I guess I didn't state my question well..... Why would a web server
that I was connected to try to gain access to those ports?
If I am surfing Slashdot all of my interactions with that web server
should be between port 80 on slashdot's server and the port the on my
box that initiated the connection. There should be no traffic from
their server to these ports.
Why would slashdot want to get a connection to my SQL server (I don't
have one.. ) or to NFS ? And yes, I have seen this traffic come from
slashdot as well as other popular websites. And it is always to ports
2049 and 1433 not any others.
Jay...
> Well, let's see...
>
> wharfrat# grep 2049 /etc/services
> nfsd 2049/udp nfs # NFS server
> nfsd 2049/tcp nfs # NFS server
> wharfrat#
>
> wharfrat# grep 1433 /etc/services
> wharfrat#
>
> No hit on 1433. Let's try technotronic.
> http://www.technotronic.com/tcpudp.html says...
>
> "ms-sql-s 1433/tcp Microsoft-SQL-Server
> ms-sql-s 1433/udp Microsoft-SQL-Server"
>
> ...Kevin
>
>
>
>
>> -----Original Message-----
>> From: plug-discuss-admin@lists.PLUG.phoenix.az.us
>> [mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Jay
>> Kalafus
>> Sent: Monday, December 11, 2000 5:18 PM
>> To: plug-discuss@lists.PLUG.phoenix.az.us
>> Subject: Traffic on blocked ports...
>>
>>
>> Lately my firewall has been blocking a lot of traffic coming from
>> web sites that I have been browsing destined to port 2049. I
>> have also seen the same thing on port 1433.
>>
>> Does anyone out there know what these web servers are attempting
>> to do on these ports?
>>
>> Here is an example from my logs....
>>
>> Dec 7 22:56:59 kalafus kernel: Packet log: input DENY eth1
>> PROTO=6 209.247.133.19:80 xxx.xxx.xxx.xxx:2049 L=40 S=0x00
>> I=33583 F=0x4000 T=51 (#13)
>>
>>
>> Jay....
>>
>>
>> ________________________________________________
>> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail
>> doesn't post to the list quickly and you use Netscape to write mail.
>>
>> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss