ZBCF/CBFW list of pinholing protocols?

Unanswered Question
Feb 9th, 2010

As of the lastest upgrade on my ASR, the list of inspectable protocols

went from a very manageable 30 or so core protocols to almost 150.

I don't particularly care to see l4 statistics for stuff like "hp-managed-node"

or "creativeserver" and would prefer to keep the load down, but also I

have no reason to kick any protocols that do open "dial-back" IP

connections in the nuts, as long as they are solicited from my users.

So I can probably add a few extra protocols beyond what I was already

inspecting in the interest of keeping things working, but it would take

a whole day to go through the list one by one...

Anyone seen a list of ZBCF/CBFW inspection protocols which indicates

which ones actually do create opposite-side pinholes, as opposed

to which inspections are merely gathering statistics or hooks for filtering?

match protocol ?
  802-11-iapp          IEEE 802.11 WLANs WG IAPP
  ace-svr              ACE Server/Propagation
  aol                  America-Online Instant Messenger
  appleqtc             Apple QuickTime
  bgp                  Border Gateway Protocol
  biff                 Bliff mail notification
  bootpc               Bootstrap Protocol Client
  bootps               Bootstrap Protocol Server
  cddbp                CD Database Protocol
  cifs                 CIFS
  cisco-fna            Cisco FNATIVE
  cisco-net-mgmt       cisco-net-mgmt
  cisco-svcs           cisco license/perf/GDP/X.25/ident svcs
  cisco-sys            Cisco SYSMAINT
  cisco-tdp            Cisco TDP
  cisco-tna            Cisco TNATIVE
  citrix               Citrix IMA/ADMIN/RTMP
  citriximaclient      Citrix IMA Client
  clp                  Cisco Line Protocol
  creativepartnr       Creative Partnr
  creativeserver       Creative Server
  cuseeme              CUSeeMe Protocol
  daytime              Daytime (RFC 867)
  dbase                dBASE Unix
  dbcontrol_agent      Oracle dbControl Agent po
  ddns-v3              Dynamic DNS Version 3
  dhcp-failover        DHCP Failover
  discard              Discard port
  dns                  Domain Name Server
  dnsix                DNSIX Securit Attribute Token Map
  echo                 Echo port
  entrust-svc-handler  Entrust KM/Admin Service Handler
  entrust-svcs         Entrust sps/aaas/aams
  exec                 Remote Process Execution
  fcip-port            FCIP
  finger               Finger
  ftp                  File Transfer Protocol
  ftps                 FTP over TLS/SSL
  gdoi                 GDOI
  giop                 Oracle GIOP/SSL
  gopher               Gopher
  gtpv0                GPRS Tunneling Protocol Version 0
  gtpv1                GPRS Tunneling Protocol Version 1
  h225ras              H225 RAS over Unicast
  h323                 H.323 Protocol (e.g, MS NetMeeting, Inte
  h323callsigalt       h323 Call Signal Alternate
  hp-alarm-mgr         HP Performance data alarm manager
  hp-collector         HP Performance data collector
  hp-managed-node      HP Performance data managed node
  hsrp                 Hot Standby Router Protocol
  http                 Hypertext Transfer Protocol
  https                Secure Hypertext Transfer Protocol
  ica                  ica (Citrix)
  icabrowser           icabrowser (Citrix)
  icmp                 ICMP
  ident                Authentication Service
  igmpv3lite           IGMP over UDP for SSM
  imap                 Internet Message Access Protocol
  imap3                Interactive Mail Access Protocol 3
  imaps                IMAP over TLS/SSL
  ipass                IPASS
  ipsec-msft           Microsoft IPsec NAT-T
  ipx                  IPX
  irc                  Internet Relay Chat Protocol
  irc-serv             IRC-SERV
  ircs                 IRC over TLS/SSL
  ircu                 IRCU
  isakmp               ISAKMP
  iscsi                iSCSI
  iscsi-target         iSCSI port
  kazaa                KAZAA
  kerberos             Kerberos
  kermit               kermit
  l2tp                 L2TP/L2F
  ldap                 Lightweight Directory Access Protocol
  ldap-admin           LDAP admin server port
  ldaps                LDAP over TLS/SSL
  login                Remote login
  lotusmtap            Lotus Mail Tracking Agent Protocol
  lotusnote            Lotus Note
  mgcp                 Media Gateway Control Protocol
  microsoft-ds         Microsoft-DS
  ms-cluster-net       MS Cluster Net
  ms-dotnetster        Microsoft .NETster Port
  ms-sna               Microsoft SNA Server/Base
  ms-sql               Microsoft SQL
  ms-sql-m             Microsoft SQL Monitor
  msexch-routing       Microsoft Exchange Routing
  msnmsgr              MSN Instant Messenger
  msrpc                Microsoft Remote Procedure Call
  mysql                MySQL
  n2h2server           N2H2 Filter Service Port
  ncp                  NCP (Novell)
  net8-cman            Oracle Net8 Cman/Admin
  netbios-dgm          NETBIOS Datagram Service
  netbios-ns           NETBIOS Name Service
  netbios-ssn          NETBIOS Session Service
  netshow              Microsoft NetShow
  netstat              Variant of systat
  nfs                  Network File System
  nntp                 Network News Transport Protocol
  ntp                  Network Time Protocol
  oem-agent            OEM Agent (Oracle)
  oracle               Oracle
  oracle-em-vp         Oracle EM/VP
  oraclenames          Oracle Names
  orasrv               Oracle SQL*Net v1/v2
  pcanywheredata       pcANYWHEREdata
  pcanywherestat       pcANYWHEREstat
  pop3                 Post Office Protocol - Version 3
  pop3s                POP3 over TLS/SSL
  pptp                 PPTP
  pwdgen               Password  Generator Protocol
  qmtp                 Quick Mail Transfer Protocol
  r-winsock            remote-winsock
  radius               RADIUS & Accounting
  rdb-dbs-disp         Oracle RDB
  realmedia            RealNetwork's Realmedia Protocol
  realsecure           ISS Real Secure Console Service Port
  router               Local Routing Process
  rsvd                 RSVD
  rsvp-encap           RSVP ENCAPSULATION-1/2
  rsvp_tunnel          RSVP Tunnel
  rtc-pm-port          Oracle RTC-PM port
  rtelnet              Remote Telnet Service
  rtsp                 Real Time Streaming Protocol
  send                 SEND
  shell                Remote command
  sip                  Session Initiation Protocol
  sip-tls              SIP-TLS
  skinny               Skinny Client Control Protocol
  sms                  SMS RCINFO/XFER/CHAT
  smtp                 Simple Mail Transfer Protocol
  snmp                 Simple Network Management Protocol
  snmptrap             SNMP Trap
  socks                Socks
  sql-net              SQL-NET
  sqlserv              SQL Services
  sqlsrv               SQL Service
  ssh                  SSH Remote Login Protocol
  sshell               SSLshell
  ssp                  State Sync Protocol
  streamworks          StreamWorks Protocol
  stun                 cisco STUN
  sunrpc               SUN Remote Procedure Call
  syslog               SysLog Service
  syslog-conn          Reliable Syslog Service
  tacacs               Login Host Protocol (TACACS)
  tacacs-ds            TACACS-Database Service
  tarantella           Tarantella
  tcp                  TCP
  telnet               Telnet
  telnets              Telnet over TLS/SSL
  tftp                 Trivial File Transfer Protocol
  time                 Time
  timed                Time server
  tr-rsrb              cisco RSRB
  ttc                  Oracle TTC/SSL
  udp                  UDP
  uucp                 UUCPD/UUCP-RLOGIN
  vdolive              VDOLive Protocol
  vqp                  VQP
  webster              Network Disctionary
  who                  Who's service
  wins                 Microsoft WINS
  x11                  X Window System
  xdmcp                XDM Control Protocol
  ymsgr                Yahoo! Instant Messenger

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Fri, 02/12/2010 - 16:43

The inspections are not for stats only.

They also overwrite embedded fields in the packets if there are translations so that the fields use the correct ip.

So, I would not say there is an inspection that is merely for stats.

A for the call back question, haven't seen a list of protocols.

Regards,

PK

Actions

This Discussion