mason-1.0.0.orig/0040755000765700007640000000000007476106222012450 5ustar martinedvmason-1.0.0.orig/all-ip-numbers.txt0100644000765700007640000113312507357122735016050 0ustar martinedvThis file contains port lists from various RFCs, IANA documents, and Intrusion Detection manuals. It attempts to detail all widely used IP ports and protocols. LAST EDITTED: 4/16/2001 by jason@wittys.com PORT NUMBERS The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports. The Well Known Ports are those from 0 through 1023. The Registered Ports are those from 1024 through 49151 The Dynamic and/or Private Ports are those from 49152 through 65535 PORTS USED BY COMMON TROJAN PROGRAMS Trojan Name Decimal Port # ----------- -------------- Blade Runner 21/tcp Doly Trojan 21/tcp Fore 21/tcp Invisible FTP 21/tcp WebEx 21/tcp WinCrash 21/tcp Tiny Telnet Server 23/tcp Antigen 25/tcp Email Password Sender 25/tcp Haebu Coceda 25/tcp Shtrilitz Stealth 25/tcp Terminator 25/tcp WinPC 25/tcp WinSpy 25/tcp Kuang2 0.17A-0.30 25/tcp Master Paradise - Agent 31 31/tcp Deep Throat 41/tcp DMSetup 58/tcp Executor 80/tcp BO jammerkillahV 121/tcp TCP Wrappers Telnet Trojan 421/tcp Hackers Paradise 456/tcp Ripper 520/udp Rasmin 531/tcp Phase0 - Stealth Spy 555/tcp Attack FTP - Satanz Backdoor 666/tcp Dark Shadow 911/tcp Silencer - WebEx 1001/tcp Doly trojan v1.35 1010/tcp Doly Trojan 1011/tcp Doly Trojan 1012/tcp Doly trojan v1.5 1015/tcp NetSpy 1024/tcp Netspy 1033/tcp Bla1.1 1042/tcp Rasmin 1045/tcp Xtreme 1090/tcp Streaming Audio Trojan 1170/tcp Ultors Trojan 1234/tcp SubSeven 1243/tcp Voodoo Doll - Netbus - GabanBus 1245/tcp Bo DLL 1349/udp FTP99CMP 1492/tcp Psyber Streaming Server 1509/tcp trin00 root shell 1524/tcp Shivka-Burka 1600/tcp SpySender 1807/tcp ShockRave 1981/tcp Backdoor 1999/tcp TrojanCow 2001/tcp Ripper 2023/tcp Bugs 2115/tcp Deep Throat - Invader 2140/tcp HVL Rat5 2283/tcp Striker 2565/tcp Wincrash2 2583/tcp Phineas Phucker 2801/tcp WinCrash 3024/tcp Masters Paradise 3129/tcp Deep Throat - The Invasor 3150/tcp Portal of Doom 3700/tcp WinCrash 4092/tcp FileNail 4567/tcp IcqTrojen 4950/tcp Sockets de Troie 5000/tcp Sockets de Troie 1.x 5001/tcp Firehotcker 5321/tcp BackConstruction1.2 - BladeRunner 5400/tcp Blade Runner 1.x 5401/tcp Blade Runner 2.x 5402/tcp Xtcp 5550/tcp Bo Facil 5556/tcp Bo Facil 5557/tcp Robo-Hack 5569/tcp Wincrash 5742/tcp The tHing 6400/tcp Vampire 6669/tcp DeepThroat 6670/tcp Mstream DDoS 6723/tcp DeepThroat 6771/tcp Backdoor-G - SubSeven 6776/tcp DeltaSource 6883/tcp Indoctrination 6939/tcp Gatecrasher - Priority 6969/tcp Remote Grab 7000/tcp NetMonitor 7300/tcp NetMonitor 1.x 7301/tcp NetMonitor 7306/tcp NetMonitor 3.x 7307/tcp NetMonitor 4.x 7308/tcp Glacier Backdoor (Trojan) 7626/tcp Back Door Setup - ICQKiller 7789/tcp Multiple Backdoor Trojans 9088/tcp Multiple Backdoor Trojans 9704/tcp PortalOfDoom 9872/tcp Portal of Doom 1.x 9873/tcp Portal of Doom 2.x 9874/tcp Portal of Doom 3.x 9875/tcp iNi-Killer 9989/tcp Portal of Doom 4.x 10067/tcp Portal of Doom 5.x 10167/tcp Acid Shivers 10520/tcp Coma 10607/tcp Senna Spy Trojans 11000/tcp Progenic trojan 11223/tcp Gjamer 12076/tcp Hack?99 KeyLogger 12223/tcp NetBus 12345/tcp NetBus 1.x (avoiding Netbuster) 12346/tcp Whack-a-mole 12361/tcp Whack-a-mole 1.x 12362/tcp WhackJob 12631/tcp Mstream DDoS 12754/tcp Senna Spy 13000/tcp Mstream DDoS 15104/tcp stacheldraht - Client to handler(s) 16660/tcp Priotrity 16969/tcp Kuang2 theVirus 17300/tcp Shaft (DDoS) Handler to Agent 18753/tcp Millenium 20000/tcp Millennium 20001/tcp NetBus 2 Pro 20034/tcp Bla 20331/tcp Shaft (DDoS) Client to Handler 20432/tcp Shaft (DDoS) Agent to Handler 20433/tcp GirlFriend 21544/tcp GirlFriend 21554/tcp Prosiak 22222/tcp Evil FTP - Ugly FTP - WhackJob 23456/tcp Delta 26274/udp trin00 Master to daemon(s) 27444/udp trin00 Attacker to Master(s) 27665/tcp The Unexplained 29891/udp AOLTrojan1.1 30029/tcp NetSphere 30100/tcp NetSphere 30101/tcp NetSphere 30102/tcp NetSphere 30102/tcp Masters Paradise 30129/tcp Socket23 30303/tcp Kuang 30999/tcp trin00 Daemon to Master(s) 31335/udp BackOriffice 31337/udp NetSpy DK 31338/tcp DeepBO 31338/udp NetSpy DK 31339/tcp BOWhack 31666/tcp Hack'a'tack 31785/tcp Hack'a'tack 31787/tcp Hack'a'tack 31789/tcp Hack'a'tack 31791/tcp Trinity v.3 DDoS 33270/tcp Prosiak 33333/tcp Lion Worm Root Shell 33567/tcp Lion Worm SSH Shell 33568/tcp BigGluck - Tiny Telnet Server 34324/tcp Trinity v.3 DDoS 39168/tcp TheSpy 40412/tcp Agent 40421/Master Paradise 40421/tcp Masters Paradise 1.x 40422/tcp Masters Paradise 2.x 40423/tcp Masters Paradise 3.x 40426/tcp Delta Source 47262/udp Sockets de Troie 50505/tcp Fore, Schwindler 50766/tcp RemoteWindowsShutdown 53001/tcp School Bus 54321/tcp B02k - eurocalculator.exe 55555/tcp myServer DDoS Agent 55850/udp Deep Throat 60000/tcp Lion Worm Root Shell 60008/tcp Telecommando 61466/tcp Devil 1.03 65000/tcp stacheldraht - Handler to/from agent 65000/tcp ShitHeep 69123/tcp WELL KNOWN PORT NUMBERS The Well Known Ports are assigned by the IANA and on most systems can only be used by system (or root) processes or by programs executed by privileged users. Ports are used in the tcp [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact port. The contact port is sometimes called the "well-known port". To the extent possible, these same port assignments are used with the UDP [RFC768]. The assigned ports use a small portion of the possible port numbers. For many years the assigned ports were in the range 0-255. Recently, the range for assigned ports managed by the IANA has been expanded to the range 0-1023. Port Assignments: Keyword Decimal Description References ------- ------- ----------- ---------- 0/tcp Reserved 0/udp Reserved # Jon Postel tcpmux 1/tcp tcp Port Service Multiplexer tcpmux 1/udp tcp Port Service Multiplexer # Mark Lottor compressnet 2/tcp Management Utility compressnet 2/udp Management Utility compressnet 3/tcp Compression Process compressnet 3/udp Compression Process # Bernie Volz # 4/tcp Unassigned # 4/udp Unassigned rje 5/tcp Remote Job Entry rje 5/udp Remote Job Entry # Jon Postel # 6/tcp Unassigned # 6/udp Unassigned echo 7/tcp Echo echo 7/udp Echo # Jon Postel # 8/tcp Unassigned # 8/udp Unassigned discard 9/tcp Discard discard 9/udp Discard # Jon Postel # 10/tcp Unassigned # 10/udp Unassigned systat 11/tcp Active Users systat 11/udp Active Users # Jon Postel # 12/tcp Unassigned # 12/udp Unassigned daytime 13/tcp Daytime (RFC 867) daytime 13/udp Daytime (RFC 867) # Jon Postel # 14/tcp Unassigned # 14/udp Unassigned # 15/tcp Unassigned [was netstat] # 15/udp Unassigned # 16/tcp Unassigned # 16/udp Unassigned qotd 17/tcp Quote of the Day qotd 17/udp Quote of the Day # Jon Postel msp 18/tcp Message Send Protocol msp 18/udp Message Send Protocol # Rina Nethaniel <---none---> chargen 19/tcp Character Generator chargen 19/udp Character Generator ftp-data 20/tcp File Transfer [Default Data] ftp-data 20/udp File Transfer [Default Data] ftp 21/tcp File Transfer [Control] ftp 21/udp File Transfer [Control] # Jon Postel ssh 22/tcp SSH Remote Login Protocol ssh 22/udp SSH Remote Login Protocol # Tatu Ylonen telnet 23/tcp Telnet telnet 23/udp Telnet # Jon Postel 24/tcp any private mail system 24/udp any private mail system # Rick Adams smtp 25/tcp Simple Mail Transfer smtp 25/udp Simple Mail Transfer # Jon Postel # 26/tcp Unassigned # 26/udp Unassigned nsw-fe 27/tcp NSW User System FE nsw-fe 27/udp NSW User System FE # Robert Thomas # 28/tcp Unassigned # 28/udp Unassigned msg-icp 29/tcp MSG ICP msg-icp 29/udp MSG ICP # Robert Thomas # 30/tcp Unassigned # 30/udp Unassigned msg-auth 31/tcp MSG Authentication msg-auth 31/udp MSG Authentication # Robert Thomas # 32/tcp Unassigned # 32/udp Unassigned dsp 33/tcp Display Support Protocol dsp 33/udp Display Support Protocol # Ed Cain # 34/tcp Unassigned # 34/udp Unassigned 35/tcp any private printer server 35/udp any private printer server # Jon Postel # 36/tcp Unassigned # 36/udp Unassigned time 37/tcp Time time 37/udp Time # Jon Postel rap 38/tcp Route Access Protocol rap 38/udp Route Access Protocol # Robert Ullmann rlp 39/tcp Resource Location Protocol rlp 39/udp Resource Location Protocol # Mike Accetta # 40/tcp Unassigned # 40/udp Unassigned graphics 41/tcp Graphics graphics 41/udp Graphics name 42/tcp Host Name Server name 42/udp Host Name Server nameserver 42/tcp Host Name Server nameserver 42/udp Host Name Server nicname 43/tcp Who Is nicname 43/udp Who Is mpm-flags 44/tcp MPM FLAGS Protocol mpm-flags 44/udp MPM FLAGS Protocol mpm 45/tcp Message Processing Module [recv] mpm 45/udp Message Processing Module [recv] mpm-snd 46/tcp MPM [default send] mpm-snd 46/udp MPM [default send] # Jon Postel ni-ftp 47/tcp NI FTP ni-ftp 47/udp NI FTP # Steve Kille auditd 48/tcp Digital Audit Daemon auditd 48/udp Digital Audit Daemon # Larry Scott tacacs 49/tcp Login Host Protocol (TACACS) tacacs 49/udp Login Host Protocol (TACACS) # Pieter Ditmars re-mail-ck 50/tcp Remote Mail Checking Protocol re-mail-ck 50/udp Remote Mail Checking Protocol # Steve Dorner la-maint 51/tcp IMP Logical Address Maintenance la-maint 51/udp IMP Logical Address Maintenance # Andy Malis xns-time 52/tcp XNS Time Protocol xns-time 52/udp XNS Time Protocol # Susie Armstrong domain 53/tcp Domain Name Server domain 53/udp Domain Name Server # Paul Mockapetris xns-ch 54/tcp XNS Clearinghouse xns-ch 54/udp XNS Clearinghouse # Susie Armstrong isi-gl 55/tcp ISI Graphics Language isi-gl 55/udp ISI Graphics Language xns-auth 56/tcp XNS Authentication xns-auth 56/udp XNS Authentication # Susie Armstrong 57/tcp any private terminal access 57/udp any private terminal access # Jon Postel xns-mail 58/tcp XNS Mail xns-mail 58/udp XNS Mail # Susie Armstrong 59/tcp any private file service 59/udp any private file service # Jon Postel 60/tcp Unassigned 60/udp Unassigned ni-mail 61/tcp NI MAIL ni-mail 61/udp NI MAIL # Steve Kille acas 62/tcp ACA Services acas 62/udp ACA Services # E. Wald whois++ 63/tcp whois++ whois++ 63/udp whois++ # Rickard Schoultz covia 64/tcp Communications Integrator (CI) covia 64/udp Communications Integrator (CI) # "Tundra" Tim Daneliuk # tacacs-ds 65/tcp TACACS-Database Service tacacs-ds 65/udp TACACS-Database Service # Kathy Huber sql*net 66/tcp Oracle SQL*NET sql*net 66/udp Oracle SQL*NET # Jack Haverty bootps 67/tcp Bootstrap Protocol Server bootps 67/udp Bootstrap Protocol Server bootpc 68/tcp Bootstrap Protocol Client bootpc 68/udp Bootstrap Protocol Client # Bill Croft tftp 69/tcp Trivial File Transfer tftp 69/udp Trivial File Transfer # David Clark gopher 70/tcp Gopher gopher 70/udp Gopher # Mark McCahill netrjs-1 71/tcp Remote Job Service netrjs-1 71/udp Remote Job Service netrjs-2 72/tcp Remote Job Service netrjs-2 72/udp Remote Job Service netrjs-3 73/tcp Remote Job Service netrjs-3 73/udp Remote Job Service netrjs-4 74/tcp Remote Job Service netrjs-4 74/udp Remote Job Service # Bob Braden 75/tcp any private dial out service 75/udp any private dial out service # Jon Postel deos 76/tcp Distributed External Object Store deos 76/udp Distributed External Object Store # Robert Ullmann 77/tcp any private RJE service 77/udp any private RJE service # Jon Postel vettcp 78/tcp vettcp vettcp 78/udp vettcp # Christopher Leong finger 79/tcp Finger finger 79/udp Finger # David Zimmerman http 80/tcp World Wide Web HTTP http 80/udp World Wide Web HTTP www 80/tcp World Wide Web HTTP www 80/udp World Wide Web HTTP www-http 80/tcp World Wide Web HTTP www-http 80/udp World Wide Web HTTP # Tim Berners-Lee hosts2-ns 81/tcp HOSTS2 Name Server hosts2-ns 81/udp HOSTS2 Name Server # Earl Killian xfer 82/tcp XFER Utility xfer 82/udp XFER Utility # Thomas M. Smith mit-ml-dev 83/tcp MIT ML Device mit-ml-dev 83/udp MIT ML Device # David Reed <--none---> ctf 84/tcp Common Trace Facility ctf 84/udp Common Trace Facility # Hugh Thomas mit-ml-dev 85/tcp MIT ML Device mit-ml-dev 85/udp MIT ML Device # David Reed <--none---> mfcobol 86/tcp Micro Focus Cobol mfcobol 86/udp Micro Focus Cobol # Simon Edwards <--none---> 87/tcp any private terminal link 87/udp any private terminal link # Jon Postel kerberos 88/tcp Kerberos kerberos 88/udp Kerberos # B. Clifford Neuman su-mit-tg 89/tcp SU/MIT Telnet Gateway su-mit-tg 89/udp SU/MIT Telnet Gateway # Mark Crispin ########### PORT 90 also being used unofficially by Pointcast ######### dnsix 90/tcp DNSIX Securit Attribute Token Map dnsix 90/udp DNSIX Securit Attribute Token Map # Charles Watt mit-dov 91/tcp MIT Dover Spooler mit-dov 91/udp MIT Dover Spooler # Eliot Moss npp 92/tcp Network Printing Protocol npp 92/udp Network Printing Protocol # Louis Mamakos dcp 93/tcp Device Control Protocol dcp 93/udp Device Control Protocol # Daniel Tappan objcall 94/tcp Tivoli Object Dispatcher objcall 94/udp Tivoli Object Dispatcher # Tom Bereiter <--none---> supdup 95/tcp SUPDUP supdup 95/udp SUPDUP # Mark Crispin dixie 96/tcp DIXIE Protocol Specification dixie 96/udp DIXIE Protocol Specification # Tim Howes swift-rvf 97/tcp Swift Remote Virtural File Protocol swift-rvf 97/udp Swift Remote Virtural File Protocol # Maurice R. Turcotte # linuxconf 98/tcp Linux Remote Configuration Manager tacnews 98/tcp TAC News tacnews 98/udp TAC News # Jon Postel metagram 99/tcp Metagram Relay metagram 99/udp Metagram Relay # Geoff Goodfellow newacct 100/tcp [unauthorized use] hostname 101/tcp NIC Host Name Server hostname 101/udp NIC Host Name Server # Jon Postel iso-tsap 102/tcp ISO-TSAP Class 0 iso-tsap 102/udp ISO-TSAP Class 0 # Marshall Rose gppitnp 103/tcp Genesis Point-to-Point Trans Net gppitnp 103/udp Genesis Point-to-Point Trans Net acr-nema 104/tcp ACR-NEMA Digital Imag. & Comm. 300 acr-nema 104/udp ACR-NEMA Digital Imag. & Comm. 300 # Patrick McNamee <--none---> cso 105/tcp CCSO name server protocol cso 105/udp CCSO name server protocol # Martin Hamilton csnet-ns 105/tcp Mailbox Name Nameserver csnet-ns 105/udp Mailbox Name Nameserver # Marvin Solomon 3com-tsmux 106/tcp 3COM-TSMUX 3com-tsmux 106/udp 3COM-TSMUX # Jeremy Siegel rtelnet 107/tcp Remote Telnet Service rtelnet 107/udp Remote Telnet Service # Jon Postel snagas 108/tcp SNA Gateway Access Server snagas 108/udp SNA Gateway Access Server # Kevin Murphy pop2 109/tcp Post Office Protocol - Version 2 pop2 109/udp Post Office Protocol - Version 2 # Joyce K. Reynolds pop3 110/tcp Post Office Protocol - Version 3 pop3 110/udp Post Office Protocol - Version 3 # Marshall Rose sunrpc 111/tcp SUN Remote Procedure Call sunrpc 111/udp SUN Remote Procedure Call # Chuck McManis mcidas 112/tcp McIDAS Data Transmission Protocol mcidas 112/udp McIDAS Data Transmission Protocol # Glenn Davis ident 113/tcp auth 113/tcp Authentication Service auth 113/udp Authentication Service # Mike St. Johns audionews 114/tcp Audio News Multicast audionews 114/udp Audio News Multicast # Martin Forssen sftp 115/tcp Simple File Transfer Protocol sftp 115/udp Simple File Transfer Protocol # Mark Lottor ansanotify 116/tcp ANSA REX Notify ansanotify 116/udp ANSA REX Notify # Nicola J. Howarth uucp-path 117/tcp UUCP Path Service uucp-path 117/udp UUCP Path Service sqlserv 118/tcp SQL Services sqlserv 118/udp SQL Services # Larry Barnes nntp 119/tcp Network News Transfer Protocol nntp 119/udp Network News Transfer Protocol # Phil Lapsley cfdptkt 120/tcp CFDPTKT cfdptkt 120/udp CFDPTKT # John Ioannidis erpc 121/tcp Encore Expedited Remote Pro.Call erpc 121/udp Encore Expedited Remote Pro.Call # Jack O'Neil <---none---> smakynet 122/tcp SMAKYNET smakynet 122/udp SMAKYNET # Mike O'Dowd ntp 123/tcp Network Time Protocol ntp 123/udp Network Time Protocol # Dave Mills ansatrader 124/tcp ANSA REX Trader ansatrader 124/udp ANSA REX Trader # Nicola J. Howarth locus-map 125/tcp Locus PC-Interface Net Map Ser locus-map 125/udp Locus PC-Interface Net Map Ser # Eric Peterson nxedit 126/tcp NXEdit nxedit 126/udp NXEdit # Don Payette ###########Port 126 Previously assigned to application below####### #unitary 126/tcp Unisys Unitary Login #unitary 126/udp Unisys Unitary Login # ###########Port 126 Previously assigned to application above####### locus-con 127/tcp Locus PC-Interface Conn Server locus-con 127/udp Locus PC-Interface Conn Server # Eric Peterson gss-xlicen 128/tcp GSS X License Verification gss-xlicen 128/udp GSS X License Verification # John Light pwdgen 129/tcp Password Generator Protocol pwdgen 129/udp Password Generator Protocol # Frank J. Wacho cisco-fna 130/tcp cisco FNATIVE cisco-fna 130/udp cisco FNATIVE cisco-tna 131/tcp cisco TNATIVE cisco-tna 131/udp cisco TNATIVE cisco-sys 132/tcp cisco SYSMAINT cisco-sys 132/udp cisco SYSMAINT statsrv 133/tcp Statistics Service statsrv 133/udp Statistics Service # Dave Mills ingres-net 134/tcp INGRES-NET Service ingres-net 134/udp INGRES-NET Service # Mike Berrow <---none---> epmap 135/tcp DCE endpoint resolution epmap 135/udp DCE endpoint resolution # Joe Pato profile 136/tcp PROFILE Naming System profile 136/udp PROFILE Naming System # Larry Peterson netbios-ns 137/tcp NETBIOS Name Service netbios-ns 137/udp NETBIOS Name Service netbios-dgm 138/tcp NETBIOS Datagram Service netbios-dgm 138/udp NETBIOS Datagram Service netbios-ssn 139/tcp NETBIOS Session Service netbios-ssn 139/udp NETBIOS Session Service # Jon Postel emfis-data 140/tcp EMFIS Data Service emfis-data 140/udp EMFIS Data Service emfis-cntl 141/tcp EMFIS Control Service emfis-cntl 141/udp EMFIS Control Service # Gerd Beling bl-idm 142/tcp Britton-Lee IDM bl-idm 142/udp Britton-Lee IDM # Susie Snitzer <---none---> imap 143/tcp Internet Message Access Protocol imap 143/udp Internet Message Access Protocol # Mark Crispin uma 144/tcp Universal Management Architecture uma 144/udp Universal Management Architecture # Jay Whitney uaac 145/tcp UAAC Protocol uaac 145/udp UAAC Protocol # David A. Gomberg iso-tp0 146/tcp ISO-IP0 iso-tp0 146/udp ISO-IP0 iso-ip 147/tcp ISO-IP iso-ip 147/udp ISO-IP # Marshall Rose jargon 148/tcp Jargon jargon 148/udp Jargon # Bill Weinman aed-512 149/tcp AED 512 Emulation Service aed-512 149/udp AED 512 Emulation Service # Albert G. Broscius sql-net 150/tcp SQL-NET sql-net 150/udp SQL-NET # Martin Picard <<---none---> hems 151/tcp HEMS hems 151/udp HEMS bftp 152/tcp Background File Transfer Program bftp 152/udp Background File Transfer Program # Annette DeSchon sgmp 153/tcp SGMP sgmp 153/udp SGMP # Marty Schoffstahl netsc-prod 154/tcp NETSC netsc-prod 154/udp NETSC netsc-dev 155/tcp NETSC netsc-dev 155/udp NETSC # Sergio Heker sqlsrv 156/tcp SQL Service sqlsrv 156/udp SQL Service # Craig Rogers knet-cmp 157/tcp KNET/VM Command/Message Protocol knet-cmp 157/udp KNET/VM Command/Message Protocol # Gary S. Malkin pcmail-srv 158/tcp PCMail Server pcmail-srv 158/udp PCMail Server # Mark L. Lambert nss-routing 159/tcp NSS-Routing nss-routing 159/udp NSS-Routing # Yakov Rekhter sgmp-traps 160/tcp SGMP-TRAPS sgmp-traps 160/udp SGMP-TRAPS # Marty Schoffstahl snmp 161/tcp SNMP snmp 161/udp SNMP snmptrap 162/tcp SNMPTRAP snmptrap 162/udp SNMPTRAP # Marshall Rose cmip-man 163/tcp CMIP/tcp Manager cmip-man 163/udp CMIP/tcp Manager cmip-agent 164/tcp CMIP/tcp Agent smip-agent 164/udp CMIP/tcp Agent # Amatzia Ben-Artzi <---none---> xns-courier 165/tcp Xerox xns-courier 165/udp Xerox # Susie Armstrong s-net 166/tcp Sirius Systems s-net 166/udp Sirius Systems # Brian Lloyd namp 167/tcp NAMP namp 167/udp NAMP # Marty Schoffstahl rsvd 168/tcp RSVD rsvd 168/udp RSVD # Neil Todd send 169/tcp SEND send 169/udp SEND # William D. Wisner print-srv 170/tcp Network PostScript print-srv 170/udp Network PostScript # Brian Reid multiplex 171/tcp Network Innovations Multiplex multiplex 171/udp Network Innovations Multiplex cl/1 172/tcp Network Innovations CL/1 cl/1 172/udp Network Innovations CL/1 # Kevin DeVault <<---none---> xyplex-mux 173/tcp Xyplex xyplex-mux 173/udp Xyplex # Bob Stewart mailq 174/tcp MAILQ mailq 174/udp MAILQ # Rayan Zachariassen vmnet 175/tcp VMNET vmnet 175/udp VMNET # Christopher Tengi genrad-mux 176/tcp GENRAD-MUX genrad-mux 176/udp GENRAD-MUX # Ron Thornton xdmcp 177/tcp X Display Manager Control Protocol xdmcp 177/udp X Display Manager Control Protocol # Robert W. Scheifler nextstep 178/tcp NextStep Window Server nextstep 178/udp NextStep Window Server # Leo Hourvitz bgp 179/tcp Border Gateway Protocol bgp 179/udp Border Gateway Protocol # Kirk Lougheed ris 180/tcp Intergraph ris 180/udp Intergraph # Dave Buehmann unify 181/tcp Unify unify 181/udp Unify # Vinod Singh <--none---> audit 182/tcp Unisys Audit SITP audit 182/udp Unisys Audit SITP # Gil Greenbaum ocbinder 183/tcp OCBinder ocbinder 183/udp OCBinder ocserver 184/tcp OCServer ocserver 184/udp OCServer # Jerrilynn Okamura <--none---> remote-kis 185/tcp Remote-KIS remote-kis 185/udp Remote-KIS kis 186/tcp KIS Protocol kis 186/udp KIS Protocol # Ralph Droms aci 187/tcp Application Communication Interface aci 187/udp Application Communication Interface # Rick Carlos mumps 188/tcp Plus Five's MUMPS mumps 188/udp Plus Five's MUMPS # Hokey Stenn qft 189/tcp Queued File Transport qft 189/udp Queued File Transport # Wayne Schroeder gacp 190/tcp Gateway Access Control Protocol gacp 190/udp Gateway Access Control Protocol # C. Philip Wood prospero 191/tcp Prospero Directory Service prospero 191/udp Prospero Directory Service # B. Clifford Neuman osu-nms 192/tcp OSU Network Monitoring System osu-nms 192/udp OSU Network Monitoring System # Doug Karl srmp 193/tcp Spider Remote Monitoring Protocol srmp 193/udp Spider Remote Monitoring Protocol # Ted J. Socolofsky irc 194/tcp Internet Relay Chat Protocol irc 194/udp Internet Relay Chat Protocol # Jarkko Oikarinen dn6-nlm-aud 195/tcp DNSIX Network Level Module Audit dn6-nlm-aud 195/udp DNSIX Network Level Module Audit dn6-smm-red 196/tcp DNSIX Session Mgt Module Audit Redir dn6-smm-red 196/udp DNSIX Session Mgt Module Audit Redir # Lawrence Lebahn dls 197/tcp Directory Location Service dls 197/udp Directory Location Service dls-mon 198/tcp Directory Location Service Monitor dls-mon 198/udp Directory Location Service Monitor # Scott Bellew smux 199/tcp SMUX smux 199/udp SMUX # Marshall Rose src 200/tcp IBM System Resource Controller src 200/udp IBM System Resource Controller # Gerald McBrearty <---none---> at-rtmp 201/tcp AppleTalk Routing Maintenance at-rtmp 201/udp AppleTalk Routing Maintenance at-nbp 202/tcp AppleTalk Name Binding at-nbp 202/udp AppleTalk Name Binding at-3 203/tcp AppleTalk Unused at-3 203/udp AppleTalk Unused at-echo 204/tcp AppleTalk Echo at-echo 204/udp AppleTalk Echo at-5 205/tcp AppleTalk Unused at-5 205/udp AppleTalk Unused at-zis 206/tcp AppleTalk Zone Information at-zis 206/udp AppleTalk Zone Information at-7 207/tcp AppleTalk Unused at-7 207/udp AppleTalk Unused at-8 208/tcp AppleTalk Unused at-8 208/udp AppleTalk Unused # Rob Chandhok qmtp 209/tcp The Quick Mail Transfer Protocol qmtp 209/udp The Quick Mail Transfer Protocol # Dan Bernstein z39.50 210/tcp ANSI Z39.50 z39.50 210/udp ANSI Z39.50 # Mark Needleman # 914c/g 211/tcp Texas Instruments 914C/G Terminal 914c/g 211/udp Texas Instruments 914C/G Terminal # Bill Harrell <---none---> anet 212/tcp ATEXSSTR anet 212/udp ATEXSSTR # Jim Taylor ipx 213/tcp IPX ipx 213/udp IPX # Don Provan vmpwscs 214/tcp VM PWSCS vmpwscs 214/udp VM PWSCS # Dan Shia softpc 215/tcp Insignia Solutions softpc 215/udp Insignia Solutions # Martyn Thomas <---none---> CAIlic 216/tcp Computer Associates Int'l License Server CAIlic 216/udp Computer Associates Int'l License Server # Chuck Spitz dbase 217/tcp dBASE Unix dbase 217/udp dBASE Unix # Don Gibson # mpp 218/tcp Netix Message Posting Protocol mpp 218/udp Netix Message Posting Protocol # Shannon Yeh uarps 219/tcp Unisys ARPs uarps 219/udp Unisys ARPs # Ashok Marwaha <---none---> imap3 220/tcp Interactive Mail Access Protocol v3 imap3 220/udp Interactive Mail Access Protocol v3 # James Rice fln-spx 221/tcp Berkeley rlogind with SPX auth fln-spx 221/udp Berkeley rlogind with SPX auth rsh-spx 222/tcp Berkeley rshd with SPX auth rsh-spx 222/udp Berkeley rshd with SPX auth cdc 223/tcp Certificate Distribution Center cdc 223/udp Certificate Distribution Center # Kannan Alagappan ########### Possible Conflict of Port 222 with "Masqdialer"############## ### Contact for Masqdialer is Charles Wright ### masqdialer 224/tcp masqdialer masqdialer 224/udp masqdialer # Charles Wright # 225-241 Reserved # Jon Postel direct 242/tcp Direct direct 242/udp Direct # Herb Sutter sur-meas 243/tcp Survey Measurement sur-meas 243/udp Survey Measurement # Dave Clark dayna 244/tcp Dayna dayna 244/udp Dayna # Steve Bateman link 245/tcp LINK link 245/udp LINK dsp3270 246/tcp Display Systems Protocol dsp3270 246/udp Display Systems Protocol # Weldon J. Showalter subntbcst_tftp 247/tcp SUBNTBCST_TFTP subntbcst_tftp 247/udp SUBNTBCST_TFTP # John Fake bhfhs 248/tcp bhfhs bhfhs 248/udp bhfhs # John Kelly # 249-255 Reserved # Jon Postel rap 256/tcp RAP (also used by Check Point FW-1) rap 256/udp RAP # J.S. Greenfield set 257/tcp Secure Electronic Transaction (also used by Check Point FW-1) set 257/udp Secure Electronic Transaction # Donald Eastlake yak-chat 258/tcp Yak Winsock Personal Chat (also used by Check Point FW-1) yak-chat 258/udp Yak Winsock Personal Chat # Brian Bandy esro-gen 259/tcp Efficient Short Remote Operations esro-gen 259/udp Efficient Short Remote Operations # Mohsen Banan openport 260/tcp Openport openport 260/udp Openport # John Marland nsiiops 261/tcp IIOP Name Service over TLS/SSL nsiiops 261/udp IIOP Name Service over TLS/SSL # Jeff Stewart arcisdms 262/tcp Arcisdms arcisdms 262/udp Arcisdms # Russell Crook (rmc@sni.ca> hdap 263/tcp HDAP hdap 263/udp HDAP # Troy Gau bgmp 264/tcp BGMP bgmp 264/udp BGMP # Dave Thaler # 265-279 Unassigned http-mgmt 280/tcp http-mgmt http-mgmt 280/udp http-mgmt # Adrian Pell # personal-link 281/tcp Personal Link personal-link 281/udp Personal Link # Dan Cummings cableport-ax 282/tcp Cable Port A/X cableport-ax 282/udp Cable Port A/X # Craig Langfahl rescap 283/tcp rescap rescap 283/udp rescap # Paul Hoffman # 284-307 Unassigned novastorbakcup 308/tcp Novastor Backup novastorbakcup 308/udp Novastor Backup # Brian Dickman entrusttime 309/tcp EntrustTime entrusttime 309/udp EntrustTime # Peter Whittaker bhmds 310/tcp bhmds bhmds 310/udp bhmds # John Kelly asip-webadmin 311/tcp AppleShare IP WebAdmin asip-webadmin 311/udp AppleShare IP WebAdmin # Ann Huang vslmp 312/tcp VSLMP vslmp 312/udp VSLMP # Gerben Wierda magenta-logic 313/tcp Magenta Logic magenta-logic 313/udp Magenta Logic # Karl Rousseau opalis-robot 314/tcp Opalis Robot opalis-robot 314/udp Opalis Robot # Laurent Domenech, Opalis dpsi 315/tcp DPSI dpsi 315/udp DPSI # Tony Scamurra decauth 316/tcp decAuth decauth 316/udp decAuth # Michael Agishtein zannet 317/tcp Zannet zannet 317/udp Zannet # Zan Oliphant pkix-timestamp 318/tcp PKIX TimeStamp pkix-timestamp 318/udp PKIX TimeStamp # Robert Zuccherato ptp-event 319/tcp PTP Event ptp-event 319/udp PTP Event ptp-general 320/tcp PTP General ptp-general 320/udp PTP General # John Eidson pip 321/tcp PIP pip 321/udp PIP # Gordon Mohr rtsps 322/tcp RTSPS rtsps 322/udp RTSPS # Anders Klemets # 323-343 Unassigned pdap 344/tcp Prospero Data Access Protocol pdap 344/udp Prospero Data Access Protocol # B. Clifford Neuman pawserv 345/tcp Perf Analysis Workbench pawserv 345/udp Perf Analysis Workbench zserv 346/tcp Zebra server zserv 346/udp Zebra server fatserv 347/tcp Fatmen Server fatserv 347/udp Fatmen Server csi-sgwp 348/tcp Cabletron Management Protocol csi-sgwp 348/udp Cabletron Management Protocol mftp 349/tcp mftp mftp 349/udp mftp # Dave Feinleib matip-type-a 350/tcp MATIP Type A matip-type-a 350/udp MATIP Type A matip-type-b 351/tcp MATIP Type B matip-type-b 351/udp MATIP Type B # Alain Robert # The following entry records an unassigned but widespread use bhoetty 351/tcp bhoetty (added 5/21/97) bhoetty 351/udp bhoetty # John Kelly dtag-ste-sb 352/tcp DTAG (assigned long ago) dtag-ste-sb 352/udp DTAG # Ruediger Wald # The following entry records an unassigned but widespread use bhoedap4 352/tcp bhoedap4 (added 5/21/97) bhoedap4 352/udp bhoedap4 # John Kelly ndsauth 353/tcp NDSAUTH ndsauth 353/udp NDSAUTH # Jayakumar Ramalingam bh611 354/tcp bh611 bh611 354/udp bh611 # John Kelly datex-asn 355/tcp DATEX-ASN datex-asn 355/udp DATEX-ASN # Kenneth Vaughn cloanto-net-1 356/tcp Cloanto Net 1 cloanto-net-1 356/udp Cloanto Net 1 # Michael Battilana bhevent 357/tcp bhevent bhevent 357/udp bhevent # John Kelly shrinkwrap 358/tcp Shrinkwrap shrinkwrap 358/udp Shrinkwrap # Bill Simpson tenebris_nts 359/tcp Tenebris Network Trace Service tenebris_nts 359/udp Tenebris Network Trace Service # Eric Jacksch scoi2odialog 360/tcp scoi2odialog scoi2odialog 360/udp scoi2odialog # Keith Petley semantix 361/tcp Semantix semantix 361/udp Semantix # Semantix srssend 362/tcp SRS Send srssend 362/udp SRS Send # Curt Mayer rsvp_tunnel 363/tcp RSVP Tunnel rsvp_tunnel 363/udp RSVP Tunnel # Andreas Terzis aurora-cmgr 364/tcp Aurora CMGR aurora-cmgr 364/udp Aurora CMGR # Philip Budne dtk 365/tcp DTK dtk 365/udp DTK # Fred Cohen odmr 366/tcp ODMR odmr 366/udp ODMR # Randall Gellens mortgageware 367/tcp MortgageWare mortgageware 367/udp MortgageWare # Ole Hellevik qbikgdp 368/tcp QbikGDP qbikgdp 368/udp QbikGDP # Adrien de Croy rpc2portmap 369/tcp rpc2portmap rpc2portmap 369/udp rpc2portmap codaauth2 370/tcp