[Dshield] Configuring iptables; need favorite port lists
jam at zoidtechnologies.com
Tue Jun 17 19:24:17 GMT 2003
On Tue, Jun 17, 2003 at 11:50:30AM -0700, John Sage wrote:
> Getting around to configuring iptables (better late...) and I'm
> wanting anyone's opinions as to "most popular" TCP source ports to
> monitor via a "-m multiport --sport " list.
> I've got port 0, but what others do people find interesting?
I don't know how useful it will be, but log anything originating below 1024.
anything above 1024 is used for 'client' connections, and there would be way
too much traffic in your logs, and it would be hard to seperate the noise.
just my two cents.
|| Jeff - http://zoidtechnologies.com/
More information about the list