Re: Firewall shows ports being used in sqeuence

On Wed 07 Dec 2005 19:12:14, Wolfgang Kueter
<wolfgang@shconnect.de> wrote:

>> Are you saying that it is normal behavior of the TCPIP stack
>> that I am going out of port 80 and using those ascending port
>> numbers as I try to access various web and news servers?
>
> Of course, yes. There is a difference between client and server
> and destination port and source port. Both major transport
> protocols (which are tcp and udp) when connecting a service on a
> remote machine will contact the destination machine on the well
> known destination port for the particular service (80 for
> web/http, 119 for news/nntp, 110 for pop3, 25 for smtp ...) and
> use a random source port above usually above 1024 to recieve the
> answer packets from the remote machine. That is just how a
> tcp/ip stack works. Ascending source port numbers are nothing to
> worry about. Ascending TCP sequence numbers however would of
> course be a completely different story.
>
> Please read documents like:
>
> http://www.firewall.cx/tcp-analysis-section-4.php
> http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ip.htm
>
>>>> What could be causing this sequential use of local ports?
>>>
>>> Normal behaivior of an avarage TCP/IP stack.

Thanks for the info Wolfgang.
Thanks too for two very good links

>>
>> I am going to get a hardare firewall when I can afford to.
>
> Your stack won't behave any diffrent with a hardware firewall.
> What you observe is totally normal behaivior and absolutely
> nothing to worry about.

I was thinking of the hardware firewall as better a replacememnt for
a personal software firewall.

I find that the the config requirements of many software firewalls
can get more complicated than I am able to handle! Things like
making sure various utility servers get through (DHCP, UBR, DNS, etc)
and distinguishing between WAN and private IP addresses all makes my
head spin!
Received on Sun Dec 11 14:24:50 2005