codaauth2 codaauth2 370/udp codaauth2 # Robert Watson clearcase 371/tcp Clearcase clearcase 371/udp Clearcase # Dave LeBlang ulistproc 372/tcp ListProcessor ulistproc 372/udp ListProcessor # Anastasios Kotsikonas legent-1 373/tcp Legent Corporation legent-1 373/udp Legent Corporation legent-2 374/tcp Legent Corporation legent-2 374/udp Legent Corporation # Keith Boyce <---none---> hassle 375/tcp Hassle hassle 375/udp Hassle # Reinhard Doelz nip 376/tcp Amiga Envoy Network Inquiry Proto nip 376/udp Amiga Envoy Network Inquiry Proto # Heinz Wrobel # Dale L. Larson tnETOS 377/tcp NEC Corporation tnETOS 377/udp NEC Corporation dsETOS 378/tcp NEC Corporation dsETOS 378/udp NEC Corporation # Tomoo Fujita is99c 379/tcp TIA/EIA/IS-99 modem client is99c 379/udp TIA/EIA/IS-99 modem client is99s 380/tcp TIA/EIA/IS-99 modem server is99s 380/udp TIA/EIA/IS-99 modem server # Frank Quick hp-collector 381/tcp hp performance data collector hp-collector 381/udp hp performance data collector hp-managed-node 382/tcp hp performance data managed node hp-managed-node 382/udp hp performance data managed node hp-alarm-mgr 383/tcp hp performance data alarm manager hp-alarm-mgr 383/udp hp performance data alarm manager # Frank Blakely arns 384/tcp A Remote Network Server System arns 384/udp A Remote Network Server System # David Hornsby ibm-app 385/tcp IBM Application ibm-app 385/udp IBM Application # Lisa Tomita <---none---> asa 386/tcp ASA Message Router Object Def. asa 386/udp ASA Message Router Object Def. # Steve Laitinen aurp 387/tcp Appletalk Update-Based Routing Pro. aurp 387/udp Appletalk Update-Based Routing Pro. # Chris Ranch unidata-ldm 388/tcp Unidata LDM Version 4 unidata-ldm 388/udp Unidata LDM Version 4 # Glenn Davis ldap 389/tcp Lightweight Directory Access Protocol ldap 389/udp Lightweight Directory Access Protocol # Tim Howes uis 390/tcp UIS uis 390/udp UIS # Ed Barron <---none---> synotics-relay 391/tcp SynOptics SNMP Relay Port synotics-relay 391/udp SynOptics SNMP Relay Port synotics-broker 392/tcp SynOptics Port Broker Port synotics-broker 392/udp SynOptics Port Broker Port # Illan Raab dis 393/tcp Data Interpretation System dis 393/udp Data Interpretation System # Paul Stevens embl-ndt 394/tcp EMBL Nucleic Data Transfer embl-ndt 394/udp EMBL Nucleic Data Transfer # Peter Gad netcp 395/tcp NETscout Control Protocol netcp 395/udp NETscout Control Protocol # Anil Singhal <---none---> netware-ip 396/tcp Novell Netware over IP netware-ip 396/udp Novell Netware over IP mptn 397/tcp Multi Protocol Trans. Net. mptn 397/udp Multi Protocol Trans. Net. # Soumitra Sarkar kryptolan 398/tcp Kryptolan kryptolan 398/udp Kryptolan # Peter de Laval iso-tsap-c2 399/tcp ISO Transport Class 2 Non-Control over tcp iso-tsap-c2 399/udp ISO Transport Class 2 Non-Control over tcp # Yanick Pouffary work-sol 400/tcp Workstation Solutions work-sol 400/udp Workstation Solutions # Jim Ward ups 401/tcp Uninterruptible Power Supply ups 401/udp Uninterruptible Power Supply # Charles Bennett genie 402/tcp Genie Protocol genie 402/udp Genie Protocol # Mark Hankin <---none---> decap 403/tcp decap decap 403/udp decap nced 404/tcp nced nced 404/udp nced ncld 405/tcp ncld ncld 405/udp ncld # Richard Jones <---none---> imsp 406/tcp Interactive Mail Support Protocol imsp 406/udp Interactive Mail Support Protocol # John Myers timbuktu 407/tcp Timbuktu timbuktu 407/udp Timbuktu # Marc Epard prm-sm 408/tcp Prospero Resource Manager Sys. Man. prm-sm 408/udp Prospero Resource Manager Sys. Man. prm-nm 409/tcp Prospero Resource Manager Node Man. prm-nm 409/udp Prospero Resource Manager Node Man. # B. Clifford Neuman decladebug 410/tcp DECLadebug Remote Debug Protocol decladebug 410/udp DECLadebug Remote Debug Protocol # Anthony Berent rmt 411/tcp Remote MT Protocol rmt 411/udp Remote MT Protocol # Peter Eriksson synoptics-trap 412/tcp Trap Convention Port synoptics-trap 412/udp Trap Convention Port # Illan Raab smsp 413/tcp SMSP smsp 413/udp SMSP infoseek 414/tcp InfoSeek infoseek 414/udp InfoSeek # Steve Kirsch bnet 415/tcp BNet bnet 415/udp BNet # Jim Mertz silverplatter 416/tcp Silverplatter silverplatter 416/udp Silverplatter # Peter Ciuffetti onmux 417/tcp Onmux onmux 417/udp Onmux # Stephen Hanna hyper-g 418/tcp Hyper-G hyper-g 418/udp Hyper-G # Frank Kappe ariel1 419/tcp Ariel ariel1 419/udp Ariel # Jonathan Lavigne smpte 420/tcp SMPTE smpte 420/udp SMPTE # Si Becker <71362.22@CompuServe.COM> ariel2 421/tcp Ariel ariel2 421/udp Ariel ariel3 422/tcp Ariel ariel3 422/udp Ariel # Jonathan Lavigne opc-job-start 423/tcp IBM Operations Planning and Control Start opc-job-start 423/udp IBM Operations Planning and Control Start opc-job-track 424/tcp IBM Operations Planning and Control Track opc-job-track 424/udp IBM Operations Planning and Control Track # Conny Larsson icad-el 425/tcp ICAD icad-el 425/udp ICAD # Larry Stone smartsdp 426/tcp smartsdp smartsdp 426/udp smartsdp # Alexander Dupuy svrloc 427/tcp Server Location svrloc 427/udp Server Location # ocs_cmu 428/tcp OCS_CMU ocs_cmu 428/udp OCS_CMU ocs_amu 429/tcp OCS_AMU ocs_amu 429/udp OCS_AMU # Florence Wyman utmpsd 430/tcp UTMPSD utmpsd 430/udp UTMPSD utmpcd 431/tcp UTMPCD utmpcd 431/udp UTMPCD iasd 432/tcp IASD iasd 432/udp IASD # Nir Baroz nnsp 433/tcp NNSP nnsp 433/udp NNSP # Rob Robertson mobileip-agent 434/tcp MobileIP-Agent mobileip-agent 434/udp MobileIP-Agent mobilip-mn 435/tcp MobilIP-MN mobilip-mn 435/udp MobilIP-MN # Kannan Alagappan dna-cml 436/tcp DNA-CML dna-cml 436/udp DNA-CML # Dan Flowers comscm 437/tcp comscm comscm 437/udp comscm # Jim Teague dsfgw 438/tcp dsfgw dsfgw 438/udp dsfgw # Andy McKeen dasp 439/tcp dasp Thomas Obermair dasp 439/udp dasp tommy@inlab.m.eunet.de # Thomas Obermair sgcp 440/tcp sgcp sgcp 440/udp sgcp # Marshall Rose decvms-sysmgt 441/tcp decvms-sysmgt decvms-sysmgt 441/udp decvms-sysmgt # Lee Barton cvc_hostd 442/tcp cvc_hostd cvc_hostd 442/udp cvc_hostd # Bill Davidson https 443/tcp http protocol over TLS/SSL https 443/udp http protocol over TLS/SSL # Kipp E.B. Hickman snpp 444/tcp Simple Network Paging Protocol snpp 444/udp Simple Network Paging Protocol # [RFC1568] microsoft-ds 445/tcp Microsoft-DS microsoft-ds 445/udp Microsoft-DS # Pradeep Bahl ddm-rdb 446/tcp DDM-RDB ddm-rdb 446/udp DDM-RDB ddm-dfm 447/tcp DDM-RFM ddm-dfm 447/udp DDM-RFM # Jan David Fisher ddm-ssl 448/tcp DDM-SSL ddm-ssl 448/udp DDM-SSL # Steve Ritland as-servermap 449/tcp AS Server Mapper as-servermap 449/udp AS Server Mapper # Barbara Foss tserver 450/tcp TServer tserver 450/udp TServer # Harvey S. Schultz sfs-smp-net 451/tcp Cray Network Semaphore server sfs-smp-net 451/udp Cray Network Semaphore server sfs-config 452/tcp Cray SFS config server sfs-config 452/udp Cray SFS config server # Walter Poxon creativeserver 453/tcp CreativeServer creativeserver 453/udp CreativeServer contentserver 454/tcp ContentServer contentserver 454/udp ContentServer creativepartnr 455/tcp CreativePartnr creativepartnr 455/udp CreativePartnr # Jesus Ortiz macon-tcp 456/tcp macon-tcp macon-udp 456/udp macon-udp # Yoshinobu Inoue # scohelp 457/tcp scohelp scohelp 457/udp scohelp # Faith Zack appleqtc 458/tcp apple quick time appleqtc 458/udp apple quick time # Murali Ranganathan ampr-rcmd 459/tcp ampr-rcmd ampr-rcmd 459/udp ampr-rcmd # Rob Janssen skronk 460/tcp skronk skronk 460/udp skronk # Henry Strickland datasurfsrv 461/tcp DataRampSrv datasurfsrv 461/udp DataRampSrv datasurfsrvsec 462/tcp DataRampSrvSec datasurfsrvsec 462/udp DataRampSrvSec # Diane Downie alpes 463/tcp alpes alpes 463/udp alpes # Alain Durand kpasswd 464/tcp kpasswd kpasswd 464/udp kpasswd # Theodore Ts'o digital-vrc 466/tcp digital-vrc digital-vrc 466/udp digital-vrc # Peter Higginson mylex-mapd 467/tcp mylex-mapd mylex-mapd 467/udp mylex-mapd # Gary Lewis photuris 468/tcp proturis photuris 468/udp proturis # Bill Simpson rcp 469/tcp Radio Control Protocol rcp 469/udp Radio Control Protocol # Jim Jennings +1-708-538-7241 scx-proxy 470/tcp scx-proxy scx-proxy 470/udp scx-proxy # Scott Narveson mondex 471/tcp Mondex mondex 471/udp Mondex # Bill Reding ljk-login 472/tcp ljk-login ljk-login 472/udp ljk-login # LJK Software, Cambridge, Massachusetts # hybrid-pop 473/tcp hybrid-pop hybrid-pop 473/udp hybrid-pop # Rami Rubin tn-tl-w1 474/tcp tn-tl-w1 tn-tl-w2 474/udp tn-tl-w2 # Ed Kress tcpnethaspsrv 475/tcp tcpnethaspsrv tcpnethaspsrv 475/udp tcpnethaspsrv # Charlie Hava tn-tl-fd1 476/tcp tn-tl-fd1 tn-tl-fd1 476/udp tn-tl-fd1 # Ed Kress ss7ns 477/tcp ss7ns ss7ns 477/udp ss7ns # Jean-Michel URSCH spsc 478/tcp spsc spsc 478/udp spsc # Mike Rieker iafserver 479/tcp iafserver iafserver 479/udp iafserver iafdbase 480/tcp iafdbase iafdbase 480/udp iafdbase # ricky@solect.com ph 481/tcp Ph service ph 481/udp Ph service # Roland Hedberg bgs-nsi 482/tcp bgs-nsi bgs-nsi 482/udp bgs-nsi # Jon Saperia ulpnet 483/tcp ulpnet ulpnet 483/udp ulpnet # Kevin Mooney integra-sme 484/tcp Integra Software Management Environment integra-sme 484/udp Integra Software Management Environment # Randall Dow powerburst 485/tcp Air Soft Power Burst powerburst 485/udp Air Soft Power Burst # avian 486/tcp avian avian 486/udp avian # Robert Ullmann # saft 487/tcp saft Simple Asynchronous File Transfer saft 487/udp saft Simple Asynchronous File Transfer # Ulli Horlacher gss-http 488/tcp gss-http gss-http 488/udp gss-http # Doug Rosenthal nest-protocol 489/tcp nest-protocol nest-protocol 489/udp nest-protocol # Gil Gameiro micom-pfs 490/tcp micom-pfs micom-pfs 490/udp micom-pfs # David Misunas go-login 491/tcp go-login go-login 491/udp go-login # Troy Morrison ticf-1 492/tcp Transport Independent Convergence for FNA ticf-1 492/udp Transport Independent Convergence for FNA ticf-2 493/tcp Transport Independent Convergence for FNA ticf-2 493/udp Transport Independent Convergence for FNA # Mamoru Ito pov-ray 494/tcp POV-Ray pov-ray 494/udp POV-Ray # Chris Cason intecourier 495/tcp intecourier intecourier 495/udp intecourier # Steve Favor pim-rp-disc 496/tcp PIM-RP-DISC pim-rp-disc 496/udp PIM-RP-DISC # Dino Farinacci dantz 497/tcp dantz dantz 497/udp dantz # Dotty Yackle siam 498/tcp siam siam 498/udp siam # Philippe Gilbert iso-ill 499/tcp ISO ILL Protocol iso-ill 499/udp ISO ILL Protocol # Mark H. Needleman isakmp 500/tcp isakmp isakmp 500/udp isakmp # Mark Schertler stmf 501/tcp STMF stmf 501/udp STMF # Alan Ungar asa-appl-proto 502/tcp asa-appl-proto asa-appl-proto 502/udp asa-appl-proto # Dennis Dube intrinsa 503/tcp Intrinsa intrinsa 503/udp Intrinsa # Robert Ford citadel 504/tcp citadel citadel 504/udp citadel # Art Cancro mailbox-lm 505/tcp mailbox-lm mailbox-lm 505/udp mailbox-lm # Beverly Moody ohimsrv 506/tcp ohimsrv ohimsrv 506/udp ohimsrv # Scott Powell crs 507/tcp crs crs 507/udp crs # Brad Wright xvttp 508/tcp xvttp xvttp 508/udp xvttp # Keith J. Alphonso snare 509/tcp snare snare 509/udp snare # Dennis Batchelder fcp 510/tcp FirstClass Protocol fcp 510/udp FirstClass Protocol # Mike Marshburn passgo 511/tcp PassGo passgo 511/udp PassGo # John Rainford exec 512/tcp remote process execution; # authentication performed using # passwords and UNIX loppgin names comsat 512/udp biff 512/udp used by mail system to notify users # of new mail received; currently # receives messages only from # processes on the same machine login 513/tcp remote login a la telnet; # automatic authentication performed # based on priviledged port numbers # and distributed data bases which # identify "authentication domains" who 513/udp maintains data bases showing who's # logged in to machines on a local # net and the load average of the # machine shell 514/tcp cmd # like exec, but automatic authentication # is performed as for login server syslog 514/udp printer 515/tcp spooler printer 515/udp spooler videotex 516/tcp videotex videotex 516/udp videotex # Daniel Mavrakis talk 517/tcp like tenex link, but across # machine - unfortunately, doesn't # use link protocol (this is actually # just a rendezvous port from which a # tcp connection is established) talk 517/udp like tenex link, but across # machine - unfortunately, doesn't # use link protocol (this is actually # just a rendezvous port from which a # tcp connection is established) ntalk 518/tcp ntalk 518/udp utime 519/tcp unixtime utime 519/udp unixtime efs 520/tcp extended file name server router 520/udp local routing process (on site); # uses variant of Xerox NS routing # information protocol - RIP ripng 521/tcp ripng ripng 521/udp ripng # Robert E. Minnear ulp 522/tcp ULP ulp 522/udp ULP # Max Morris ibm-db2 523/tcp IBM-DB2 ibm-db2 523/udp IBM-DB2 # Peter Pau ncp 524/tcp NCP ncp 524/udp NCP # Don Provan timed 525/tcp timeserver timed 525/udp timeserver tempo 526/tcp newdate tempo 526/udp newdate stx 527/tcp Stock IXChange stx 527/udp Stock IXChange custix 528/tcp Customer IXChange custix 528/udp Customer IXChange # Ralph Hanan irc-serv 529/tcp IRC-SERV irc-serv 529/udp IRC-SERV # Brian Tackett courier 530/tcp rpc courier 530/udp rpc conference 531/tcp chat conference 531/udp chat netnews 532/tcp readnews netnews 532/udp readnews netwall 533/tcp for emergency broadcasts netwall 533/udp for emergency broadcasts mm-admin 534/tcp MegaMedia Admin mm-admin 534/udp MegaMedia Admin # Andreas Heidemann iiop 535/tcp iiop iiop 535/udp iiop # Jeff M.Michaud opalis-rdv 536/tcp opalis-rdv opalis-rdv 536/udp opalis-rdv # Laurent Domenech nmsp 537/tcp Networked Media Streaming Protocol nmsp 537/udp Networked Media Streaming Protocol # Paul Santinelli Jr. gdomap 538/tcp gdomap gdomap 538/udp gdomap # Richard Frith-Macdonald apertus-ldp 539/tcp Apertus Technologies Load Determination apertus-ldp 539/udp Apertus Technologies Load Determination uucp 540/tcp uucpd uucp 540/udp uucpd uucp-rlogin 541/tcp uucp-rlogin uucp-rlogin 541/udp uucp-rlogin # Stuart Lynne commerce 542/tcp commerce commerce 542/udp commerce # Randy Epstein klogin 543/tcp klogin 543/udp kshell 544/tcp krcmd kshell 544/udp krcmd appleqtcsrvr 545/tcp appleqtcsrvr appleqtcsrvr 545/udp appleqtcsrvr # Murali Ranganathan # dhcpv6-client 546/tcp DHCPv6 Client dhcpv6-client 546/udp DHCPv6 Client dhcpv6-server 547/tcp DHCPv6 Server dhcpv6-server 547/udp DHCPv6 Server # Jim Bound afpovertcp 548/tcp AFP over tcp afpovertcp 548/udp AFP over tcp # Leland Wallace idfp 549/tcp IDFP idfp 549/udp IDFP # Ramana Kovi new-rwho 550/tcp new-who new-rwho 550/udp new-who cybercash 551/tcp cybercash cybercash 551/udp cybercash # Donald E. Eastlake 3rd deviceshare 552/tcp deviceshare deviceshare 552/udp deviceshare # Brian Schenkenberger pirp 553/tcp pirp pirp 553/udp pirp # D. J. Bernstein rtsp 554/tcp Real Time Stream Control Protocol rtsp 554/udp Real Time Stream Control Protocol # Rob Lanphier dsf 555/tcp dsf 555/udp remotefs 556/tcp rfs server remotefs 556/udp rfs server openvms-sysipc 557/tcp openvms-sysipc openvms-sysipc 557/udp openvms-sysipc # Alan Potter sdnskmp 558/tcp SDNSKMP sdnskmp 558/udp SDNSKMP teedtap 559/tcp TEEDTAP teedtap 559/udp TEEDTAP # Mort Hoffman rmonitor 560/tcp rmonitord rmonitor 560/udp rmonitord monitor 561/tcp monitor 561/udp chshell 562/tcp chcmd chshell 562/udp chcmd nntps 563/tcp nntp protocol over TLS/SSL (was snntp) nntps 563/udp nntp protocol over TLS/SSL (was snntp) # Kipp E.B. Hickman 9pfs 564/tcp plan 9 file service 9pfs 564/udp plan 9 file service whoami 565/tcp whoami whoami 565/udp whoami streettalk 566/tcp streettalk streettalk 566/udp streettalk banyan-rpc 567/tcp banyan-rpc banyan-rpc 567/udp banyan-rpc # Tom Lemaire ms-shuttle 568/tcp microsoft shuttle ms-shuttle 568/udp microsoft shuttle # Rudolph Balaz ms-rome 569/tcp microsoft rome ms-rome 569/udp microsoft rome # Rudolph Balaz meter 570/tcp demon meter 570/udp demon meter 571/tcp udemon meter 571/udp udemon sonar 572/tcp sonar sonar 572/udp sonar # Keith Moore banyan-vip 573/tcp banyan-vip banyan-vip 573/udp banyan-vip # Denis Leclerc ftp-agent 574/tcp FTP Software Agent System ftp-agent 574/udp FTP Software Agent System # Michael S. Greenberg vemmi 575/tcp VEMMI vemmi 575/udp VEMMI # Daniel Mavrakis ipcd 576/tcp ipcd ipcd 576/udp ipcd vnas 577/tcp vnas vnas 577/udp vnas ipdd 578/tcp ipdd ipdd 578/udp ipdd # Jay Farhat decbsrv 579/tcp decbsrv decbsrv 579/udp decbsrv # Rudi Martin sntp-heartbeat 580/tcp SNTP HEARTBEAT sntp-heartbeat 580/udp SNTP HEARTBEAT # Louis Mamakos bdp 581/tcp Bundle Discovery Protocol bdp 581/udp Bundle Discovery Protocol # Gary Malkin scc-security 582/tcp SCC Security scc-security 582/udp SCC Security # Prashant Dholakia philips-vc 583/tcp Philips Video-Conferencing philips-vc 583/udp Philips Video-Conferencing # Janna Chang keyserver 584/tcp Key Server keyserver 584/udp Key Server # Gary Howland imap4-ssl 585/tcp IMAP4+SSL (use 993 instead) imap4-ssl 585/udp IMAP4+SSL (use 993 instead) # Terry Gray # Use of 585 is not recommended, use 993 instead password-chg 586/tcp Password Change password-chg 586/udp Password Change submission 587/tcp Submission submission 587/udp Submission # Randy Gellens cal 588/tcp CAL cal 588/udp CAL # Myron Hattig eyelink 589/tcp EyeLink eyelink 589/udp EyeLink # Dave Stampe tns-cml 590/tcp TNS CML tns-cml 590/udp TNS CML # Jerome Albin http-alt 591/tcp FileMaker, Inc. - HTTP Alternate (see Port 80) http-alt 591/udp FileMaker, Inc. - HTTP Alternate (see Port 80) # Clay Maeckel eudora-set 592/tcp Eudora Set eudora-set 592/udp Eudora Set # Randall Gellens http-rpc-epmap 593/tcp HTTP RPC Ep Map http-rpc-epmap 593/udp HTTP RPC Ep Map # Edward Reus tpip 594/tcp TPIP tpip 594/udp TPIP # Brad Spear cab-protocol 595/tcp CAB Protocol cab-protocol 595/udp CAB Protocol # Winston Hetherington smsd 596/tcp SMSD smsd 596/udp SMSD # Wayne Barlow ptcnameservice 597/tcp PTC Name Service ptcnameservice 597/udp PTC Name Service # Yuri Machkasov sco-websrvrmg3 598/tcp SCO Web Server Manager 3 sco-websrvrmg3 598/udp SCO Web Server Manager 3 # Simon Baldwin acp 599/tcp Aeolon Core Protocol acp 599/udp Aeolon Core Protocol # Mike Marshburn ipcserver 600/tcp Sun IPC server ipcserver 600/udp Sun IPC server urm 606/tcp Cray Unified Resource Manager urm 606/udp Cray Unified Resource Manager nqs 607/tcp nqs nqs 607/udp nqs # Bill Schiefelbein sift-uft 608/tcp Sender-Initiated/Unsolicited File Transfer sift-uft 608/udp Sender-Initiated/Unsolicited File Transfer # Rick Troth npmp-trap 609/tcp npmp-trap npmp-trap 609/udp npmp-trap npmp-local 610/tcp npmp-local npmp-local 610/udp npmp-local npmp-gui 611/tcp npmp-gui npmp-gui 611/udp npmp-gui # John Barnes hmmp-ind 612/tcp HMMP Indication hmmp-ind 612/udp HMMP Indication hmmp-op 613/tcp HMMP Operation hmmp-op 613/udp HMMP Operation # Andrew Sinclair sshell 614/tcp SSLshell sshell 614/udp SSLshell # Simon J. Gerraty sco-inetmgr 615/tcp Internet Configuration Manager sco-inetmgr 615/udp Internet Configuration Manager sco-sysmgr 616/tcp SCO System Administration Server sco-sysmgr 616/udp SCO System Administration Server sco-dtmgr 617/tcp SCO Desktop Administration Server sco-dtmgr 617/udp SCO Desktop Administration Server # Christopher Durham dei-icda 618/tcp DEI-ICDA dei-icda 618/udp DEI-ICDA # David Turner digital-evm 619/tcp Digital EVM digital-evm 619/udp Digital EVM # Jem Treadwell sco-websrvrmgr 620/tcp SCO WebServer Manager sco-websrvrmgr 620/udp SCO WebServer Manager # Christopher Durham escp-ip 621/tcp ESCP escp-ip 621/udp ESCP # Lai Zit Seng collaborator 622/tcp Collaborator collaborator 622/udp Collaborator # Johnson Davis aux_bus_shunt 623/tcp Aux Bus Shunt aux_bus_shunt 623/udp Aux Bus Shunt # Steve Williams cryptoadmin 624/tcp Crypto Admin cryptoadmin 624/udp Crypto Admin # Matt Lachance dec_dlm 625/tcp DEC DLM dec_dlm 625/udp DEC DLM # Rudi Martin asia 626/tcp ASIA asia 626/udp ASIA # Michael Dasenbrock passgo-tivoli 627/tcp PassGo Tivoli passgo-tivoli 627/udp PassGo Tivoli # Chris Hall qmqp 628/tcp QMQP qmqp 628/udp QMQP # Dan Bernstein 3com-amp3 629/tcp 3Com AMP3 3com-amp3 629/udp 3Com AMP3 # Prakash Banthia rda 630/tcp RDA rda 630/udp RDA # John Hadjioannou ipp 631/tcp IPP (Internet Printing Protocol) ipp 631/udp IPP (Internet Printing Protocol) # Carl-Uno Manros bmpp 632/tcp bmpp bmpp 632/udp bmpp # Troy Rollo servstat 633/tcp Service Status update (Sterling Software) servstat 633/udp Service Status update (Sterling Software) # Greg Rose ginad 634/tcp ginad ginad 634/udp ginad # Mark Crother rlzdbase 635/tcp RLZ DBase rlzdbase 635/udp RLZ DBase # Michael Ginn ldaps 636/tcp ldap protocol over TLS/SSL (was sldap) ldaps 636/udp ldap protocol over TLS/SSL (was sldap) # Pat Richard lanserver 637/tcp lanserver lanserver 637/udp lanserver # Chris Larsson mcns-sec 638/tcp mcns-sec mcns-sec 638/udp mcns-sec # Kaz Ozawa msdp 639/tcp MSDP msdp 639/udp MSDP # Dino Farinacci entrust-sps 640/tcp entrust-sps entrust-sps 640/udp entrust-sps # Marek Buchler repcmd 641/tcp repcmd repcmd 641/udp repcmd # Scott Dale esro-emsdp 642/tcp ESRO-EMSDP V1.3 esro-emsdp 642/udp ESRO-EMSDP V1.3 # Mohsen Banan sanity 643/tcp SANity sanity 643/udp SANity # Peter Viscarola dwr 644/tcp dwr dwr 644/udp dwr # Bill Fenner pssc 645/tcp PSSC pssc 645/udp PSSC # Egon Meier-Engelen ldp 646/tcp LDP ldp 646/udp LDP # Bob Thomas dhcp-failover 647/tcp DHCP Failover dhcp-failover 647/udp DHCP Failover # Bernard Volz rrp 648/tcp Registry Registrar Protocol (RRP) rrp 648/udp Registry Registrar Protocol (RRP) # Scott Hollenbeck aminet 649/tcp Aminet aminet 649/udp Aminet # Martin Toeller obex 650/tcp OBEX obex 650/udp OBEX # Jeff Garbers ieee-mms 651/tcp IEEE MMS ieee-mms 651/udp IEEE MMS # Curtis Anderson udlr-dtcp 652/tcp UDLR_Dtcp udlr-dtcp 652/udp UDLR_Dtcp # Patrick Cipiere repscmd 653/tcp RepCmd repscmd 653/udp RepCmd # Scott Dale aodv 654/tcp AODV aodv 654/udp AODV # Charles Perkins tinc 655/tcp TINC tinc 655/udp TINC # Ivo Timmermans # 656-665 Unassigned mdqs 666/tcp mdqs 666/udp doom 666/tcp doom Id Software doom 666/udp doom Id Software # disclose 667/tcp campaign contribution disclosures - SDR Technologies disclose 667/udp campaign contribution disclosures - SDR Technologies # Jim Dixon mecomm 668/tcp MeComm mecomm 668/udp MeComm meregister 669/tcp MeRegister meregister 669/udp MeRegister # Armin Sawusch vacdsm-sws 670/tcp VACDSM-SWS vacdsm-sws 670/udp VACDSM-SWS vacdsm-app 671/tcp VACDSM-APP vacdsm-app 671/udp VACDSM-APP vpps-qua 672/tcp VPPS-QUA vpps-qua 672/udp VPPS-QUA cimplex 673/tcp CIMPLEX cimplex 673/udp CIMPLEX # Ulysses G. Smith Jr. acap 674/tcp ACAP acap 674/udp ACAP # Chris Newman dctp 675/tcp DCTP dctp 675/udp DCTP # Andre Kramer vpps-via 676/tcp VPPS Via vpps-via 676/udp VPPS Via # Ulysses G. Smith Jr. vpp 677/tcp Virtual Presence Protocol vpp 677/udp Virtual Presence Protocol # Klaus Wolf ggf-ncp 678/tcp GNU Gereration Foundation NCP ggf-ncp 678/udp GNU Generation Foundation NCP # Noah Paul mrm 679/tcp MRM mrm 679/udp MRM # Liming Wei entrust-aaas 680/tcp entrust-aaas entrust-aaas 680/udp entrust-aaas entrust-aams 681/tcp entrust-aams entrust-aams 681/udp entrust-aams # Adrian Mancini xfr 682/tcp XFR xfr 682/udp XFR # Noah Paul corba-iiop 683/tcp CORBA IIOP corba-iiop 683/udp CORBA IIOP corba-iiop-ssl 684/tcp CORBA IIOP SSL corba-iiop-ssl 684/udp CORBA IIOP SSL # Henry Lowe mdc-portmapper 685/tcp MDC Port Mapper mdc-portmapper 685/udp MDC Port Mapper # Noah Paul hcp-wismar 686/tcp Hardware Control Protocol Wismar hcp-wismar 686/udp Hardware Control Protocol Wismar # David Merchant asipregistry 687/tcp asipregistry asipregistry 687/udp asipregistry # Erik Sea realm-rusd 688/tcp REALM-RUSD realm-rusd 688/udp REALM-RUSD # Jerry Knight # 689-703 Unassigned elcsd 704/tcp errlog copy/server daemon elcsd 704/udp errlog copy/server daemon agentx 705/tcp AgentX agentx 705/udp AgentX # Bob Natale # 706 Unassigned borland-dsj 707/tcp Borland DSJ borland-dsj 707/udp Borland DSJ # Gerg Cole # 708 Unassigned entrust-kmsh 709/tcp Entrust Key Management Service Handler entrust-kmsh 709/udp Entrust Key Management Service Handler entrust-ash 710/tcp Entrust Administration Service Handler entrust-ash 710/udp Entrust Administration Service Handler # Peter Whittaker cisco-tdp 711/tcp Cisco TDP cisco-tdp 711/udp Cisco TDP # Bruce Davie # 712-728 Unassigned netviewdm1 729/tcp IBM NetView DM/6000 Server/Client netviewdm1 729/udp IBM NetView DM/6000 Server/Client netviewdm2 730/tcp IBM NetView DM/6000 send/tcp netviewdm2 730/udp IBM NetView DM/6000 send/tcp netviewdm3 731/tcp IBM NetView DM/6000 receive/tcp netviewdm3 731/udp IBM NetView DM/6000 receive/tcp # Philippe Binet (phbinet@vnet.IBM.COM) netgw 741/tcp netGW netgw 741/udp netGW # Oliver Korfmacher (okorf@netcs.com) netrcs 742/tcp Network based Rev. Cont. Sys. netrcs 742/udp Network based Rev. Cont. Sys. # Gordon C. Galligher flexlm 744/tcp Flexible License Manager flexlm 744/udp Flexible License Manager # Matt Christiano # fujitsu-dev 747/tcp Fujitsu Device Control fujitsu-dev 747/udp Fujitsu Device Control ris-cm 748/tcp Russell Info Sci Calendar Manager ris-cm 748/udp Russell Info Sci Calendar Manager kerberos-adm 749/tcp kerberos administration kerberos-adm 749/udp kerberos administration rfile 750/tcp loadav 750/udp kerberos-iv 750/udp kerberos version iv # Martin Hamilton pump 751/tcp pump 751/udp qrh 752/tcp qrh 752/udp rrh 753/tcp rrh 753/udp tell 754/tcp send tell 754/udp send nlogin 758/tcp nlogin 758/udp con 759/tcp con 759/udp ns 760/tcp ns 760/udp rxe 761/tcp rxe 761/udp quotad 762/tcp quotad 762/udp cycleserv 763/tcp cycleserv 763/udp omserv 764/tcp omserv 764/udp webster 765/tcp webster 765/udp phonebook 767/tcp phone phonebook 767/udp phone vid 769/tcp vid 769/udp cadlock 770/tcp cadlock 770/udp rtip 771/tcp rtip 771/udp cycleserv2 772/tcp cycleserv2 772/udp submit 773/tcp notify 773/udp rpasswd 774/tcp acmaint_dbd 774/udp entomb 775/tcp acmaint_transd 775/udp wpages 776/tcp wpages 776/udp # Josyula R. Rao multiling-http 777/tcp Multiling HTTP multiling-http 777/udp Multiling HTTP # Alejandro Bonet # 778-779 Unassgined wpgs 780/tcp wpgs 780/udp concert 786/tcp Concert concert 786/udp Concert # Josyula R. Rao qsc 787/tcp QSC qsc 787/udp QSC # James Furness # 788-799 Unassigned CA-RP 799/tcp CA's Remotely Possible ControlIT 799/tcp CA's ControlIT (formerly Remotely Possible) mdbs_daemon 800/tcp mdbs_daemon 800/udp device 801/tcp device 801/udp # 802-809 Unassigned fcp-udp 810/tcp FCP fcp-udp 810/udp FCP Datagram # Paul Whittemore # 811-827 Unassigned itm-mcell-s 828/tcp itm-mcell-s itm-mcell-s 828/udp itm-mcell-s # Miles O'Neal pkix-3-ca-ra 829/tcp PKIX-3 CA/RA pkix-3-ca-ra 829/udp PKIX-3 CA/RA # Carlisle Adams # 830-872 Unassigned rsync 873/tcp rsync rsync 873/udp rsync # Andrew Tridgell # 875-885 Unassigned iclcnet-locate 886/tcp ICL coNETion locate server iclcnet-locate 886/udp ICL coNETion locate server # Bob Lyon iclcnet_svinfo 887/tcp ICL coNETion server info iclcnet_svinfo 887/udp ICL coNETion server info # Bob Lyon accessbuilder 888/tcp AccessBuilder accessbuilder 888/udp AccessBuilder # Steve Sweeney # The following entry records an unassigned but widespread use cddbp 888/tcp CD Database Protocol # Steve Scherf # # 889-899 Unassigned omginitialrefs 900/tcp OMG Initial Refs omginitialrefs 900/udp OMG Initial Refs # Christian Callsen # 901-910 Unassigned xact-backup 911/tcp xact-backup xact-backup 911/udp xact-backup # Bill Carroll # 912-988 Unassigned ftps-data 989/tcp ftp protocol, data, over TLS/SSL ftps-data 989/udp ftp protocol, data, over TLS/SSL ftps 990/tcp ftp protocol, control, over TLS/SSL ftps 990/udp ftp protocol, control, over TLS/SSL # Christopher Allen nas 991/tcp Netnews Administration System nas 991/udp Netnews Administration System # Vera Heinau # Heiko Schlichting telnets 992/tcp telnet protocol over TLS/SSL telnets 992/udp telnet protocol over TLS/SSL imaps 993/tcp imap4 protocol over TLS/SSL imaps 993/udp imap4 protocol over TLS/SSL ircs 994/tcp irc protocol over TLS/SSL ircs 994/udp irc protocol over TLS/SSL # Christopher Allen pop3s 995/tcp pop3 protocol over TLS/SSL (was spop3) pop3s 995/udp pop3 protocol over TLS/SSL (was spop3) # Gordon Mangione vsinet 996/tcp vsinet vsinet 996/udp vsinet # Rob Juergens maitrd 997/tcp maitrd 997/udp busboy 998/tcp puparp 998/udp garcon 999/tcp applix 999/udp Applix ac puprouter 999/tcp puprouter 999/udp cadlock 1000/tcp ock 1000/udp # 1001-1009 Unassigned # 1008/udp Possibly used by Sun Solaris???? surf 1010/tcp surf surf 1010/udp surf # Joseph Geer # 1011-1022 Reserved 1023/tcp Reserved 1023/udp Reserved # IANA REGISTERED PORT NUMBERS The Registered Ports are listed by the IANA and on most systems can be used by ordinary user processes or programs executed by ordinary users. Ports are used in the tcp [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact port. The IANA registers uses of these ports as a convienence to the community. To the extent possible, these same port assignments are used with the UDP [RFC768]. The Registered Ports are in the range 1024-49151. Port Assignments: Keyword Decimal Description References ------- ------- ----------- ---------- 1024/tcp Reserved 1024/udp Reserved # IANA blackjack 1025/tcp network blackjack blackjack 1025/udp network blackjack # Unknown contact iad1 1030/tcp BBN IAD iad1 1030/udp BBN IAD iad2 1031/tcp BBN IAD iad2 1031/udp BBN IAD iad3 1032/tcp BBN IAD iad3 1032/udp BBN IAD # Andy Malis neod1 1047/tcp Sun's NEO Object Request Broker neod1 1047/udp Sun's NEO Object Request Broker neod2 1048/tcp Sun's