[Dshield] Configuring iptables; need favorite port lists
jsage at finchhaven.com
Tue Jun 17 20:00:36 GMT 2003
On Tue, Jun 17, 2003 at 03:24:17PM -0400, Jeff wrote:
> On Tue, Jun 17, 2003 at 11:50:30AM -0700, John Sage wrote:
> > Getting around to configuring iptables (better late...) and I'm
> > wanting anyone's opinions as to "most popular" TCP source ports to
> > monitor via a "-m multiport --sport " list.
> > I've got port 0, but what others do people find interesting?
> I don't know how useful it will be, but log anything originating below 1024.
> anything above 1024 is used for 'client' connections, and there would be way
> too much traffic in your logs, and it would be hard to seperate the noise.
Not a bad idea..
Unfortunately, iptables seems to be limited to lists of <=15 ports in
a statement, so I need a brief list of "most interesting".
(Haven't gotten around to trying multiple statements, yet...)
"Obviously, we do not want to leave zombies around."
More information about the list