[Dshield] Configuring iptables; need favorite port lists

John Sage jsage at finchhaven.com
Tue Jun 17 20:00:36 GMT 2003


Jeff:

On Tue, Jun 17, 2003 at 03:24:17PM -0400, Jeff wrote:
> On Tue, Jun 17, 2003 at 11:50:30AM -0700, John Sage wrote:
> > Getting around to configuring iptables (better late...) and I'm
> > wanting anyone's opinions as to "most popular" TCP source ports to
> > monitor via a "-m multiport --sport " list.
> > 
> > I've got port 0, but what others do people find interesting? 
> > 
> 
> greetings,
> 
> I don't know how useful it will be, but log anything originating below 1024.
> anything above 1024 is used for 'client' connections, and there would be way
> too much traffic in your logs, and it would be hard to seperate the noise.

Not a bad idea..

Unfortunately, iptables seems to be limited to lists of <=15 ports in
a statement, so I need a brief list of "most interesting".

(Haven't gotten around to trying multiple statements, yet...)


- John
-- 
"Obviously, we do not want to leave zombies around."




More information about the list mailing list