NEO Object Request Broker neod2 1048/udp Sun's NEO Object Request Broker # Rohit Garg nim 1058/tcp nim nim 1058/udp nim nimreg 1059/tcp nimreg nimreg 1059/udp nimreg # Robert Gordon instl_boots 1067/tcp Installation Bootstrap Proto. Serv. instl_boots 1067/udp Installation Bootstrap Proto. Serv. instl_bootc 1068/tcp Installation Bootstrap Proto. Cli. instl_bootc 1068/udp Installation Bootstrap Proto. Cli. # David Arko < socks 1080/tcp Socks socks 1080/udp Socks # Ying-Da Lee rmiactivation 1098/tcp RMI Activation rmiactivation 1098/udp RMI Activation rmiregistry 1099/tcp RMI Registry rmiregistry 1099/udp RMI Registry # Adrain Colley nfsd-status 1110/tcp Cluster status info nfsd-keepalive 1110/udp Client status info # Edgar Circenis lmsocialserver 1111/tcp LM Social Server lmsocialserver 1111/udp LM Social Server # Ron Lussier mini-sql 1114/tcp Mini SQL mini-sql 1114/udp Mini SQL # David Hughes murray 1123/tcp Murray murray 1123/udp Murray # Stu Mark nfa 1155/tcp Network File Access nfa 1155/udp Network File Access # James Powell health-polling 1161/tcp Health Polling health-polling 1161/udp Health Polling health-trap 1162/tcp Health Trap health-trap 1162/udp Health Trap # Albert Holt mc-client 1180/tcp Millicent Client Proxy mc-client 1180/udp Millicent Client Proxy # Steve Glassman lupa 1212/tcp lupa lupa 1212/udp lupa # Barney Wolff nerv 1222/tcp SNI R&D network nerv 1222/udp SNI R&D network # Martin Freiss # 1223-1233 Unassigned search-agent 1234/tcp Infoseek Search Agent search-agent 1234/udp Infoseek Search Agent # Jackie Wu # 1235-1238 Unassigned nmsd 1239/tcp NMSD nmsd 1239/udp NMSD # Yuri Machkasov # 1240-1247 Unassigned hermes 1248/tcp hermes 1248/udp # 1249-1299 Unassigned h323hostcallsc 1300/tcp H323 Host Call Secure h323hostcallsc 1300/udp H323 Host Call Secure # Jim Toga # 1301-1309 Unassigned husky 1310/tcp Husky husky 1310/udp Husky # Mark Zang rxmon 1311/tcp RxMon rxmon 1311/udp RxMon # Javier Jiminez sti-envision 1312/tcp STI Envision sti-envision 1312/udp STI Envision # Don Stedman bmc_patroldb 1313/tcp BMC_PATROLDB bmc-patroldb 1313/udp BMC_PATROLDB # Devon Shows pdps 1314/tcp Photoscript Distributed Printing System pdps 1314/udp Photoscript Distributed Printing System # Les Klein # 1315-1320 Unassigned pip 1321/tcp PIP pip 1321/udp PIP # Gordon Mohr # 1322-1334 Unassigned digital-notary 1335/tcp Digital Notary Protocol digital-notary 1335/udp Digital Notary Protocol # Wes Doonan # 1336-1334 Unassigned vpjp 1345/tcp VPJP vpjp 1345/udp VPJP # Michael Collins alta-ana-lm 1346/tcp Alta Analytics License Manager alta-ana-lm 1346/udp Alta Analytics License Manager bbn-mmc 1347/tcp multi media conferencing bbn-mmc 1347/udp multi media conferencing bbn-mmx 1348/tcp multi media conferencing bbn-mmx 1348/udp multi media conferencing sbook 1349/tcp Registration Network Protocol sbook 1349/udp Registration Network Protocol editbench 1350/tcp Registration Network Protocol editbench 1350/udp Registration Network Protocol # Simson L. Garfinkel equationbuilder 1351/tcp Digital Tool Works (MIT) equationbuilder 1351/udp Digital Tool Works (MIT) # Terrence J. Talbot lotusnote 1352/tcp Lotus Note lotusnote 1352/udp Lotus Note # Greg Pflaum relief 1353/tcp Relief Consulting relief 1353/udp Relief Consulting # John Feiler rightbrain 1354/tcp RightBrain Software rightbrain 1354/udp RightBrain Software # Glenn Reid intuitive-edge 1355/tcp Intuitive Edge intuitive-edge 1355/udp Intuitive Edge # Montgomery Zukowski # cuillamartin 1356/tcp CuillaMartin Company cuillamartin 1356/udp CuillaMartin Company pegboard 1357/tcp Electronic PegBoard pegboard 1357/udp Electronic PegBoard # Chris Cuilla # connlcli 1358/tcp CONNLCLI connlcli 1358/udp CONNLCLI ftsrv 1359/tcp FTSRV ftsrv 1359/udp FTSRV # Ines Homem de Melo mimer 1360/tcp MIMER mimer 1360/udp MIMER # Per Schroeder linx 1361/tcp LinX linx 1361/udp LinX # Steffen Schilke <---none---> timeflies 1362/tcp TimeFlies timeflies 1362/udp TimeFlies # Doug Kent ndm-requester 1363/tcp Network DataMover Requester ndm-requester 1363/udp Network DataMover Requester ndm-server 1364/tcp Network DataMover Server ndm-server 1364/udp Network DataMover Server # Toshio Watanabe # adapt-sna 1365/tcp Network Software Associates adapt-sna 1365/udp Network Software Associates # Jeffery Chiao <714-768-401> netware-csp 1366/tcp Novell NetWare Comm Service Platform netware-csp 1366/udp Novell NetWare Comm Service Platform # Laurie Lindsey dcs 1367/tcp DCS dcs 1367/udp DCS # Stefan Siebert screencast 1368/tcp ScreenCast screencast 1368/udp ScreenCast # Bill Tschumy gv-us 1369/tcp GlobalView to Unix Shell gv-us 1369/udp GlobalView to Unix Shell us-gv 1370/tcp Unix Shell to GlobalView us-gv 1370/udp Unix Shell to GlobalView # Makoto Mita fc-cli 1371/tcp Fujitsu Config Protocol fc-cli 1371/udp Fujitsu Config Protocol fc-ser 1372/tcp Fujitsu Config Protocol fc-ser 1372/udp Fujitsu Config Protocol # Ryuichi Horie chromagrafx 1373/tcp Chromagrafx chromagrafx 1373/udp Chromagrafx # Mike Barthelemy molly 1374/tcp EPI Software Systems molly 1374/udp EPI Software Systems # Jim Vlcek bytex 1375/tcp Bytex bytex 1375/udp Bytex # Mary Ann Burt ibm-pps 1376/tcp IBM Person to Person Software ibm-pps 1376/udp IBM Person to Person Software # Simon Phipps cichlid 1377/tcp Cichlid License Manager cichlid 1377/udp Cichlid License Manager # Andy Burgess elan 1378/tcp Elan License Manager elan 1378/udp Elan License Manager # Ken Greer dbreporter 1379/tcp Integrity Solutions dbreporter 1379/udp Integrity Solutions # Tim Dawson telesis-licman 1380/tcp Telesis Network License Manager telesis-licman 1380/udp Telesis Network License Manager # Karl Schendel, Jr. apple-licman 1381/tcp Apple Network License Manager apple-licman 1381/udp Apple Network License Manager # Earl Wallace udt_os 1382/tcp udt_os 1382/udp gwha 1383/tcp GW Hannaway Network License Manager gwha 1383/udp GW Hannaway Network License Manager # J. Gabriel Foster os-licman 1384/tcp Objective Solutions License Manager os-licman 1384/udp Objective Solutions License Manager # Donald Cornwell atex_elmd 1385/tcp Atex Publishing License Manager atex_elmd 1385/udp Atex Publishing License Manager # Brett Sorenson checksum 1386/tcp CheckSum License Manager checksum 1386/udp CheckSum License Manager # Andreas Glocker cadsi-lm 1387/tcp Computer Aided Design Software Inc LM cadsi-lm 1387/udp Computer Aided Design Software Inc LM # Sulistio Muljadi objective-dbc 1388/tcp Objective Solutions DataBase Cache objective-dbc 1388/udp Objective Solutions DataBase Cache # Donald Cornwell iclpv-dm 1389/tcp Document Manager iclpv-dm 1389/udp Document Manager iclpv-sc 1390/tcp Storage Controller iclpv-sc 1390/udp Storage Controller iclpv-sas 1391/tcp Storage Access Server iclpv-sas 1391/udp Storage Access Server iclpv-pm 1392/tcp Print Manager iclpv-pm 1392/udp Print Manager iclpv-nls 1393/tcp Network Log Server iclpv-nls 1393/udp Network Log Server iclpv-nlc 1394/tcp Network Log Client iclpv-nlc 1394/udp Network Log Client iclpv-wsm 1395/tcp PC Workstation Manager software iclpv-wsm 1395/udp PC Workstation Manager software # A.P. Hobson dvl-activemail 1396/tcp DVL Active Mail dvl-activemail 1396/udp DVL Active Mail audio-activmail 1397/tcp Audio Active Mail audio-activmail 1397/udp Audio Active Mail video-activmail 1398/tcp Video Active Mail video-activmail 1398/udp Video Active Mail # Ehud Shapiro cadkey-licman 1399/tcp Cadkey License Manager cadkey-licman 1399/udp Cadkey License Manager cadkey-tablet 1400/tcp Cadkey Tablet Daemon cadkey-tablet 1400/udp Cadkey Tablet Daemon # Joe McCollough goldleaf-licman 1401/tcp Goldleaf License Manager goldleaf-licman 1401/udp Goldleaf License Manager # John Fox <---none---> prm-sm-np 1402/tcp Prospero Resource Manager prm-sm-np 1402/udp Prospero Resource Manager prm-nm-np 1403/tcp Prospero Resource Manager prm-nm-np 1403/udp Prospero Resource Manager # B. Clifford Neuman igi-lm 1404/tcp Infinite Graphics License Manager igi-lm 1404/udp Infinite Graphics License Manager ibm-res 1405/tcp IBM Remote Execution Starter ibm-res 1405/udp IBM Remote Execution Starter netlabs-lm 1406/tcp NetLabs License Manager netlabs-lm 1406/udp NetLabs License Manager dbsa-lm 1407/tcp DBSA License Manager dbsa-lm 1407/udp DBSA License Manager # Scott Shattuck sophia-lm 1408/tcp Sophia License Manager sophia-lm 1408/udp Sophia License Manager # Eric Brown here-lm 1409/tcp Here License Manager here-lm 1409/udp Here License Manager # David Ison hiq 1410/tcp HiQ License Manager hiq 1410/udp HiQ License Manager # Rick Pugh af 1411/tcp AudioFile af 1411/udp AudioFile # Jim Gettys innosys 1412/tcp InnoSys innosys 1412/udp InnoSys innosys-acl 1413/tcp Innosys-ACL innosys-acl 1413/udp Innosys-ACL # Eric Welch <--none---> ibm-mqseries 1414/tcp IBM MQSeries ibm-mqseries 1414/udp IBM MQSeries # Roger Meli dbstar 1415/tcp DBStar dbstar 1415/udp DBStar # Jeffrey Millman novell-lu6.2 1416/tcp Novell LU6.2 novell-lu6.2 1416/udp Novell LU6.2 # Peter Liu <--none---> timbuktu-srv1 1417/tcp Timbuktu Service 1 Port timbuktu-srv1 1417/udp Timbuktu Service 1 Port timbuktu-srv2 1418/tcp Timbuktu Service 2 Port timbuktu-srv2 1418/udp Timbuktu Service 2 Port timbuktu-srv3 1419/tcp Timbuktu Service 3 Port timbuktu-srv3 1419/udp Timbuktu Service 3 Port timbuktu-srv4 1420/tcp Timbuktu Service 4 Port timbuktu-srv4 1420/udp Timbuktu Service 4 Port # Marc Epard gandalf-lm 1421/tcp Gandalf License Manager gandalf-lm 1421/udp Gandalf License Manager # gilmer@gandalf.ca autodesk-lm 1422/tcp Autodesk License Manager autodesk-lm 1422/udp Autodesk License Manager # David Ko essbase 1423/tcp Essbase Arbor Software essbase 1423/udp Essbase Arbor Software hybrid 1424/tcp Hybrid Encryption Protocol hybrid 1424/udp Hybrid Encryption Protocol # Howard Hart zion-lm 1425/tcp Zion Software License Manager zion-lm 1425/udp Zion Software License Manager # David Ferrero sais 1426/tcp Satellite-data Acquisition System 1 sais 1426/udp Satellite-data Acquisition System 1 # Bill Taylor mloadd 1427/tcp mloadd monitoring tool mloadd 1427/udp mloadd monitoring tool # Bob Braden informatik-lm 1428/tcp Informatik License Manager informatik-lm 1428/udp Informatik License Manager # Harald Schlangmann # nms 1429/tcp Hypercom NMS nms 1429/udp Hypercom NMS tpdu 1430/tcp Hypercom TPDU tpdu 1430/udp Hypercom TPDU # Noor Chowdhury rgtp 1431/tcp Reverse Gossip Transport rgtp 1431/udp Reverse Gossip Transport # Ian Jackson blueberry-lm 1432/tcp Blueberry Software License Manager blueberry-lm 1432/udp Blueberry Software License Manager # Steve Beigel ms-sql-s 1433/tcp Microsoft-SQL-Server ms-sql-s 1433/udp Microsoft-SQL-Server ms-sql-m 1434/tcp Microsoft-SQL-Monitor ms-sql-m 1434/udp Microsoft-SQL-Monitor # Peter Hussey ibm-cics 1435/tcp IBM CICS ibm-cics 1435/udp IBM CICS # Geoff Meacock saism 1436/tcp Satellite-data Acquisition System 2 saism 1436/udp Satellite-data Acquisition System 2 # Bill Taylor tabula 1437/tcp Tabula tabula 1437/udp Tabula # Marcelo Einhorn # eicon-server 1438/tcp Eicon Security Agent/Server eicon-server 1438/udp Eicon Security Agent/Server eicon-x25 1439/tcp Eicon X25/SNA Gateway eicon-x25 1439/udp Eicon X25/SNA Gateway eicon-slp 1440/tcp Eicon Service Location Protocol eicon-slp 1440/udp Eicon Service Location Protocol # Pat Calhoun cadis-1 1441/tcp Cadis License Management cadis-1 1441/udp Cadis License Management cadis-2 1442/tcp Cadis License Management cadis-2 1442/udp Cadis License Management # Todd Wichers ies-lm 1443/tcp Integrated Engineering Software ies-lm 1443/udp Integrated Engineering Software # David Tong marcam-lm 1444/tcp Marcam License Management marcam-lm 1444/udp Marcam License Management # Therese Hunt proxima-lm 1445/tcp Proxima License Manager proxima-lm 1445/udp Proxima License Manager ora-lm 1446/tcp Optical Research Associates License Manager ora-lm 1446/udp Optical Research Associates License Manager apri-lm 1447/tcp Applied Parallel Research LM apri-lm 1447/udp Applied Parallel Research LM # Jim Dillon oc-lm 1448/tcp OpenConnect License Manager oc-lm 1448/udp OpenConnect License Manager # Sue Barnhill peport 1449/tcp PEport peport 1449/udp PEport # Qentin Neill dwf 1450/tcp Tandem Distributed Workbench Facility dwf 1450/udp Tandem Distributed Workbench Facility # Mike Bert infoman 1451/tcp IBM Information Management infoman 1451/udp IBM Information Management # Karen Burns <---none---> gtegsc-lm 1452/tcp GTE Government Systems License Man gtegsc-lm 1452/udp GTE Government Systems License Man # Mike Gregory genie-lm 1453/tcp Genie License Manager genie-lm 1453/udp Genie License Manager # Paul Applegate interhdl_elmd 1454/tcp interHDL License Manager interhdl_elmd 1454/udp interHDL License Manager # Eli Sternheim eli@interhdl.com esl-lm 1455/tcp ESL License Manager esl-lm 1455/udp ESL License Manager # Abel Chou dca 1456/tcp DCA dca 1456/udp DCA # Jeff Garbers valisys-lm 1457/tcp Valisys License Manager valisys-lm 1457/udp Valisys License Manager # Leslie Lincoln nrcabq-lm 1458/tcp Nichols Research Corp. nrcabq-lm 1458/udp Nichols Research Corp. # Howard Cole proshare1 1459/tcp Proshare Notebook Application proshare1 1459/udp Proshare Notebook Application proshare2 1460/tcp Proshare Notebook Application proshare2 1460/udp Proshare Notebook Application # Robin Kar ibm_wrless_lan 1461/tcp IBM Wireless LAN ibm_wrless_lan 1461/udp IBM Wireless LAN # world-lm 1462/tcp World License Manager world-lm 1462/udp World License Manager # Michael S Amirault nucleus 1463/tcp Nucleus nucleus 1463/udp Nucleus # Venky Nagar msl_lmd 1464/tcp MSL License Manager msl_lmd 1464/udp MSL License Manager # Matt Timmermans pipes 1465/tcp Pipes Platform pipes 1465/udp Pipes Platform mfarlin@peerlogic.com # Mark Farlin oceansoft-lm 1466/tcp Ocean Software License Manager oceansoft-lm 1466/udp Ocean Software License Manager # Randy Leonard csdmbase 1467/tcp CSDMBASE csdmbase 1467/udp CSDMBASE csdm 1468/tcp CSDM csdm 1468/udp CSDM # Robert Stabl aal-lm 1469/tcp Active Analysis Limited License Manager aal-lm 1469/udp Active Analysis Limited License Manager # David Snocken +44 (71)437-7009 uaiact 1470/tcp Universal Analytics uaiact 1470/udp Universal Analytics # Mark R. Ludwig csdmbase 1471/tcp csdmbase csdmbase 1471/udp csdmbase csdm 1472/tcp csdm csdm 1472/udp csdm # Robert Stabl openmath 1473/tcp OpenMath openmath 1473/udp OpenMath # Garth Mayville telefinder 1474/tcp Telefinder telefinder 1474/udp Telefinder # Jim White taligent-lm 1475/tcp Taligent License Manager taligent-lm 1475/udp Taligent License Manager # Mark Sapsford clvm-cfg 1476/tcp clvm-cfg clvm-cfg 1476/udp clvm-cfg # Eric Soderberg ms-sna-server 1477/tcp ms-sna-server ms-sna-server 1477/udp ms-sna-server ms-sna-base 1478/tcp ms-sna-base ms-sna-base 1478/udp ms-sna-base # Gordon Mangione dberegister 1479/tcp dberegister dberegister 1479/udp dberegister # Brian Griswold pacerforum 1480/tcp PacerForum pacerforum 1480/udp PacerForum # Peter Caswell airs 1481/tcp AIRS airs 1481/udp AIRS # Bruce Wilson, 905-771-6161 miteksys-lm 1482/tcp Miteksys License Manager miteksys-lm 1482/udp Miteksys License Manager # Shane McRoberts afs 1483/tcp AFS License Manager afs 1483/udp AFS License Manager # Michael R. Pizolato confluent 1484/tcp Confluent License Manager confluent 1484/udp Confluent License Manager # James Greenfiel lansource 1485/tcp LANSource lansource 1485/udp LANSource # Doug Scott nms_topo_serv 1486/tcp nms_topo_serv nms_topo_serv 1486/udp nms_topo_serv # Sylvia Siu localinfosrvr 1487/tcp LocalInfoSrvr localinfosrvr 1487/udp LocalInfoSrvr # Brian Matthews docstor 1488/tcp DocStor docstor 1488/udp DocStor # Brian Spears dmdocbroker 1489/tcp dmdocbroker dmdocbroker 1489/udp dmdocbroker # Razmik Abnous insitu-conf 1490/tcp insitu-conf insitu-conf 1490/udp insitu-conf # Paul Blacknell anynetgateway 1491/tcp anynetgateway anynetgateway 1491/udp anynetgateway # Dan Poirier stone-design-1 1492/tcp stone-design-1 stone-design-1 1492/udp stone-design-1 # Andrew Stone netmap_lm 1493/tcp netmap_lm netmap_lm 1493/udp netmap_lm # Phillip Magson ica 1494/tcp ica ica 1494/udp ica # John Richardson, Citrix Systems cvc 1495/tcp cvc cvc 1495/udp cvc # Bill Davidson liberty-lm 1496/tcp liberty-lm liberty-lm 1496/udp liberty-lm # Jim Rogers rfx-lm 1497/tcp rfx-lm rfx-lm 1497/udp rfx-lm # Bill Bishop sybase-sqlany 1498/tcp Sybase SQL Any sybase-sqlany 1498/udp Sybase SQL Any # Dave Neudoerffer fhc 1499/tcp Federico Heinz Consultora fhc 1499/udp Federico Heinz Consultora # Federico Heinz vlsi-lm 1500/tcp VLSI License Manager vlsi-lm 1500/udp VLSI License Manager # Shue-Lin Kuo saiscm 1501/tcp Satellite-data Acquisition System 3 saiscm 1501/udp Satellite-data Acquisition System 3 # Bill Taylor shivadiscovery 1502/tcp Shiva shivadiscovery 1502/udp Shiva # Jonathan Wenocur imtc-mcs 1503/tcp Databeam imtc-mcs 1503/udp Databeam # Jim Johnston evb-elm 1504/tcp EVB Software Engineering License Manager evb-elm 1504/udp EVB Software Engineering License Manager # B.G. Mahesh < mahesh@sett.com> funkproxy 1505/tcp Funk Software, Inc. funkproxy 1505/udp Funk Software, Inc. # Robert D. Vincent utcd 1506/tcp Universal Time daemon (utcd) utcd 1506/udp Universal Time daemon (utcd) # Walter Poxon symplex 1507/tcp symplex symplex 1507/udp symplex # Mike Turley diagmond 1508/tcp diagmond diagmond 1508/udp diagmond # Pete Moscatelli robcad-lm 1509/tcp Robcad, Ltd. License Manager robcad-lm 1509/udp Robcad, Ltd. License Manager # Hindin Joseph mvx-lm 1510/tcp Midland Valley Exploration Ltd. Lic. Man. mvx-lm 1510/udp Midland Valley Exploration Ltd. Lic. Man. # Neil Salter Laszlo 3l-l1 1511/tcp 3l-l1 3l-l1 1511/udp 3l-l1 # Ian A. Young wins 1512/tcp Microsoft's Windows Internet Name Service wins 1512/udp Microsoft's Windows Internet Name Service # Pradeep Bahl fujitsu-dtc 1513/tcp Fujitsu Systems Business of America, Inc fujitsu-dtc 1513/udp Fujitsu Systems Business of America, Inc fujitsu-dtcns 1514/tcp Fujitsu Systems Business of America, Inc fujitsu-dtcns 1514/udp Fujitsu Systems Business of America, Inc # Charles A. Higgins <75730.2257@compuserve.com> ifor-protocol 1515/tcp ifor-protocol ifor-protocol 1515/udp ifor-protocol # Dr. R.P. Alston vpad 1516/tcp Virtual Places Audio data vpad 1516/udp Virtual Places Audio data vpac 1517/tcp Virtual Places Audio control vpac 1517/udp Virtual Places Audio control vpvd 1518/tcp Virtual Places Video data vpvd 1518/udp Virtual Places Video data vpvc 1519/tcp Virtual Places Video control vpvc 1519/udp Virtual Places Video control # Ehud Shapiro atm-zip-office 1520/tcp atm zip office atm-zip-office 1520/udp atm zip office # Wilson Kwan ncube-lm 1521/tcp nCube License Manager ncube-lm 1521/udp nCube License Manager # Maxine Yuen ricardo-lm 1522/tcp Ricardo North America License Manager ricardo-lm 1522/udp Ricardo North America License Manager # Mike Flemming cichild-lm 1523/tcp cichild cichild-lm 1523/udp cichild # Andy Burgess ingreslock 1524/tcp ingres ingreslock 1524/udp ingres orasrv 1525/tcp oracle orasrv 1525/udp oracle prospero-np 1525/tcp Prospero Directory Service non-priv prospero-np 1525/udp Prospero Directory Service non-priv pdap-np 1526/tcp Prospero Data Access Prot non-priv pdap-np 1526/udp Prospero Data Access Prot non-priv # B. Clifford Neuman tlisrv 1527/tcp oracle tlisrv 1527/udp oracle mciautoreg 1528/tcp micautoreg mciautoreg 1528/udp micautoreg # John Klensin coauthor 1529/tcp oracle coauthor 1529/udp oracle rap-service 1530/tcp rap-service rap-service 1530/udp rap-service rap-listen 1531/tcp rap-listen rap-listen 1531/udp rap-listen # Phil Servita miroconnect 1532/tcp miroconnect miroconnect 1532/udp miroconnect # Michael Fischer +49 531 21 13 0 virtual-places 1533/tcp Virtual Places Software virtual-places 1533/udp Virtual Places Software # Ehud Shapiro micromuse-lm 1534/tcp micromuse-lm micromuse-lm 1534/udp micromuse-lm # Adam Kerrison ampr-info 1535/tcp ampr-info ampr-info 1535/udp ampr-info ampr-inter 1536/tcp ampr-inter ampr-inter 1536/udp ampr-inter # Rob Janssen sdsc-lm 1537/tcp isi-lm sdsc-lm 1537/udp isi-lm # Len Wanger 3ds-lm 1538/tcp 3ds-lm 3ds-lm 1538/udp 3ds-lm # Keith Trummel intellistor-lm 1539/tcp Intellistor License Manager intellistor-lm 1539/udp Intellistor License Manager # Ron Vaughn rds 1540/tcp rds rds 1540/udp rds rds2 1541/tcp rds2 rds2 1541/udp rds2 # Sudhakar Rajamannar gridgen-elmd 1542/tcp gridgen-elmd gridgen-elmd 1542/udp gridgen-elmd # John R. Chawner +1 817 354-1004 simba-cs 1543/tcp simba-cs simba-cs 1543/udp simba-cs # Betsy Alexander +1 604-681-4549 aspeclmd 1544/tcp aspeclmd aspeclmd 1544/udp aspeclmd # V. Balaji vistium-share 1545/tcp vistium-share vistium-share 1545/udp vistium-share # Allison Carleton abbaccuray 1546/tcp abbaccuray abbaccuray 1546/udp abbaccuray # John Wendt 614-261-2000 laplink 1547/tcp laplink laplink 1547/udp laplink # Michael Crawford axon-lm 1548/tcp Axon License Manager axon-lm 1548/udp Axon License Manager # Mark Pearce < shivahose 1549/tcp Shiva Hose shivasound 1549/udp Shiva Sound # Kin Chan 3m-image-lm 1550/tcp Image Storage license manager 3M Company 3m-image-lm 1550/udp Image Storage license manager 3M Company # J. C. Canessa hecmtl-db 1551/tcp HECMTL-DB hecmtl-db 1551/udp HECMTL-DB # Maxime Belanger pciarray 1552/tcp pciarray pciarray 1552/udp pciarray # Ron Folk sna-cs 1553/tcp sna-cs sna-cs 1553/udp sna-cs # Tony Sowter caci-lm 1554/tcp CACI Products Company License Manager caci-lm 1554/udp CACI Products Company License Manager # Erik Blume livelan 1555/tcp livelan livelan 1555/udp livelan # khedayat@roadrunner.pictel.com ashwin 1556/tcp AshWin CI Tecnologies ashwin 1556/udp AshWin CI Tecnologies # Dave Neal arbortext-lm 1557/tcp ArborText License Manager arbortext-lm 1557/udp ArborText License Manager # David J. Wilson xingmpeg 1558/tcp xingmpeg xingmpeg 1558/udp xingmpeg # Howard Gordon web2host 1559/tcp web2host web2host 1559/udp web2host # Stephen Johnson asci-val 1560/tcp asci-val asci-val 1560/udp asci-val # Brian Schenkenberger facilityview 1561/tcp facilityview facilityview 1561/udp facilityview # Ed Green pconnectmgr 1562/tcp pconnectmgr pconnectmgr 1562/udp pconnectmgr # Bob Kaiser cadabra-lm 1563/tcp Cadabra License Manager cadabra-lm 1563/udp Cadabra License Manager # Arthur Castonguay pay-per-view 1564/tcp Pay-Per-View pay-per-view 1564/udp Pay-Per-View # Brian Tung winddlb 1565/tcp WinDD winddlb 1565/udp WinDD # Kelly Sims corelvideo 1566/tcp CORELVIDEO corelvideo 1566/udp CORELVIDEO # Ming Poon jlicelmd 1567/tcp jlicelmd jlicelmd 1567/udp jlicelmd # Christian Schormann <100410.3063@compuserve.com> tsspmap 1568/tcp tsspmap tsspmap 1568/udp tsspmap # Paul W. Nelson ets 1569/tcp ets ets 1569/udp ets # Carstein Seeberg orbixd 1570/tcp orbixd orbixd 1570/udp orbixd # Bridget Walsh rdb-dbs-disp 1571/tcp Oracle Remote Data Base rdb-dbs-disp 1571/udp Oracle Remote Data Base # chip-lm 1572/tcp Chipcom License Manager chip-lm 1572/udp Chipcom License Manager # Jerry Natowitz itscomm-ns 1573/tcp itscomm-ns itscomm-ns 1573/udp itscomm-ns # Rich Thompson mvel-lm 1574/tcp mvel-lm mvel-lm 1574/udp mvel-lm # David Bisset oraclenames 1575/tcp oraclenames oraclenames 1575/udp oraclenames # P.V.Shivkumar moldflow-lm 1576/tcp moldflow-lm moldflow-lm 1576/udp moldflow-lm # Paul Browne hypercube-lm 1577/tcp hypercube-lm hypercube-lm 1577/udp hypercube-lm # Christopher McLendon jacobus-lm 1578/tcp Jacobus License Manager jacobus-lm 1578/udp Jacobus License Manager # Tony Cleveland ioc-sea-lm 1579/tcp ioc-sea-lm ioc-sea-lm 1579/udp ioc-sea-lm # Paul Nelson tn-tl-r1 1580/tcp tn-tl-r1 tn-tl-r2 1580/udp tn-tl-r2 # Ed Kress mil-2045-47001 1581/tcp MIL-2045-47001 mil-2045-47001 1581/udp MIL-2045-47001 # Eric Whitehill msims 1582/tcp MSIMS msims 1582/udp MSIMS # Glenn Olander simbaexpress 1583/tcp simbaexpress simbaexpress 1583/udp simbaexpress # Betsy Alexander +1 604-681-4549 tn-tl-fd2 1584/tcp tn-tl-fd2 tn-tl-fd2 1584/udp tn-tl-fd2 # Ed Kress intv 1585/tcp intv intv 1585/udp intv # Dermot Tynand ibm-abtact 1586/tcp ibm-abtact ibm-abtact 1586/udp ibm-abtact # Sandeep K. Singhal pra_elmd 1587/tcp pra_elmd pra_elmd 1587/udp pra_elmd # Dennis Mastin triquest-lm 1588/tcp triquest-lm triquest-lm 1588/udp triquest-lm # Nand Kumar vqp 1589/tcp VQP vqp 1589/udp VQP # Keith McCloghrie gemini-lm 1590/tcp gemini-lm gemini-lm 1590/udp gemini-lm # Tony Sawyer ncpm-pm 1591/tcp ncpm-pm ncpm-pm 1591/udp ncpm-pm # Ted Power commonspace 1592/tcp commonspace commonspace 1592/udp commonspace # Rob Chandhok mainsoft-lm 1593/tcp mainsoft-lm mainsoft-lm 1593/udp mainsoft-lm # Anand Gangadharan sixtrak 1594/tcp sixtrak sixtrak 1594/udp sixtrak # Bob Rennie radio 1595/tcp radio radio 1595/udp radio radio-sm 1596/tcp radio-sm radio-bc 1596/udp radio-bc # Ken Chapman orbplus-iiop 1597/tcp orbplus-iiop orbplus-iiop 1597/udp orbplus-iiop # Robert A. Kukura picknfs 1598/tcp picknfs picknfs 1598/udp picknfs # John Lombardo simbaservices 1599/tcp simbaservices simbaservices 1599/udp simbaservices # Betsy Alexander +1 604-681-4549 issd 1600/tcp issd 1600/udp aas 1601/tcp aas aas 1601/udp aas # Bob Beard inspect 1602/tcp inspect inspect 1602/udp inspect # Frank O'Neill picodbc 1603/tcp pickodbc picodbc 1603/udp pickodbc # John Lombardo icabrowser 1604/tcp icabrowser icabrowser 1604/udp icabrowser # Brad Pedersen slp 1605/tcp Salutation Manager (Salutation Protocol) slp 1605/udp Salutation Manager (Salutation Protocol) slm-api 1606/tcp Salutation Manager (SLM-API) slm-api 1606/udp Salutation Manager (SLM-API) # Tohru Mori stt 1607/tcp stt stt 1607/udp stt # Ryan Bolz smart-lm 1608/tcp Smart Corp. License Manager smart-lm 1608/udp Smart Corp. License Manager # Connie Qiu isysg-lm 1609/tcp isysg-lm isysg-lm 1609/udp isysg-lm # Adam Curtin taurus-wh 1610/tcp taurus-wh taurus-wh 1610/udp taurus-wh # Jeff Moffatt ill 1611/tcp Inter Library Loan ill 1611/udp Inter Library Loan # Niall Murphy netbill-trans 1612/tcp NetBill Transaction Server netbill-trans 1612/udp NetBill Transaction Server netbill-keyrep 1613/tcp NetBill Key Repository netbill-keyrep 1613/udp NetBill Key Repository netbill-cred 1614/tcp NetBill Credential Server netbill-cred 1614/udp NetBill Credential Server netbill-auth 1615/tcp NetBill Authorization Server netbill-auth 1615/udp NetBill Authorization Server netbill-prod 1616/tcp NetBill Product Server netbill-prod 1616/udp NetBill Product Server # Marvin Sirbu nimrod-agent 1617/tcp Nimrod Inter-Agent Communication nimrod-agent 1617/udp Nimrod Inter-Agent Communication # Charles Lynn skytelnet 1618/tcp skytelnet skytelnet 1618/udp skytelnet # Byron Jones xs-openstorage 1619/tcp xs-openstorage xs-openstorage 1619/udp xs-openstorage # XuiS Software Ltd. <100322.2376@compuserve.com> faxportwinport 1620/tcp faxportwinport faxportwinport 1620/udp faxportwinport # Chris Wells softdataphone 1621/tcp softdataphone softdataphone 1621/udp softdataphone # Dror Gill n ontime 1622/tcp ontime ontime 1622/udp ontime # Keith Rhodes 810-559-5955 jaleosnd 1623/tcp jaleosnd jaleosnd 1623/udp jaleosnd # Christian Schormann <100410.3063@compuserve.com> udp-sr-port 1624/tcp udp-sr-port udp-sr-port 1624/udp udp-sr-port # Herb Jensen svs-omagent 1625/tcp svs-omagent svs-omagent 1625/udp svs-omagent # Alberto Berlen shockwave 1626/tcp Shockwave shockwave 1626/udp Shockwave # Sarah Allen t128-gateway 1627/tcp T.128 Gateway t128-gateway 1627/udp T.128 Gateway # Phil May lontalk-norm 1628/tcp LonTalk normal lontalk-norm 1628/udp LonTalk normal lontalk-urgnt 1629/tcp LonTalk urgent lontalk-urgnt 1629/udp LonTalk urgent # Dan Wing oraclenet8cman 1630/tcp Oracle Net8 Cman oraclenet8cman 1630/udp Oracle Net8 Cman # Tong-Ming Lee visitview 1631/tcp Visit view visitview 1631/udp Visit view # Tom Whittaker pammratc 1632/tcp PAMMRATC pammratc 1632/udp PAMMRATC pammrpc 1633/tcp PAMMRPC pammrpc 1633/udp PAMMRPC # John Britton loaprobe 1634/tcp Log On America Probe loaprobe 1634/udp Log On America Probe # James Tavares, Log On America edb-server1 1635/tcp EDB Server 1 edb-server1 1635/udp EDB Server 1 # Carlos Portela cncp 1636/tcp CableNet Control Protocol cncp 1636/udp CableNet Control Protocol cnap 1637/tcp CableNet Admin Protocol cnap 1637/udp CableNet Admin Protocol cnip 1638/tcp CableNet Info Protocol cnip 1638/udp CableNet Info Protocol # Damian Hamill cert-initiator 1639/tcp cert-initiator cert-initiator 1639/udp cert-initiator cert-responder 1640/tcp cert-responder cert-responder 1640/udp cert-responder # Tom Markson invision 1641/tcp InVision invision 1641/udp InVision # Christopher Davey isis-am 1642/tcp isis-am isis-am 1642/udp isis-am isis-ambc 1643/tcp isis-ambc isis-ambc 1643/udp isis-ambc # Ken Chapman saiseh 1644/tcp Satellite-data Acquisition System 4 # Bill Taylor datametrics 1645/tcp datametrics datametrics 1645/udp datametrics # Jerry Jongerius sa-msg-port 1646/tcp sa-msg-port sa-msg-port 1646/udp sa-msg-port # Eric Whitehill rsap 1647/tcp rsap rsap 1647/udp rsap # Holger Reif # concurrent-lm 1648/tcp concurrent-lm concurrent-lm 1648/udp concurrent-lm # Maggie Brinsford kermit 1649/tcp kermit kermit 1649/udp kermit # Frank da Cruz nkd 1650/tcp nkd nkd 1650/udp nkd shiva_confsrvr 1651/tcp shiva_confsrvr shiva_confsrvr 1651/udp shiva_confsrvr # Mike Horowitz xnmp 1652/tcp xnmp xnmp 1652/udp xnmp # Ali Saleh alphatech-lm 1653/tcp alphatech-lm alphatech-lm 1653/udp alphatech-lm # Joseph Hauk stargatealerts 1654/tcp stargatealerts