[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] AW: [FW-1] multiple connections using service 32778
Hello Elisabeth, looks like you are running Sun Solaris somewhere, because this is one of the ports Solaris regularly uses for an RPC service. Try 'rpcinfo -p' on the offending system (if it is Sun) and check for a rule, allowing RPC traffic. Check Point defines RPC as an RPC service number (like 100003 is NFS) independent of the port and automatically tracks the ports. Chris. > -----Ursprüngliche Nachricht----- > Von: Elisabeth Wonders [mailto:[email protected]] > Gesendet: Montag, 22. Oktober 2001 16:36 > An: [email protected] > Betreff: [FW-1] multiple connections using service 32778 > > > During a 15 minute span this morning, my active log showed 40-50 > connections from about 10 different source IPs (some of which I could > resolve, some not) to my firewall, all using service 32778. > One of the > IP's had 20 concurrent connections. > > Two questions: > > What is that service used for? It was listed as unassigned > at IANA's site > http://www.iana.org/assignments/port-numbers > > Why did my "Any -- firewall -- Any -- Drop" rule not catch this? > > I've added a rule just to block this mystery traffic until I > get a handle > on what it is. > > TIA for any help/opinions you may have to offer. > > Elisabeth > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== > =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|