[ previous ] [ next ] [ threads ]
 From:  Falcor <falcor at netassassin dot com>
 To:  Brandon Holland <brandon at cookssaw dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Blocked Port Detection?
 Date:  Thu, 08 Jan 2004 21:16:44 -0600
Brandon Holland wrote:

>Our ISP blocks certain ports highly used by trojans (we can ask them to
>remove a certain rule on an individual basis) but my question is, from
>what "PORT pool" does m0n0 get the "available" ports for use?
>Because, I guess if m0n0 tries a port that has been blocked, the
>connection just dies, and it becomes a lost packet.
>I'd like to be able to manually set the list of ports it can use if the
>"default" list is unacceptable.  Is that configurable?
>I wouldn't think that the firewall would think "well, this port NEVER
>responds, it needs to be marked as unusable" and even if it did, a
>reboot would "fix" that, huh?
>An interesting thought,
>Brandon Holland    ( <mailto:brandon at cookssaw dot com> Brandon at Cookssaw dot com)
>Network Administrator
>Cooks Saw MFG, LLC ( <http://www.cookssaw.com> www.CooksSaw.com)
>    "Leading the bandsaw Industry
>         by providing tomorrow's innovation today"
>160 Ken Lane
>Newton, AL 36352  (Click for map)
>   Ph: 1-800-473-4804    [ (334) 692-5074 ]
>   Fax: (334) 692-3704
Does your ISP block outbound ports?   I have heard of many that block 
inbound ports.  E.g. they won't let you run a HTTP, SMTP, or other 
standard servers with your "residential" account.  

If they are blocking outbound ports you really have some issues with 
them... or at least should.  That just isn't cool of them, no matter the 
reason.  Chances are more and more trojans will be using standard ports. 
 E.g. of some that have are like bugbear, SQL Slammer, CodeRed, etc. 
 They all used the standard ports for the applications they targeted.  :(