stargatealerts 1654/udp stargatealerts # Tim Coppernoll # dec-mbadmin 1655/tcp dec-mbadmin dec-mbadmin 1655/udp dec-mbadmin dec-mbadmin-h 1656/tcp dec-mbadmin-h dec-mbadmin-h 1656/udp dec-mbadmin-h # Nick Shipman fujitsu-mmpdc 1657/tcp fujitsu-mmpdc fujitsu-mmpdc 1657/udp fujitsu-mmpdc # Katsumi Oomuro sixnetudr 1658/tcp sixnetudr sixnetudr 1658/udp sixnetudr # Bob Rennie sg-lm 1659/tcp Silicon Grail License Manager sg-lm 1659/udp Silicon Grail License Manager # William R Bishop skip-mc-gikreq 1660/tcp skip-mc-gikreq skip-mc-gikreq 1660/udp skip-mc-gikreq # Tom Markson netview-aix-1 1661/tcp netview-aix-1 netview-aix-1 1661/udp netview-aix-1 netview-aix-2 1662/tcp netview-aix-2 netview-aix-2 1662/udp netview-aix-2 netview-aix-3 1663/tcp netview-aix-3 netview-aix-3 1663/udp netview-aix-3 netview-aix-4 1664/tcp netview-aix-4 netview-aix-4 1664/udp netview-aix-4 netview-aix-5 1665/tcp netview-aix-5 netview-aix-5 1665/udp netview-aix-5 netview-aix-6 1666/tcp netview-aix-6 netview-aix-6 1666/udp netview-aix-6 netview-aix-7 1667/tcp netview-aix-7 netview-aix-7 1667/udp netview-aix-7 netview-aix-8 1668/tcp netview-aix-8 netview-aix-8 1668/udp netview-aix-8 netview-aix-9 1669/tcp netview-aix-9 netview-aix-9 1669/udp netview-aix-9 netview-aix-10 1670/tcp netview-aix-10 netview-aix-10 1670/udp netview-aix-10 netview-aix-11 1671/tcp netview-aix-11 netview-aix-11 1671/udp netview-aix-11 netview-aix-12 1672/tcp netview-aix-12 netview-aix-12 1672/udp netview-aix-12 # Martha Crisson proshare-mc-1 1673/tcp Intel Proshare Multicast proshare-mc-1 1673/udp Intel Proshare Multicast proshare-mc-2 1674/tcp Intel Proshare Multicast proshare-mc-2 1674/udp Intel Proshare Multicast # Mark Lewis pdp 1675/tcp Pacific Data Products pdp 1675/udp Pacific Data Products # Gary Morton netcomm1 1676/tcp netcomm1 netcomm2 1676/udp netcomm2 # Bulent Kasman groupwise 1677/tcp groupwise groupwise 1677/udp groupwise # Brent Bradshaw prolink 1678/tcp prolink prolink 1678/udp prolink # Brian Abramson darcorp-lm 1679/tcp darcorp-lm darcorp-lm 1679/udp darcorp-lm # microcom-sbp 1680/tcp microcom-sbp microcom-sbp 1680/udp microcom-sbp # Boris B. Maiden sd-elmd 1681/tcp sd-elmd sd-elmd 1681/udp sd-elmd # Bryan Otey lanyon-lantern 1682/tcp lanyon-lantern lanyon-lantern 1682/udp lanyon-lantern # Robin Lewis ncpm-hip 1683/tcp ncpm-hip ncpm-hip 1683/udp ncpm-hip # Ken Hearn snaresecure 1684/tcp SnareSecure snaresecure 1684/udp SnareSecure # Marty Batchelder n2nremote 1685/tcp n2nremote n2nremote 1685/udp n2nremote # Kin Chan cvmon 1686/tcp cvmon cvmon 1686/udp cvmon # Carol Ann Krug nsjtp-ctrl 1687/tcp nsjtp-ctrl nsjtp-ctrl 1687/udp nsjtp-ctrl nsjtp-data 1688/tcp nsjtp-data nsjtp-data 1688/udp nsjtp-data # Orazio Granato firefox 1689/tcp firefox firefox 1689/udp firefox # Mark S. Edwards ng-umds 1690/tcp ng-umds ng-umds 1690/udp ng-umds # Louis E. Simard <76400.3371@compuserve.com> empire-empuma 1691/tcp empire-empuma empire-empuma 1691/udp empire-empuma # Bobby Krupczak sstsys-lm 1692/tcp sstsys-lm sstsys-lm 1692/udp sstsys-lm # Yih-Wu Wang rrirtr 1693/tcp rrirtr rrirtr 1693/udp rrirtr rrimwm 1694/tcp rrimwm rrimwm 1694/udp rrimwm rrilwm 1695/tcp rrilwm rrilwm 1695/udp rrilwm rrifmm 1696/tcp rrifmm rrifmm 1696/udp rrifmm rrisat 1697/tcp rrisat rrisat 1697/udp rrisat # Allen Briggs rsvp-encap-1 1698/tcp RSVP-ENCAPSULATION-1 rsvp-encap-1 1698/udp RSVP-ENCAPSULATION-1 rsvp-encap-2 1699/tcp RSVP-ENCAPSULATION-2 rsvp-encap-2 1699/udp RSVP-ENCAPSULATION-2 # Bob Braden mps-raft 1700/tcp mps-raft mps-raft 1700/udp mps-raft # Jason Leupen l2f 1701/tcp l2f l2f 1701/udp l2f l2tp 1701/tcp l2tp l2tp 1701/udp l2tp # Andy Valencia deskshare 1702/tcp deskshare deskshare 1702/udp deskshare # Sarah Thompson bcs-broker 1704/tcp bcs-broker bcs-broker 1704/udp bcs-broker # Andy Warner slingshot 1705/tcp slingshot slingshot 1705/udp slingshot # Paul Groarke jetform 1706/tcp jetform jetform 1706/udp jetform # gdeinsta vdmplay 1707/tcp vdmplay vdmplay 1707/udp vdmplay # Vadim Lebedev gat-lmd 1708/tcp gat-lmd gat-lmd 1708/udp gat-lmd # Igor Zaoutine centra 1709/tcp centra centra 1709/udp centra # Drew Wolff impera 1710/tcp impera impera 1710/udp impera # Stepehen Campbell pptconference 1711/tcp pptconference pptconference 1711/udp pptconference # John Tafoya registrar 1712/tcp resource monitoring service registrar 1712/udp resource monitoring service # Ron Lawson conferencetalk 1713/tcp ConferenceTalk conferencetalk 1713/udp ConferenceTalk # George Kajos sesi-lm 1714/tcp sesi-lm sesi-lm 1714/udp sesi-lm houdini-lm 1715/tcp houdini-lm houdini-lm 1715/udp houdini-lm # Paul Breslin xmsg 1716/tcp xmsg xmsg 1716/udp xmsg # Mark E. Fogle fj-hdnet 1717/tcp fj-hdnet fj-hdnet 1717/udp fj-hdnet # Manabu Makino h323gatedisc 1718/tcp h323gatedisc h323gatedisc 1718/udp h323gatedisc h323gatestat 1719/tcp h323gatestat h323gatestat 1719/udp h323gatestat h323hostcall 1720/tcp h323hostcall h323hostcall 1720/udp h323hostcall # Jim Toga caicci 1721/tcp caicci caicci 1721/udp caicci # Sylvia Scheuren hks-lm 1722/tcp HKS License Manager hks-lm 1722/udp HKS License Manager # Michael Wood pptp 1723/tcp pptp pptp 1723/udp pptp # Ken Crocker csbphonemaster 1724/tcp csbphonemaster csbphonemaster 1724/udp csbphonemaster # Mark Kellerhuis iden-ralp 1725/tcp iden-ralp iden-ralp 1725/udp iden-ralp # Chris Stanaway iberiagames 1726/tcp IBERIAGAMES iberiagames 1726/udp IBERIAGAMES # Jose Luis <73374.313@compuserve.com> winddx 1727/tcp winddx winddx 1727/udp winddx # Bill Andrews telindus 1728/tcp TELINDUS telindus 1728/udp TELINDUS # Paul Pyck roketz 1730/tcp roketz roketz 1730/udp roketz # Ahti Heinla msiccp 1731/tcp MSICCP msiccp 1731/udp MSICCP # Max Morris proxim 1732/tcp proxim proxim 1732/udp proxim # Srinivas N. Mogalapalli siipat 1733/tcp SIMS - SIIPAT Protocol for Alarm Transmission siipat 1733/udp SIMS - SIIPAT Protocol for Alarm Transmission # Steve Ryckman cambertx-lm 1734/tcp Camber Corporation License Management cambertx-lm 1734/udp Camber Corporation License Management # Jeannie Burleson privatechat 1735/tcp PrivateChat privatechat 1735/udp PrivateChat # Louis E. Simard <76400.3371@CompuServe.COM> street-stream 1736/tcp street-stream street-stream 1736/udp street-stream # Glenn Levitt ultimad 1737/tcp ultimad ultimad 1737/udp ultimad # (Michael Lanzetta gamegen1 1738/tcp GameGen1 gamegen1 1738/udp GameGen1 # Glen Pearson webaccess 1739/tcp webaccess webaccess 1739/udp webaccess # Christian Saether encore 1740/tcp encore encore 1740/udp encore # Stuart Button cisco-net-mgmt 1741/tcp cisco-net-mgmt cisco-net-mgmt 1741/udp cisco-net-mgmt # John McCormack 3Com-nsd 1742/tcp 3Com-nsd 3Com-nsd 1742/udp 3Com-nsd # Nitza Steinberg cinegrfx-lm 1743/tcp Cinema Graphics License Manager cinegrfx-lm 1743/udp Cinema Graphics License Manager # Rodney Iwashina ncpm-ft 1744/tcp ncpm-ft ncpm-ft 1744/udp ncpm-ft # Ken Hearn remote-winsock 1745/tcp remote-winsock remote-winsock 1745/udp remote-winsock # Avi Nathan ftrapid-1 1746/tcp ftrapid-1 ftrapid-1 1746/udp ftrapid-1 ftrapid-2 1747/tcp ftrapid-2 ftrapid-2 1747/udp ftrapid-2 # Richard J. Williams oracle-em1 1748/tcp oracle-em1 oracle-em1 1748/udp oracle-em1 # Bob Purvy aspen-services 1749/tcp aspen-services aspen-services 1749/udp aspen-services # Mark B. Hurst sslp 1750/tcp Simple Socket Library's PortMaster sslp 1750/udp Simple Socket Library's PortMaster # Dr. Charles E. Campbell Jr. # swiftnet 1751/tcp SwiftNet swiftnet 1751/udp SwiftNet # Terry Lim lofr-lm 1752/tcp Leap of Faith Research License Manager lofr-lm 1752/udp Leap of Faith Research License Manager # translogic-lm 1753/tcp Translogic License Manager translogic-lm 1753/udp Translogic License Manager # Stan Dallas oracle-em2 1754/tcp oracle-em2 oracle-em2 1754/udp oracle-em2 # Bob Purvy ms-streaming 1755/tcp ms-streaming ms-streaming 1755/udp ms-streaming # Bret O'Rourke capfast-lmd 1756/tcp capfast-lmd capfast-lmd 1756/udp capfast-lmd # Chuck Neal cnhrp 1757/tcp cnhrp cnhrp 1757/udp cnhrp # William Stoye tftp-mcast 1758/tcp tftp-mcast tftp-mcast 1758/udp tftp-mcast # Tom Emberson spss-lm 1759/tcp SPSS License Manager spss-lm 1759/udp SPSS License Manager # Tex Hull www-ldap-gw 1760/tcp www-ldap-gw www-ldap-gw 1760/udp www-ldap-gw # Nick Emery cft-0 1761/tcp cft-0 cft-0 1761/udp cft-0 cft-1 1762/tcp cft-1 cft-1 1762/udp cft-1 cft-2 1763/tcp cft-2 cft-2 1763/udp cft-2 cft-3 1764/tcp cft-3 cft-3 1764/udp cft-3 cft-4 1765/tcp cft-4 cft-4 1765/udp cft-4 cft-5 1766/tcp cft-5 cft-5 1766/udp cft-5 cft-6 1767/tcp cft-6 cft-6 1767/udp cft-6 cft-7 1768/tcp cft-7 cft-7 1768/udp cft-7 # Martine Marchand 16 1 46 59 24 84 bmc-net-adm 1769/tcp bmc-net-adm bmc-net-adm 1769/udp bmc-net-adm # Cameron Haight bmc-net-svc 1770/tcp bmc-net-svc bmc-net-svc 1770/udp bmc-net-svc # Cameron Haight bmc-net-svc vaultbase 1771/tcp vaultbase vaultbase 1771/udp vaultbase # Jose A. Sesin essweb-gw 1772/tcp EssWeb Gateway essweb-gw 1772/udp EssWeb Gateway # Bob Nattenberg kmscontrol 1773/tcp KMSControl kmscontrol 1773/udp KMSControl # Roy Chastain global-dtserv 1774/tcp global-dtserv global-dtserv 1774/udp global-dtserv # Nicholas Davies # 1775/tcp femis 1776/tcp Federal Emergency Management Information System femis 1776/udp Federal Emergency Management Information System # Larry Gerhardstein powerguardian 1777/tcp powerguardian powerguardian 1777/udp powerguardian # Charles Bennett prodigy-intrnet 1778/tcp prodigy-internet prodigy-intrnet 1778/udp prodigy-internet # Bob Dedrick pharmasoft 1779/tcp pharmasoft pharmasoft 1779/udp pharmasoft # Ola Strandberg dpkeyserv 1780/tcp dpkeyserv dpkeyserv 1780/udp dpkeyserv # Yasunari Gon Yamasita answersoft-lm 1781/tcp answersoft-lm answersoft-lm 1781/udp answersoft-lm # James A. Brewster hp-hcip 1782/tcp hp-hcip hp-hcip 1782/udp hp-hcip # Allen Baker fjris 1783/tcp Fujitsu Remote Install Service fjris 1783/udp Fujitsu Remote Install Service # Naohito Nakamura # finle-lm 1784/tcp Finle License Manager finle-lm 1784/udp Finle License Manager # Dongling Wang windlm 1785/tcp Wind River Systems License Manager windlm 1785/udp Wind River Systems License Manager # Will Dere funk-logger 1786/tcp funk-logger funk-logger 1786/udp funk-logger funk-license 1787/tcp funk-license funk-license 1787/udp funk-license # Cimarron Boozer # Eric Wilde psmond 1788/tcp psmond psmond 1788/udp psmond # Will Golson hello 1789/tcp hello hello 1789/udp hello # D. J. Bernstein nmsp 1790/tcp Narrative Media Streaming Protocol nmsp 1790/udp Narrative Media Streaming Protocol # Paul Santinelli, Jr. ea1 1791/tcp EA1 ea1 1791/udp EA1 # Kirk MacLean ibm-dt-2 1792/tcp ibm-dt-2 ibm-dt-2 1792/udp ibm-dt-2 # Sam Borman rsc-robot 1793/tcp rsc-robot rsc-robot 1793/udp rsc-robot # Andrew Jay Schneider cera-bcm 1794/tcp cera-bcm cera-bcm 1794/udp cera-bcm # Leo Moesgaard dpi-proxy 1795/tcp dpi-proxy dpi-proxy 1795/udp dpi-proxy # Charles Gordon vocaltec-admin 1796/tcp Vocaltec Server Administration vocaltec-admin 1796/udp Vocaltec Server Administration # Scott Petrack uma 1797/tcp UMA uma 1797/udp UMA # Martin Kirk etp 1798/tcp Event Transfer Protocol etp 1798/udp Event Transfer Protocol # Mike Wray netrisk 1799/tcp NETRISK netrisk 1799/udp NETRISK # Kevin Green ansys-lm 1800/tcp ANSYS-License manager ansys-lm 1800/udp ANSYS-License manager # Suzanne Lorrin msmq 1801/tcp Microsoft Message Que msmq 1801/udp Microsoft Message Que # Amnon Horowitz concomp1 1802/tcp ConComp1 concomp1 1802/udp ConComp1 # Ed Vincent <@edv@concomp.com> hp-hcip-gwy 1803/tcp HP-HCIP-GWY hp-hcip-gwy 1803/udp HP-HCIP-GWY # Allen Baker enl 1804/tcp ENL enl 1804/udp ENL # Brian Olson enl-name 1805/tcp ENL-Name enl-name 1805/udp ENL-Name # Brain Olson musiconline 1806/tcp Musiconline musiconline 1806/udp Musiconline # Craig Weeks fhsp 1807/tcp Fujitsu Hot Standby Protocol fhsp 1807/udp Fujitsu Hot Standby Protocol # Eiki Iwata (eiki@nd.net.fujitsu.co.jp> oracle-vp2 1808/tcp Oracle-VP2 oracle-vp2 1808/udp Oracle-VP2 # Craig Fowler oracle-vp1 1809/tcp Oracle-VP1 oracle-vp1 1809/udp Oracle-VP1 # Craig Fowler jerand-lm 1810/tcp Jerand License Manager jerand-lm 1810/udp Jerand License Manager # Robert Monat scientia-sdb 1811/tcp Scientia-SDB scientia-sdb 1811/udp Scientia-SDB # Ian Miller radius 1812/tcp RADIUS radius 1812/udp RADIUS # Carl Rigney radius-acct 1813/tcp RADIUS Accounting radius-acct 1813/udp RADIUS Accounting # Carl Rigney tdp-suite 1814/tcp TDP Suite tdp-suite 1814/udp TDP Suite # Rob Lockhart mmpft 1815/tcp MMPFT mmpft 1815/udp MMPFT # Ralf Muckenhirn # harp 1816/tcp HARP harp 1816/udp HARP # Bjorn Chambless rkb-oscs 1817/tcp RKB-OSCS rkb-oscs 1817/udp RKB-OSCS # Robert Kevin Breton etftp 1818/tcp Enhanced Trivial File Transfer Protocol etftp 1818/udp Enhanced Trivial File Transfer Protocol # William Polites plato-lm 1819/tcp Plato License Manager plato-lm 1819/udp Plato License Manager # Mark Morris mcagent 1820/tcp mcagent mcagent 1820/udp mcagent # Ryoichi Shinohara donnyworld 1821/tcp donnyworld donnyworld 1821/udp donnyworld # Don Oliver es-elmd 1822/tcp es-elmd es-elmd 1822/udp es-elmd # David Duncan unisys-lm 1823/tcp Unisys Natural Language License Manager unisys-lm 1823/udp Unisys Natural Language License Manager # Raymond A. Diedrichs metrics-pas 1824/tcp metrics-pas metrics-pas 1824/udp metrics-pas # Tom Haapanen direcpc-video 1825/tcp DirecPC Video direcpc-video 1825/udp DirecPC Video # Chris Kerrigan ardt 1826/tcp ARDT ardt 1826/udp ARDT # Mike Goddard asi 1827/tcp ASI asi 1827/udp ASI # Bob Tournoux itm-mcell-u 1828/tcp itm-mcell-u itm-mcell-u 1828/udp itm-mcell-u # Miles O'Neal optika-emedia 1829/tcp Optika eMedia optika-emedia 1829/udp Optika eMedia # Daryle DeBalski net8-cman 1830/tcp Oracle Net8 CMan Admin net8-cman 1830/udp Oracle Net8 CMan Admin # Shuvayu Kanjilal myrtle 1831/tcp Myrtle myrtle 1831/udp Myrtle # Ron Achin tht-treasure 1832/tcp ThoughtTreasure tht-treasure 1832/udp ThoughtTreasure # Erik Mueller udpradio 1833/tcp udpradio udpradio 1833/udp udpradio # Guus Sliepen ardusuni 1834/tcp ARDUS Unicast ardusuni 1834/udp ARDUS Unicast ardusmul 1835/tcp ARDUS Multicast ardusmul 1835/udp ARDUS Multicast # Toshikatsu Ito ste-smsc 1836/tcp ste-smsc ste-smsc 1836/udp ste-smsc # Tom Snauwaert csoft1 1837/tcp csoft1 csoft1 1837/udp csoft1 # John Coll talnet 1838/tcp TALNET talnet 1838/udp TALNET # Aaron Lav netopia-vo1 1839/tcp netopia-vo1 netopia-vo1 1839/udp netopia-vo1 netopia-vo2 1840/tcp netopia-vo2 netopia-vo2 1840/udp netopia-vo2 netopia-vo3 1841/tcp netopia-vo3 netopia-vo3 1841/udp netopia-vo3 netopia-vo4 1842/tcp netopia-vo4 netopia-vo4 1842/udp netopia-vo4 netopia-vo5 1843/tcp netopia-vo5 netopia-vo5 1843/udp netopia-vo5 # Marc Epard # 1839-1849 Unassigned gsi 1850/tcp GSI