Denied ports 1339, 2049 and 2702
We use Debian (sid, 2.4.18 custom, libc6 2.2.5) box with
iptables (1.2.6a) and Obsid's rc.firewall.iptables.dual (1.2b2)
http://www.sentry.net/~obsid/IPTables/rc.scripts.dir/current
as a firewall between private net and Internet.
Every day we get a lot of DENIED PORT messages:
[...]
Apr 9 17:05:57 lee kernel: DENIED PORT:IN=eth0 OUT=ppp0
SRC=<private IP> DST=<Internet IP> LEN=48 TOS=0x08
PREC=0x00 TTL=125 ID=40301 DF PROTO=TCP
SPT=2702 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
[...]
Apr 9 17:26:53 lee kernel: DENIED PORT:IN=eth0 OUT=ppp0
SRC=<private IP> DST=<Internet IP> LEN=48 TOS=0x08
PREC=0x00 TTL=125 ID=10893 DF PROTO=TCP
SPT=1339 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
[..]
Apr 9 17:35:10 lee kernel: DENIED PORT:IN=eth0 OUT=ppp0
SRC=<private IP> DST=<Internet IP> LEN=48 TOS=0x08
PREC=0x00 TTL=127 ID=25376 DF PROTO=TCP
SPT=2049 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
[...]
These ports is denied by script, but I do not understand what
does it mean. If some private net user browser try to connect
to some Internet www server (DPT=80) it has to use one of the
dynamic and/or private ports (49152 through 65535) as a source
port, hasn't it?
As http://www.iana.org/assignments/port-numbers reads port 1339
used by kjtsiteserver, 2049 by Network File System - Sun
Microsystems, and 2702 by SMS XFER. But our private net does
not use Network File System - Sun Microsystems (we use SAMBA
instead). I do not manage to find any usefull information what
kjtsiteserver and SMS XFER is, but so far as I can understand
no our private net boxes use such software too.
Can anybody, please, explain me, point to source of information
give a hint (any information would be gratefully appreciated)
how to understand these messages.
Thank you, Mikhail.
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: