NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] AW: [FW-1] multiple connections using service 32778


  • To: [email protected]
  • Subject: [FW-1] AW: [FW-1] multiple connections using service 32778
  • From: Christian Gresser <[email protected]>
  • Date: Mon, 22 Oct 2001 17:38:59 +0200
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcFbDuXCHeXW/jOlSNyWn4nXT7l+AQAADSOw
  • Thread-topic: [FW-1] multiple connections using service 32778

Hello Elisabeth,

looks like you are running Sun Solaris somewhere,
because this is one of the ports Solaris regularly
uses for an RPC service.

Try 'rpcinfo -p' on the offending system (if it is
Sun) and check for a rule, allowing RPC traffic.
Check Point defines RPC as an RPC service number
(like 100003 is NFS) independent of the port and
automatically tracks the ports.

Chris.

> -----Ursprüngliche Nachricht-----
> Von: Elisabeth Wonders [mailto:[email protected]]
> Gesendet: Montag, 22. Oktober 2001 16:36
> An: [email protected]
> Betreff: [FW-1] multiple connections using service 32778
>
>
> During a 15 minute span this morning, my active log showed 40-50
> connections from about 10 different source IPs (some of which I could
> resolve, some not) to my firewall, all using service 32778.
> One of the
> IP's had 20 concurrent connections.
>
> Two questions:
>
> What is that service used for?  It was listed as unassigned
> at IANA's site
> http://www.iana.org/assignments/port-numbers
>
> Why did my "Any -- firewall -- Any -- Drop" rule not catch this?
>
> I've added a rule just to block this mystery traffic until I
> get a handle
> on what it is.
>
> TIA for any help/opinions you may have to offer.
>
> Elisabeth
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================
>

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.