Home > Others

Deep Firewall logging

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

This article will explain to you what you see in the Firewall log (log). Especially those ports, what do you mean? You will be able to use this information to make a judgment: Have I been attacked by hacker? What does he/she want to do? This article applies both to security experts who maintain an enterprise-class firewall and to home users who use personal firewalls.

First, target port zzzz What does that mean?

All traffic through the firewall is a part of the connection. A connection contains a pair of "talking" IP addresses and a pair of ports corresponding to the IP address. The destination port usually means a service that is being connected. When a firewall blocks (block) A connection, it "registers" the target port (logfile). This section describes the meaning of these ports.

The port can be divided into 3 main categories:

1) Accepted ports (well known Ports): from 0 to 1023, they are tightly bound to some services. Usually the communication of these ports clearly indicates the protocol of some kind of service. For example: Port 80 is actually always HTTP traffic.

2 registration port (registered Ports): from 1024 to 49151. They are loosely bound to some services. This means that there are many services that are bound to these ports and are used for many other purposes. For example, many systems handle dynamic ports starting at around 1024.

3 dynamic and/or private ports (dynamically and/or private Ports): from 49152 to 65535. In theory, these ports should not be assigned to services. In fact, machines typically allocate dynamic ports from 1024. But there are exceptions: Sun's RPC port starts at 32768.

Where to get more comprehensive port information:

1. Ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers

"Assigned Numbers" RFC, the official source of port assignment.

2. http://advice.networkice.com/advice/Exploits/Ports/

Port database, which contains many ports for system vulnerabilities.

3. /etc/services

File/etc/services in Unix systems contains a list of commonly used UNIX port assignments. This file is located in%systemroot%/system32/drivers/etc/services in Windows NT.



This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More