IP and port numbers

Bob Cherry cherry at banjo.com
Fri May 29 12:38:33 EDT 1998


At 07:15 AM 5/29/98 -0700, Chuck Bearden wrote:

>Close.  /etc/services maps a service name to a port number and
>protocol.  It is quite possible to run a service without it being in
>the /etc/services file, and it is quite possible to run a service on a
>given port other than the one actually mapped to that port in 
>/etc/services.

Again, I agree however, one must have inetd or some similar program
running to do this.  Both a client and a server need to be able to
communicate over the network in this manner.  If Inetd, a standalone
daemon or other ??? aren't present, the host system won't respond.

>Not exactly.  Router access lists can block traffic to and from hosts
>based on IP address, transport layer protocol, port number, and other
>criteria, but they have no effect on whether the host in question 
>supports a given service on a given port.  The only way to prevent a 
>computer from running a service on a certain port is to configure the 
>computer itself not to.  AFAIK, router access lists don't operate on 
>ethernet addresses, but am ready to stand corrected on that point.

Well, Cisco router lists can limit which hosts can access the network
over specified sockets.  Thus, I can say the web server hosts can only
receive TCP on ports 80, 8080, etc. yet can send out using any port.
The FTP server gets 20 and 21; SMTP/POP3 servers get 25, 110, etc.
Since the traffic is blocked at the router, the host will never see it.
If your users on a host are trusted, you may also permit 'established'
ports in.  Thus, if I originate an IRC connection, inbound traffic will
be allowed in to me but once I quit the session, it will then be blocked.

The first policy I enter is to deny everything and then I enter the
explicit permit policies and rules.

>The Win95 Policy Editor doesn't give you that kind of control,
>unfortunately.  It will let you make Network Neighborhood disappear,
>however.

Bummer!

Bob


More information about the Web4lib mailing list