Traffic on blocked ports...

Jay Kalafus plug@kalafus.com
Tue, 12 Dec 2000 14:42:48 -0700 

I guess I didn't state my question well.....   Why would a web server 
that I was connected to try to gain access to those ports? 

If I am surfing Slashdot all of my interactions with that web server 
should be between port 80 on slashdot's server and the port the on my 
box that initiated the connection.  There should be no traffic from 
their server to these ports.

Why would slashdot want to get a connection to my SQL server (I don't 
have one.. ) or to NFS ?   And yes, I have seen this traffic come from 
slashdot as well as other popular websites.  And it is always to ports 
2049 and 1433 not any others.

Jay...

> Well, let's see...
> 
> wharfrat# grep 2049 /etc/services
> nfsd            2049/udp        nfs     # NFS server
> nfsd            2049/tcp        nfs     # NFS server
> wharfrat#
> 
> wharfrat# grep 1433 /etc/services
> wharfrat#
> 
> No hit on 1433.  Let's try technotronic.
> http://www.technotronic.com/tcpudp.html says...
> 
> "ms-sql-s        1433/tcp   Microsoft-SQL-Server
> ms-sql-s        1433/udp   Microsoft-SQL-Server"
> 
> ...Kevin
> 
> 
> 
> 
>> -----Original Message-----
>> From: plug-discuss-admin@lists.PLUG.phoenix.az.us
>> [mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Jay
>> Kalafus
>> Sent: Monday, December 11, 2000 5:18 PM
>> To: plug-discuss@lists.PLUG.phoenix.az.us
>> Subject: Traffic on blocked ports...
>> 
>> 
>> Lately my firewall has been blocking a lot of traffic coming from 
>> web sites that I have been browsing destined to port 2049.  I 
>> have also seen the same thing on port 1433.
>> 
>> Does anyone out there know what these web servers are attempting 
>> to do on these ports?
>> 
>> Here is an example from my logs....
>> 
>> Dec  7 22:56:59 kalafus kernel: Packet log: input DENY eth1 
>> PROTO=6 209.247.133.19:80 xxx.xxx.xxx.xxx:2049 L=40 S=0x00 
>> I=33583 F=0x4000 T=51 (#13) 
>> 
>> 
>> Jay....
>> 
>> 
>> ________________________________________________
>> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail 
>> doesn't post to the list quickly and you use Netscape to write mail.
>> 
>> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>> 
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss