* Port 1900
@ 2004-10-25 12:36 Peter Marshall
2004-10-25 13:01 ` Cedric Blancher
2004-10-25 13:52 ` Aleksandar Milivojevic
0 siblings, 2 replies; 4+ messages in thread
From: Peter Marshall @ 2004-10-25 12:36 UTC (permalink / raw)
To: netfilter
Oct 25 08:58:43 radium kernel: REJECT: frbk-rad IN=eth2 OUT=
MAC=00:01:02:2f:78:4d:00:01:02:46:85:d6:08:00 SRC=192.168.100.101
DST=192.168.100.1 LEN=160 TOS=0x00 PREC=0x00 TTL=1 ID=1464 PROTO=UDP
SPT=29860 DPT=1900 LEN=140
I looked on the gys macine for a LONG time .. I can't see why this is
happening. I know 1900 is the msn port ..... Any ideas ?
192.168.100.1 is the IP of the internal card on the internal firewall. The
other IP (100.101) is an employee's computer. Everything that came from
192.168.100.0/24 destined to the firewall goes to the frbk-rad chain. I am
not sure why it is hitting this chain. I have a proxy server in my dmz. I
checked his messenger client and it is configured to use the proxy server.
It should therefore be hitting the forwared chain rules .. not the Input
chain ones.
Thanks
Peter Marshall
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Port 1900
2004-10-25 12:36 Port 1900 Peter Marshall
@ 2004-10-25 13:01 ` Cedric Blancher
2004-10-25 13:52 ` Aleksandar Milivojevic
1 sibling, 0 replies; 4+ messages in thread
From: Cedric Blancher @ 2004-10-25 13:01 UTC (permalink / raw)
To: Peter Marshall; +Cc: netfilter
Le lundi 25 octobre 2004 à 09:36 -0300, Peter Marshall a écrit :
> I looked on the gys macine for a LONG time .. I can't see why this is
> happening. I know 1900 is the msn port ..... Any ideas ?
UDP/1900 is UPnP.
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Port 1900
2004-10-25 12:36 Port 1900 Peter Marshall
2004-10-25 13:01 ` Cedric Blancher
@ 2004-10-25 13:52 ` Aleksandar Milivojevic
2004-10-25 20:07 ` SBlaze
1 sibling, 1 reply; 4+ messages in thread
From: Aleksandar Milivojevic @ 2004-10-25 13:52 UTC (permalink / raw)
To: netfilter
Peter Marshall wrote:
> Oct 25 08:58:43 radium kernel: REJECT: frbk-rad IN=eth2 OUT=
> MAC=00:01:02:2f:78:4d:00:01:02:46:85:d6:08:00 SRC=192.168.100.101
> DST=192.168.100.1 LEN=160 TOS=0x00 PREC=0x00 TTL=1 ID=1464 PROTO=UDP
> SPT=29860 DPT=1900 LEN=140
>
> I looked on the gys macine for a LONG time .. I can't see why this is
> happening. I know 1900 is the msn port ..... Any ideas ?
1900 is Universal Plug-and-Play. It's used by messanger, however
messanger works just fine without it. There's registry entry to disable it:
Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\DirectPlayNATHelp\DPNHUPnP
Name: UPnPMode
Type: REG_DWORD
Value: 2 disabled
With UPnPMode=2, Universal Plug and Play Network Address Translation
(NAT) traversal discovery does not occur.
Apperently this is good idea to do. It seems there's more holes in UPnP
than in Swiss cheese.
--
Aleksandar Milivojevic <amilivojevic@pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Port 1900
2004-10-25 13:52 ` Aleksandar Milivojevic
@ 2004-10-25 20:07 ` SBlaze
0 siblings, 0 replies; 4+ messages in thread
From: SBlaze @ 2004-10-25 20:07 UTC (permalink / raw)
To: Aleksandar Milivojevic, netfilter
--- Aleksandar Milivojevic <amilivojevic@pbl.ca> wrote:
> Peter Marshall wrote:
> > Oct 25 08:58:43 radium kernel: REJECT: frbk-rad IN=eth2 OUT=
> > MAC=00:01:02:2f:78:4d:00:01:02:46:85:d6:08:00 SRC=192.168.100.101
> > DST=192.168.100.1 LEN=160 TOS=0x00 PREC=0x00 TTL=1 ID=1464 PROTO=UDP
> > SPT=29860 DPT=1900 LEN=140
> >
> > I looked on the gys macine for a LONG time .. I can't see why this is
> > happening. I know 1900 is the msn port ..... Any ideas ?
>
> 1900 is Universal Plug-and-Play. It's used by messanger, however
> messanger works just fine without it. There's registry entry to disable it:
>
> Hive: HKEY_LOCAL_MACHINE
> Key: Software\Microsoft\DirectPlayNATHelp\DPNHUPnP
> Name: UPnPMode
> Type: REG_DWORD
> Value: 2 disabled
> With UPnPMode=2, Universal Plug and Play Network Address Translation
> (NAT) traversal discovery does not occur.
>
> Apperently this is good idea to do. It seems there's more holes in UPnP
> than in Swiss cheese.
>
> --
> Aleksandar Milivojevic <amilivojevic@pbl.ca> Pollard Banknote Limited
> Systems Administrator 1499 Buffalo Place
> Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
>
>
Agreed... If you are in charge of medium to large network and not all of your
users are not as Windows savy to go attempting to insert/remove reg keys. You
might send out a memo directing users here
http://www.grc.com/default.htm
with a note to download and use the "Three Muskateers." These are excelent
freeware apps to close off some obvious holes in Windows. They include UPnP,
DCOMbobulator, and Shoot the Messenger. Hope this is of use to someone.
John
=====
In the absence of order there will be chaos.
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-10-25 20:07 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-10-25 12:36 Port 1900 Peter Marshall
2004-10-25 13:01 ` Cedric Blancher
2004-10-25 13:52 ` Aleksandar Milivojevic
2004-10-25 20:07 ` SBlaze
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.