×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

TCP Experts - help (tcp source port)

Unanswered Question
Oct 6th, 2003
User Badges:

hello all,


v.quick one.


When a host initiates a TCP connection, does it always use a source port of GT 1023. Are there applications that could init a connection with a source port below 1023 in the reseved range?


Many thx indeed.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
d-garnett Tue, 10/07/2003 - 14:21
User Badges:

in normal network operation it should


applications that "initiate" a session with a src port below 1023 are typically running a service on a PC or Server that has been hacked and "rooted"


thats why it is always good security practice to block outgoing TCP pkts (with the SYNchronization flag set) with src port below 1023.

TCP pkts with ONLY the combinations of SYN-ACK, ACK, PSH ACK, RST, FIN, and FIN-ACK's, should be ok though to let out under 1023 if you have servers on the inside of your network. These usually denote normal network operation (through traffic).


Don Garnett

Actions

This Discussion