Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
0
Helpful
2
Replies

TCP Experts - help (tcp source port)

kfarrington
Level 3
Level 3

‎10-06-2003 02:14 AM - edited ‎03-09-2019 05:02 AM

hello all,

v.quick one.

When a host initiates a TCP connection, does it always use a source port of GT 1023. Are there applications that could init a connection with a source port below 1023 in the reseved range?

Many thx indeed.

Labels:
0 Helpful
2 Replies 2

mostiguy
Level 6
Level 6

‎10-06-2003 03:10 AM

generally that should be the case. I cannot think of a normal application that uses a source port below 1023 - most port scanning security utilities should have the functionality to specific any source port number that you want

0 Helpful

d-garnett
Level 3
Level 3

‎10-07-2003 02:21 PM

in normal network operation it should

applications that "initiate" a session with a src port below 1023 are typically running a service on a PC or Server that has been hacked and "rooted"

thats why it is always good security practice to block outgoing TCP pkts (with the SYNchronization flag set) with src port below 1023.

TCP pkts with ONLY the combinations of SYN-ACK, ACK, PSH ACK, RST, FIN, and FIN-ACK's, should be ok though to let out under 1023 if you have servers on the inside of your network. These usually denote normal network operation (through traffic).

Don Garnett

0 Helpful
Customers Also Viewed These Support Documents