Re: Port 65535
On Wed, 31 Jan 2001, Michael Meskes wrote:
> I just got a lot of log entries on my firewall telling me about rejected
> packages on port 65535. The protocol is 50 (aka esp). Does anyone know what
> this is? The machine in question is a potato box. There is no VPN installed.
> Neither is IPV6 btw.
That's the protocol used by IPSec to encapsulate its encrypted traffic. It
seems that somebody is trying to "speak" IPSec through your gateway. If
that is the case, you should also see UDP traffic from/to port 500, which
is commonly used to authenticate/negotiate encrypted tunnels.
I do use IPSec (freeswan just recently became available as a package for
Debian unstable, by the way) to securely connect from home to my office
network, and it works very well. You should try to understand whether
somebody on your network is trying to establish encrypted connections to
the outside, and if that is the case, decide what to do with it. Either
you decide that your policy allows it through your gateway, or that it
doesn't, or (best solution IMHO) you implement it right on the
gateway/firewall, so that you can control it. I highly recommend freeswan,
it's a great piece of open source software and I have been using for a
couple of years now. A bit tricky to set up the first time, but very
reliable and secure afterwards. But then, I am also a long time, satisfied
user of the debian package spf on my firewall... :)
Bye
Giacomo
_________________________________________________________________
Giacomo Mulas <gmulas@ca.astro.it, gmulas@tiscalinet.it>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel.: +39 070 71180 216 Fax : +39 070 71180 222
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
Reply to: