.com

    Hi list,

    I recently noticed that our corporate IDS could not block some of
    connections that are seemingly unauthorised.

    I launched a telnet connection to a remote server on Internet on port
    23 and it was successfully blocked by our firewall. I change the
    listening port of the telnet server to 443 and launched another telnet
    connection on port 443. Neither our firewall or IDS was able to block
    this connection.

    Aren't IDS supposed to block such masqueraded connections, i.e.,
    protocols with non-default ports.

    I have less knowledge on IDS, but isn't it simple for them to check
    packet headers and block/filter if they are not on right
    protocol/port?

    Is this normal with all IDS?

    Any help is appreciated. 

    -- 
Regards,
Niranjan S Patil
  • Next message: Yvonne McInally: "RE: Enterprise level firewall selection"

    Relevant Pages

    • Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second
      ... When Nmap (or many ... > other applications, such as Telnet) does a connectcall, the OS is ... > supposed to choose a good souce port to bind to for the connection. ... I saw a familiar "Connection reset by peer" every time the random port ...
      (Incidents)
    • Re: IP Blocker in SBS2003 exchange
      ... > What I was trying to explain in the telnet section was that I realise ... > the server is listening for connections on ports 110 and 25. ... > but he can connect to port 110. ... > well as another wireless broadband connection. ...
      (microsoft.public.windows.server.sbs)
    • Re: Port 25 blocked ?
      ... Thx for you cue i did try like you suggest to telnet other mx and no ... If you want to confirm it, just try a telnet on port 25 to some one else's ... Is there a way to tell if Port 25 is block for outbound connection? ...
      (microsoft.public.windows.server.sbs)
    • RE: how to block connections running on non-default ports
      ... masqueraded connections because all the telnet protocol does is send any ... This is why you can use telnet to connect to a website on port 80 and ... indistinguishable from an SSL connection coming from a browser. ...
      (Security-Basics)
    • Please help! Pretty please? (DNS trouble, I think)
      ... telnet: connect to address 127.0.0.1: Connection refused ... (there's nothing listening on that port, ... DNS servers fault (I tried telnetting port 53 of their ...
      (comp.os.linux.networking)