Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > firewall > Content
Hot Articles
Under Linux system firew
How the pronunciation an
The open firewall port r
Impediment firewall secu
Individual firewall's tr
360ARP firewall's simple
The big spider collabora
Discusses the firewall c
Lets Vista network secur
One make the supercomput
About firewall's classif
Thorough analysis firewa
20 model of most outstan
Discusses the firewall t
Foxmail Server and commo
Recommend Articles
Knew that the Linux oper
Discusses the firewall c
How the pronunciation an
Lets Vista network secur
The big spider collabora
Under Linux system firew
Individual firewall's tr
Establishment firewall i
The network firewall mai
In network security fire
USBKill8.0 implementatio
Discusses the firewall t
Stops up the long-distan
Clearly recognizes the f
About low in high securi
New Articles
Thorough firewall record
Outside the distribution
How refuses to threaten
Spammers also go on holi
Check Point VPN-1 VE pro
Protecting your business
Public Sector organisati
McAfee announces compreh
AppGate Network Security
AppGate adds support for
dns Managed Security Inf
The new technology enabl
Cisco takes the measure
Solves the Windows syste
MSN is unable the questi
Thorough firewall record
  Add date: 10/10/2008   Publishing date: 10/10/2008   Hits: 1
Total 2 pages, Current page:1, Jump to page:
 
This article to you will explain that what you (Log) did see in firewall's record? What meanings especially are these ports? You will be able to use these information to make the judgment: Whether I have come under the Hacker attack? What does his/she want to do? This article both are suitable for the maintenance enterprise firewall's security expert, and is suitable in uses individual firewall's family user.

* translator: Now individual firewall starts to be popular, once many net friends saw the warning thought comes under some kind of attack, actually the majority situations are not true.

Explains the firewall to record (1)

Inside this article mainly introduced the goal port xxx meaning? All passes through firewall's communication is a connection part. A connection contains one pair mutually “the conversation” IP address as well as pair and IP address correspondence port. The goal port usually means some kind of service which connects. When firewall impediment (block) some connection, it the goal port “on record” (logfile). This will describe these port's significance.

The port may divide into 3 broad headings:

1) recognizes the port (Well Known Ports): From 0 to 1023, they bind closely in some services. Usually these port's communication has indicated some kind of service agreement explicitly. For example: 80 port in fact always HTTP communication.

2) registers the port (Registered Ports): From 1024 to 49151. They bind loosely in some services. That is many service binding in these ports, these ports uses in many other goals similarly. For example: Many system processing dynamic port starts from 1024.

3) dynamic and/or private port (Dynamic and/or Private Ports): From 49152 to 65535. Theoretically, should not to serve assigns these ports. In fact, the machine usually assigns the dynamic port from 1024. But also has the exception: SUN RPC port from 32768 starts.

Explains the firewall to record (2)

This article still explains the port, stresses in the port function! Many attack scripts will install back door Shell in this port (particularly these in view of the Sun system in Sendmail and RPC service crack's script, like statd, ttdbserver and cmsd). If you just installed your firewall to see on this port's connection attempt, very possible is the above reason. You may try Telnet to yours machine's this port, has a look at it whether to give you Shell. Connects 600/pcserver also to have this problem.

Explains the firewall to record (3)

This article explanation scans port's a series of behaviors. The author discovered that one kind from changes very big source address this regarding the identical series port's scanning on Internet usually is because “traps” the scanning (decoy scan), like nmap. And one is an aggressor, other is not. Can we trace them who using the firewall rule and the protocol analysis are? For example: If your ping each system, you may obtain TTL matches with these connection attempt. Which like this can you be at least “trap” the scanning (TTL to match, if did not match them is quilt “traps”). However, the new edition's scanner the aggressor own TTL randomisation, will probably discover like this they to return is more difficult. You may further study your firewall record, seeks in the identical subnet the address which traps (human). You will usually discover that the aggressor just attempted to you to connect, but by trapping cannot.

 
Other pages: : 1 * 2 * Next>>
Prev:Outside the distributional firewall's application deployment robs the thief within family together a

Comment:

Category: Home > firewall
Home