Hello, A question about ports.
I tried to go to mirror ftp://fedora.namibia.na and when I did, my firestarter lit up with two events from 196.44.128.220 which is the fedora.namibia.na site. They were ICMP requests on ports 5949 & 15076.
Why? What are those ports? A google really gave me nothing.
Brian Millett wrote:
Hello, A question about ports.
I tried to go to mirror ftp://fedora.namibia.na and when I did, my firestarter lit up with two events from 196.44.128.220 which is the fedora.namibia.na site. They were ICMP requests on ports 5949 & 15076.
My understanding is that ICMP does not have ports, but does have various types. The ports given seem more like either udp or tcp port numbers...
Why? What are those ports? A google really gave me nothing.
ethereal-gnome. Capture everything for your connected net connection. Repeat what you mentioned triggered the detection, then stop the ethereal capture.
Try filtering the capture on: icmp tcp udp tcp and not tcp.port==80 (ie filter out normal web port). not tcp.port==80 and see if you/we can make sense of the capture.
Perhaps it is really tcp ports for an active ftp connection: this is where when you request a file, the ftp server creates a new inbound data connection to the connected address. Two ways around it: . tell the ftp client to use passive mode instead. . use the ftp application layer gateway (ftp connection track) in iptables.
DaveT.