what should I use for "unassigned" ports?

what should I use for "unassigned" ports?

[Anthony Ewell]

Hi All,

A long time ago, I used

      unassgn=1024:65535

for my unassigned ports.  As in

      --sport $unassgn

Having taken a more recent look at "/etc/services", I
am finding zillions of service ports above 1024.

With that in mind, is there a better starting port
for my "unassigned" ports?

Many thanks,
-T


-- 
-------------------------
I Fish.  Therefore, I am.
-------------------------

Re: what should I use for "unassigned" ports?

[Richard Horton]

2010/1/6 Anthony Ewell <amewell@verizon.net>:

> Having taken a more recent look at "/etc/services", I
> am finding zillions of service ports above 1024.
>
> With that in mind, is there a better starting port
> for my "unassigned" ports?
>

Sadly these days nope - the assigned port numbers are now all over the place.

However, alot of them are not likely to be in use on your system so
you ought to define your unassigned port range by what you are
actually running not by the contents of /etc/services (same goes for
protocols).
-- 
Richard Horton
Users are like a virus: Each causing a thousand tiny crises until the
host finally dies.
http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
http://www.pbase.com/arimus - My online photogallery

Re: what should I use for "unassigned" ports?

[Pascal Hambourg]

Hello,

Anthony Ewell a écrit :
> 
> A long time ago, I used
> 
>       unassgn=1024:65535
> 
> for my unassigned ports.  As in
> 
>       --sport $unassgn

What do you need this for ?

Re: what should I use for "unassigned" ports?

[Richard Horton]

2010/1/6 Anthony Ewell <amewell@verizon.net>:
> Hi All,
>
>
> Having taken a more recent look at "/etc/services", I
> am finding zillions of service ports above 1024.
>
> With that in mind, is there a better starting port
> for my "unassigned" ports?

If you are purely trying to block traffic which is to services not
running then you could just change the default policies to drop and
then only explicitly allow what you want which is alot safer.

If you need this for logging then place a log rule as the last rule in
the table.


-- 
Richard Horton
Users are like a virus: Each causing a thousand tiny crises until the
host finally dies.
http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
http://www.pbase.com/arimus - My online photogallery

Re: what should I use for "unassigned" ports?

[MargoAndTodd]

On 01/06/2010 12:33 PM, Richard Horton wrote:
> 2010/1/6 Anthony Ewell<amewell@verizon.net>:
>
>> Having taken a more recent look at "/etc/services", I
>> am finding zillions of service ports above 1024.
>>
>> With that in mind, is there a better starting port
>> for my "unassigned" ports?
>>
>
> Sadly these days nope - the assigned port numbers are now all over the place.
>
> However, alot of them are not likely to be in use on your system so
> you ought to define your unassigned port range by what you are
> actually running not by the contents of /etc/services (same goes for
> protocols).

So, pick the highest port I use and go somewhat above that.
That will work.  Thank you!

-T