Security Incidents mailing list archives
RE: Is it possible to derease gradually the number of Client port (add up time table) ?
From: "Todd Jang" <dhwinner () coponet com>
Date: Wed, 10 Mar 2004 12:41:21 +0900
I add up time table below logs which are blocked. I dimly remember. someone said the reason decreased port number may be a specific of O.S or application's logic operated in client. Is there any reason Why The port number always has to increase ? Feb 13 07:07:14 fw21_out FI b en0 tcp x.x.235.25 19247 x.x.100.201 1018 Feb 13 07:07:47 fw21_out FI b en0 tcp x.x.235.25 19246 x.x.100.201 1018 Feb 13 07:07:53 fw21_out FI b en0 tcp x.x.235.25 19246 x.x.100.201 1018 Feb 13 07:08:05 fw21_out FI b en0 tcp x.x.235.25 19246 x.x.100.201 1018 Feb 13 07:08:29 fw21_out FI b en0 tcp x.x.235.25 19246 x.x.100.201 1018 Feb 13 07:09:03 fw21_out FI b en0 tcp x.x.235.25 19245 x.x.100.201 1018 Feb 13 07:09:09 fw21_out FI b en0 tcp x.x.235.25 19245 x.x.100.201 1018 Feb 13 07:09:21 fw21_out FI b en0 tcp x.x.235.25 19245 x.x.100.201 1018 Feb 13 07:09:45 fw21_out FI b en0 tcp x.x.235.25 19245 x.x.100.201 1018 Feb 13 07:10:19 fw21_out FI b en0 tcp x.x.235.25 19244 x.x.100.201 1018 Feb 13 07:10:25 fw21_out FI b en0 tcp x.x.235.25 19244 x.x.100.201 1018 Feb 13 07:10:37 fw21_out FI b en0 tcp x.x.235.25 19244 x.x.100.201 1018 Feb 13 07:11:01 fw21_out FI b en0 tcp x.x.235.25 19244 x.x.100.201 1018 Feb 13 07:11:35 fw21_out FI b en0 tcp x.x.235.25 19243 x.x.100.201 1018 Feb 13 07:11:41 fw21_out FI b en0 tcp x.x.235.25 19243 x.x.100.201 1018 -----Original Message----- From: Rob Shein [mailto:shoten () starpower net] Sent: Wednesday, March 10, 2004 3:17 AM To: 'toddjang'; incidents () securityfocus com Cc: dhwinner () coponet com Subject: RE: Is it possible to derease gradually the number of Client port ? I don't see time information; are you sure the number is decreasing? If you're looking at it in the wrong order, it may actually be increasing, which is normal.
-----Original Message----- From: toddjang [mailto:toddjang () whitewindow net] Sent: Tuesday, March 09, 2004 2:45 AM To: incidents () securityfocus com Cc: dhwinner () coponet com Subject: Is it possible to derease gradually the number of Client port ? As you look the log format below, As gradually decreased the number of client port and trying to connect continually to destination. I"ve never seen before. Is it possible to decrease gradually the client port numner ? or bad traffic ? Feb 16 x.x.235.25,15040 -> x.x.100.201,1018 len 20 44 -S Feb 16 x.x.235.25,15039 -> x.x.100.201,1018 len 20 44 -S Feb 16 x.x.235.25,15039 -> x.x.100.201,1018 len 20 44 -S Feb 16 x.x.235.25,15039 -> x.x.100.201,1018 len 20 44 -S Feb 16 x.x.235.25,15039 -> x.x.100.201,1018 len 20 44 -S Feb 16 x.x.235.25,15038 -> x.x.100.201,1018 len 20 44 -S .....abbreviation below.... thanks. _________________________________ coponet. sert - todd jang security emergency response team
_________________________________
Current thread:
- Is it possible to derease gradually the number of Client port ? toddjang (Mar 09)
- RE: Is it possible to derease gradually the number of Client port ? Rob Shein (Mar 09)
- RE: Is it possible to derease gradually the number of Client port (add up time table) ? Todd Jang (Mar 10)
- RE: Is it possible to derease gradually the number of Client port (add up time table) ? Rob Shein (Mar 10)
- Re: Is it possible to derease gradually the number of Client port (add up time table) ? Lionel Ferette (Mar 10)
- Re: Is it possible to derease gradually the number of Client port (add up time table) ? Frank Knobbe (Mar 11)
- Re: Is it possible to derease gradually the number of Client port (add up time table) ? Ben Timby (Mar 11)
- RE: Is it possible to derease gradually the number of Client port (add up time table) ? Todd Jang (Mar 10)
- RE: Is it possible to derease gradually the number of Client port ? Rob Shein (Mar 09)