Re: IPCOP newbie

From: Bit Twister (BitTwister@localhost.localdomain)
Date: 02/10/03

Next message: Duane Arnold: "Re: McAfee Personal Firewall Plus - bugs or holes?"
Previous message: Cynthia Daniel: "Re: recommendation Firewalls"
In reply to: Darren: "Re: IPCOP newbie"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Bit Twister <BitTwister@localhost.localdomain>
Date: Mon, 10 Feb 2003 01:21:08 GMT

On Sun, 9 Feb 2003 19:10:43 -0600, Darren wrote:
>
> "Bit Twister" <BitTwister@localhost.localdomain> wrote in message
> news:slrnb4duj2.1vv.BitTwister@wb.home...
>> On Sun, 9 Feb 2003 18:56:33 -0600, Darren wrote:
>> > Can somebody explain to me the difference in the firewall log files of
> the
>> > source port and destination port. Is it safe to say the destinination
> port
>> > is the port it is triing to penetrate, but I do not understand why there
> is
>> > various source ports?
>>
>> If I was to scann your pc, the source port would be the port I use
>> to scan your pc with. The destination port is the port I chose
>> to try on your boex. My source port would depend on my hardware/software
> setup.
>>
>>
>> > Sorry for the newbie question.
>> > Also what is the difference between the intrusion detection system logs
> and
>> > the firewall logs??
>>
>> Depending on how your set them up, the firewall logs all hits on your
>> box. IDS could log hits which it thinks are intrusion attempts.
>
> Thanks for you reply, the first answer makes sense to me, but the second
> question,
> just curious, isn't all logged items an intrusion attempt?

That is one of the problems. You turn on logging for all hits on your
firewall and you will soon quit looking at all that noise.

The IDS could detect someone hitting your box once a week.
The firewall might pass a connection through where an IDS might
notify you of a malformed packet.

Next message: Duane Arnold: "Re: McAfee Personal Firewall Plus - bugs or holes?"
Previous message: Cynthia Daniel: "Re: recommendation Firewalls"
In reply to: Darren: "Re: IPCOP newbie"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: L2TP + NAT-T
... "I'm using L2TP/IPSec since PPTP does not work through NAT. ... > Destination Port 0 ... > IKE Source Port 500 ... > IKE Destination Port 6159 ...
(microsoft.public.win2000.ras_routing)
Re: IPCOP newbie
... >> source port and destination port. ... The destination port is the port I chose ... > Depending on how your set them up, the firewall logs all hits on your ...
(comp.security.firewalls)
Configure iptables to not log certain hits
... Create a script that would parse my firewall logs for IP ... Doing this would certainly stop their ping attempts, ... to port 1026 or 1027. ... iptables command could result in scp connections not being logged. ...
(comp.os.linux.security)
Re: SMTP and tcp ports
... for both the source port and for the destination port to our exchange ... random destination ports allocated by PAT on the edge router; ...
(comp.dcom.sys.cisco)
SUMMARY: remote printing
... lp system we should only need port 515 open through the firewall. ... still not working is to look at the firewall logs while tyring to send print ... Roger Kynaston ... Information Technology Services ...
(SunManagers)