gsi 1850/udp GSI # William Mullaney ctcd 1851/tcp ctcd ctcd 1851/udp ctcd # John Ryan # 1852-1859 Unassigned sunscalar-svc 1860/tcp SunSCALAR Services sunscalar-svc 1860/udp SunSCALAR Services # Sanjay Radia lecroy-vicp 1861/tcp LeCroy VICP lecroy-vicp 1861/udp LeCroy VICP # Anthony Cake techra-server 1862/tcp techra-server techra-server 1862/udp techra-server # Roy Lyseng msnp 1863/tcp MSNP msnp 1863/udp MSNP # William Lai paradym-31port 1864/tcp Paradym 31 Port paradym-31port 1864/udp Paradym 31 Port # David Wooden entp 1865/tcp ENTP entp 1865/udp ENTP # Seiko Epson # 1866-1869 Unassigned sunscalar-dns 1870/tcp SunSCALAR DNS Service sunscalar-dns 1870/udp SunSCALAR DNS Service # Sanjay Radia canocentral0 1871/tcp Cano Central 0 canocentral0 1871/udp Cano Central 0 canocentral1 1872/tcp Cano Central 1 canocentral1 1872/udp Cano Central 1 # Mark McNamara fjmpjps 1873/tcp Fjmpjps fjmpjps 1873/udp Fjmpjps fjswapsnp 1874/tcp Fjswapsnp fjswapsnp 1874/udp Fjswapsnp # Y. Ohiwa # 1875-1880 Unassigned ibm-mqseries2 1881/tcp IBM MQSeries ibm-mqseries2 1881/udp IBM MQSeries # Steve Hall # 1882-1894 Unassigned vista-4gl 1895/tcp Vista 4GL vista-4gl 1895/udp Vista 4GL # Graham Turburville # 1896-1898 Unassigned mc2studios 1899/tcp MC2Studios mc2studios 1899/udp MC2Studios # Michael Coon # 1900 Unassigned fjicl-tep-a 1901/tcp Fujitsu ICL Terminal Emulator Program A fjicl-tep-a 1901/udp Fujitsu ICL Terminal Emulator Program A # Bob Lyon fjicl-tep-b 1902/tcp Fujitsu ICL Terminal Emulator Program B fjicl-tep-b 1902/udp Fujitsu ICL Terminal Emulator Program B # Bob Lyon linkname 1903/tcp Local Link Name Resolution linkname 1903/udp Local Link Name Resolution # Dan Harrington fjicl-tep-c 1904/tcp Fujitsu ICL Terminal Emulator Program C fjicl-tep-c 1904/udp Fujitsu ICL Terminal Emulator Program C # Bob Lyon sugp 1905/tcp Secure UP.Link Gateway Protocol sugp 1905/udp Secure UP.Link Gateway Protocol # Peter King tpmd 1906/tcp TPortMapperReq tpmd 1906/udp TPortMapperReq # Sheila Devins intrastar 1907/tcp IntraSTAR intrastar 1907/udp IntraSTAR # Peter Schoenberger dawn 1908/tcp Dawn dawn 1908/udp Dawn # Michael Crawford global-wlink 1909/tcp Global World Link global-wlink 1909/udp Global World Link # Nicholas Davies ultrabac 1910/tcp ultrabac ultrabac 1910/udp ultrabac Michael Gee mtp 1911/tcp Starlight Networks Multimedia Transport Protocol mtp 1911/udp Starlight Networks Multimedia Transport Protocol # Bruce Lieberman rhp-iibp 1912/tcp rhp-iibp rhp-iibp 1912/udp rhp-iibp # George Nachman # Tom Lake armadp 1913/tcp armadp armadp 1913/udp armadp # Kevin Welton elm-momentum 1914/tcp Elm-Momentum elm-momentum 1914/udp Elm-Momentum # Willie Wu facelink 1915/tcp FACELINK facelink 1915/udp FACELINK # J.H. Hermans persona 1916/tcp Persoft Persona persona 1916/udp Persoft Persona # Tom Spidell noagent 1917/tcp nOAgent noagent 1917/udp nOAgent # Martin Bestmann can-nds 1918/tcp Candle Directory Service - NDS can-nds 1918/udp Candle Directory Service - NDS can-dch 1919/tcp Candle Directory Service - DCH can-dch 1919/udp Candle Directory Service - DCH can-ferret 1920/tcp Candle Directory Service - FERRET can-ferret 1920/udp Candle Directory Service - FERRET # Dannis Yang noadmin 1921/tcp NoAdmin noadmin 1921/udp NoAdmin # Martin Bestmann tapestry 1922/tcp Tapestry tapestry 1922/udp Tapestry # Shari Trumbo-McHenry spice 1923/tcp SPICE spice 1923/udp SPICE # Nicholas Chua xiip 1924/tcp XIIP xiip 1924/udp XIIP # Alain Robert # 1925-1943 Unassigned close-combat 1944/tcp close-combat close-combat 1944/udp close-combat # David Hua dialogic-elmd 1945/tcp dialogic-elmd dialogic-elmd 1945/udp dialogic-elmd # Roger Kay tekpls 1946/tcp tekpls tekpls 1946/udp tekpls # Brian Abramson hlserver 1947/tcp hlserver hlserver 1947/udp hlserver # Michael Zzunke eye2eye 1948/tcp eye2eye eye2eye 1948/udp eye2eye # Trevor Bell ismaeasdaqlive 1949/tcp ISMA Easdaq Live ismaeasdaqlive 1949/udp ISMA Easdaq Live ismaeasdaqtest 1950/tcp ISMA Easdaq Test ismaeasdaqtest 1950/udp ISMA Easdaq Test # Stephen Dunne bcs-lmserver 1951/tcp bcs-lmserver bcs-lmserver 1951/udp bcs-lmserver # Andy Warner mpnjsc 1952/tcp mpnjsc mpnjsc 1952/udp mpnjsc # Takenori Miyahara rapidbase 1953/tcp Rapid Base rapidbase 1953/udp Rapid Base # Antoni Wolski # 1954-1971 Unassigned intersys-cache 1972/tcp Cache intersys-cache 1972/udp Cache # Mark Hanson dlsrap 1973/tcp Data Link Switching Remote Access Protocol dlsrap 1973/udp Data Link Switching Remote Access Protocol # Steve T. Chiang # 1974-1983 Unassigned bb 1984/tcp BB bb 1984/udp BB # Sean MacGuire hsrp 1985/tcp Hot Standby Router Protocol hsrp 1985/udp Hot Standby Router Protocol # Phil Morton licensedaemon 1986/tcp cisco license management licensedaemon 1986/udp cisco license management tr-rsrb-p1 1987/tcp cisco RSRB Priority 1 port tr-rsrb-p1 1987/udp cisco RSRB Priority 1 port tr-rsrb-p2 1988/tcp cisco RSRB Priority 2 port tr-rsrb-p2 1988/udp cisco RSRB Priority 2 port tr-rsrb-p3 1989/tcp cisco RSRB Priority 3 port tr-rsrb-p3 1989/udp cisco RSRB Priority 3 port # The following entry records an unassigned but widespread use mshnet 1989/tcp MHSnet system mshnet 1989/udp MHSnet system # Bob Kummerfeld stun-p1 1990/tcp cisco STUN Priority 1 port stun-p1 1990/udp cisco STUN Priority 1 port stun-p2 1991/tcp cisco STUN Priority 2 port stun-p2 1991/udp cisco STUN Priority 2 port stun-p3 1992/tcp cisco STUN Priority 3 port stun-p3 1992/udp cisco STUN Priority 3 port # The following entry records an unassigned but widespread use ipsendmsg 1992/tcp IPsendmsg ipsendmsg 1992/udp IPsendmsg # Bob Kummerfeld snmp-tcp-port 1993/tcp cisco SNMP tcp port snmp-tcp-port 1993/udp cisco SNMP tcp port stun-port 1994/tcp cisco serial tunnel port stun-port 1994/udp cisco serial tunnel port perf-port 1995/tcp cisco perf port perf-port 1995/udp cisco perf port tr-rsrb-port 1996/tcp cisco Remote SRB port tr-rsrb-port 1996/udp cisco Remote SRB port gdp-port 1997/tcp cisco Gateway Discovery Protocol gdp-port 1997/udp cisco Gateway Discovery Protocol x25-svc-port 1998/tcp cisco X.25 service (XOT) x25-svc-port 1998/udp cisco X.25 service (XOT) tcp-id-port 1999/tcp cisco identification port tcp-id-port 1999/udp cisco identification port callbook 2000/tcp callbook 2000/udp dc 2001/tcp wizard 2001/udp curry globe 2002/tcp globe 2002/udp mailbox 2004/tcp emce 2004/udp CCWS mm conf berknet 2005/tcp oracle 2005/udp invokator 2006/tcp raid-cc 2006/udp raid dectalk 2007/tcp raid-am 2007/udp conf 2008/tcp terminaldb 2008/udp news 2009/tcp whosockami 2009/udp search 2010/tcp pipe_server 2010/udp raid-cc 2011/tcp raid servserv 2011/udp ttyinfo 2012/tcp raid-ac 2012/udp raid-am 2013/tcp raid-cd 2013/udp troff 2014/tcp raid-sf 2014/udp cypress 2015/tcp raid-cs 2015/udp bootserver 2016/tcp bootserver 2016/udp cypress-stat 2017/tcp bootclient 2017/udp terminaldb 2018/tcp rellpack 2018/udp whosockami 2019/tcp about 2019/udp xinupageserver 2020/tcp xinupageserver 2020/udp servexec 2021/tcp xinuexpansion1 2021/udp down 2022/tcp xinuexpansion2 2022/udp xinuexpansion3 2023/tcp xinuexpansion3 2023/udp xinuexpansion4 2024/tcp xinuexpansion4 2024/udp ellpack 2025/tcp xribs 2025/udp scrabble 2026/tcp scrabble 2026/udp shadowserver 2027/tcp shadowserver 2027/udp submitserver 2028/tcp submitserver 2028/udp device2 2030/tcp device2 2030/udp blackboard 2032/tcp blackboard 2032/udp glogger 2033/tcp glogger 2033/udp scoremgr 2034/tcp scoremgr 2034/udp imsldoc 2035/tcp imsldoc 2035/udp objectmanager 2038/tcp objectmanager 2038/udp lam 2040/tcp lam 2040/udp interbase 2041/tcp interbase 2041/udp isis 2042/tcp isis isis 2042/udp isis isis-bcast 2043/tcp isis-bcast isis-bcast 2043/udp isis-bcast # Ken Chapman dlsrpn 2065/tcp Data Link Switch Read Port Number dlsrpn 2065/udp Data Link Switch Read Port Number dlswpn 2067/tcp Data Link Switch Write Port Number dlswpn 2067/udp Data Link Switch Write Port Number lrp 2090/tcp Load Report Protocol lrp 2090/udp Load Report Protocol # Amir Peless prp 2091/tcp PRP prp 2091/udp PRP # Amir Peless descent3 2092/tcp Descent 3 descent3 2092/udp Descent 3 # Kevin Bentley nbx-cc 2093/tcp NBX CC nbx-cc 2093/udp NBX CC nbx-au 2094/tcp NBX AU nbx-au 2094/udp NBX AU nbx-ser 2095/tcp NBX SER nbx-ser 2095/udp NBX SER nbx-dir 2096/tcp NBX DIR nbx-dir 2096/udp NBX DIR # Henry Houh jetformpreview 2097/tcp Jet Form Preview jetformpreview 2097/udp Jet Form Preview # Zygmunt Wiercioch dialog-port 2098/tcp Dialog Port dialog-port 2098/udp Dialog Port # Joseph Mathew h2250-annex-g 2099/tcp H.225.0 Annex G h2250-annex-g 2099/udp H.225.0 Annex G # Gur Kimchi amiganetfs 2100/tcp amiganetfs amiganetfs 2100/udp amiganetfs # Rudi Chiarito rtcm-sc104 2101/tcp rtcm-sc104 rtcm-sc104 2101/udp rtcm-sc104 # Wolfgang Rupprecht zephyr-srv 2102/tcp Zephyr server zephyr-srv 2102/udp Zephyr server zephyr-clt 2103/tcp Zephyr serv-hm connection zephyr-clt 2103/udp Zephyr serv-hm connection zephyr-hm 2104/tcp Zephyr hostmanager zephyr-hm 2104/udp Zephyr hostmanager # Greg Hudson minipay 2105/tcp MiniPay minipay 2105/udp MiniPay # Amir Herzberg mzap 2106/tcp MZAP mzap 2106/udp MZAP # Dave Thaler bintec-admin 2107/tcp BinTec Admin bintec-admin 2107/udp BinTec Admin # Thomas Schmidt # 2108-2179 Unassigned mc-gt-srv 2180/tcp Millicent Vendor Gateway Server mc-gt-srv 2180/udp Millicent Vendor Gateway Server # Steve Glassman ici 2200/tcp ICI ici 2200/udp ICI # Brent Hines ats 2201/tcp Advanced Training System Program ats 2201/udp Advanced Training System Program # imtc-map 2202/tcp Int. Multimedia Teleconferencing Cosortium imtc-map 2202/udp Int. Multimedia Teleconferencing Cosortium # Pat Galvin kali 2213/tcp Kali kali 2213/udp Kali # Jay Cotton ganymede 2220/tcp Ganymede ganymede 2220/udp Ganymede # David Quan unreg-ab1 2221/tcp Allen-Bradley unregistered port unreg-ab1 2221/udp Allen-Bradley unregistered port unreg-ab2 2222/tcp Allen-Bradley unregistered port unreg-ab2 2222/udp Allen-Bradley unregistered port inreg-ab3 2223/tcp Allen-Bradley unregistered port inreg-ab3 2223/udp Allen-Bradley unregistered port # ivs-video 2232/tcp IVS Video default ivs-video 2232/udp IVS Video default # Thierry Turletti infocrypt 2233/tcp INFOCRYPT infocrypt 2233/udp INFOCRYPT # Erica Liu directplay 2234/tcp DirectPlay directplay 2234/udp DirectPlay # Ajay Jindal sercomm-wlink 2235/tcp Sercomm-WLink sercomm-wlink 2235/udp Sercomm-WLink # Melinda Tsao nani 2236/tcp Nani nani 2236/udp Nani # Steve Benoit optech-port1-lm 2237/tcp Optech Port1 License Manager optech-port1-lm 2237/udp Optech Port1 License Manager # Gerard Cannie aviva-sna 2238/tcp AVIVA SNA SERVER aviva-sna 2238/udp AVIVA SNA SERVER # Vick Keshishian imagequery 2239/tcp Image Query imagequery 2239/udp Image Query # Charles Jacobs recipe 2240/tcp RECIPe recipe 2240/udp RECIPe # Jerry Freedman ivsd 2241/tcp IVS Daemon ivsd 2241/udp IVS Daemon # Thierry Turletti foliocorp 2242/tcp Folio Remote Server foliocorp 2242/udp Folio Remote Server # Pat Mcgowan # 2243-2278 Unassigned xmquery 2279/tcp xmquery xmquery 2279/udp xmquery # Niels Christiansen lnvpoller 2280/tcp LNVPOLLER lnvpoller 2280/udp LNVPOLLER lnvconsole 2281/tcp LNVCONSOLE lnvconsole 2281/udp LNVCONSOLE lnvalarm 2282/tcp LNVALARM lnvalarm 2282/udp LNVALARM lnvstatus 2283/tcp LNVSTATUS lnvstatus 2283/udp LNVSTATUS lnvmaps 2284/tcp LNVMAPS lnvmaps 2284/udp LNVMAPS lnvmailmon 2285/tcp LNVMAILMON lnvmailmon 2285/udp LNVMAILMON # Andrew MacKeith nas-metering 2286/tcp NAS-Metering nas-metering 2286/udp NAS-Metering # Steven Sawkins dna 2287/tcp DNA dna 2287/udp DNA # Tung Nguyen netml 2288/tcp NETML netml 2288/udp NETML # Jochen Hansmeyer # 2289-2293 Unassigned konshus-lm 2294/tcp Konshus License Manager (FLEX) konshus-lm 2294/udp Konshus License Manager (FLEX) # Francois Painchaud advant-lm 2295/tcp Advant License Manager advant-lm 2295/udp Advant License Manager # Lars-Goran Magnusson # theta-lm 2296/tcp Theta License Manager (Rainbow) theta-lm 2296/udp Theta License Manager (Rainbow) # David Thompson d2k-datamover1 2297/tcp D2K DataMover 1 d2k-datamover1 2297/udp D2K DataMover 1 d2k-datamover2 2298/tcp D2K DataMover 2 d2k-datamover2 2298/udp D2K DataMover 2 # Eric Lan pc-telecommute 2299/tcp PC Telecommute pc-telecommute 2299/udp PC Telecommute # John Daniel Bonamico cvmmon 2300/tcp CVMMON cvmmon 2300/udp CVMMON # Roger Kumpf cpq-wbem 2301/tcp Compaq HTTP cpq-wbem 2301/udp Compaq HTTP # Scott Shaffer binderysupport 2302/tcp Bindery Support binderysupport 2302/udp Bindery Support # Narasimha Rao N. proxy-gateway 2303/tcp Proxy Gateway proxy-gateway 2303/udp Proxy Gateway # Paul Funk attachmate-uts 2304/tcp Attachmate UTS attachmate-uts 2304/udp Attachmate UTS # George Gianelos mt-scaleserver 2305/tcp MT ScaleServer mt-scaleserver 2305/udp MT ScaleServer # Paul Glaubitz tappi-boxnet 2306/tcp TAPPI BoxNet tappi-boxnet 2306/udp TAPPI BoxNet # Richard Spartz pehelp 2307/tcp pehelp pehelp 2307/udp pehelp # Jens Kilian sdhelp 2308/tcp sdhelp sdhelp 2308/udp sdhelp # Annette Klecha sdserver 2309/tcp SD Server sdserver 2309/udp SD Server sdclient 2310/tcp SD Client sdclient 2310/udp SD Client # Jeurgen Broesamle messageservice 2311/tcp Message Service messageservice 2311/udp Message Service # 2312 Unassigned iapp 2313/tcp IAPP (Inter Access Point Protocol) iapp 2313/udp IAPP (Inter Access Point Protocol) # Henri Moelard cr-websystems 2314/tcp CR WebSystems cr-websystems 2314/udp CR WebSystems # Robin Giese precise-sft 2315/tcp Precise Sft. precise-sft 2315/udp Precise Sft. # Michael Landwehr sent-lm 2316/tcp SENT License Manager sent-lm 2316/udp SENT License Manager # Pisharath Krishnan attachmate-g32 2317/tcp Attachmate G32 attachmate-g32 2317/udp Attachmate G32 # Bryce Bhatnagar cadencecontrol 2318/tcp Cadence Control cadencecontrol 2318/udp Cadence Control # Buck Caldwell infolibria 2319/tcp InfoLibria infolibria 2319/udp InfoLibria # Chris Chiotasso siebel-ns 2320/tcp Siebel NS siebel-ns 2320/udp Siebel NS # Gilberto Arnaiz rdlap 2321/tcp RDLAP over UDP rdlap 2321/udp RDLAP # Robert Wiebe ofsd 2322/tcp ofsd ofsd 2322/udp ofsd 3d-nfsd 2323/tcp 3d-nfsd 3d-nfsd 2323/udp 3d-nfsd # Mike Sherrill cosmocall 2324/tcp Cosmocall cosmocall 2324/udp Cosmocall # Steve Dellutri designspace-lm 2325/tcp Design Space License Management designspace-lm 2325/udp Design Space License Management # Suzanne Lorrin idcp 2326/tcp IDCP idcp 2326/udp IDCP # Keisokugiken Corp. xingcsm 2327/tcp xingcsm xingcsm 2327/udp xingcsm # Dave Spencer netrix-sftm 2328/tcp Netrix SFTM netrix-sftm 2328/udp Netrix SFTM # Garrett Herschleb nvd 2329/tcp NVD nvd 2329/udp NVD # Peter Weyman tscchat 2330/tcp TSCCHAT tscchat 2330/udp TSCCHAT # Mike Jackson agentview 2331/tcp AGENTVIEW agentview 2331/udp AGENTVIEW # Ram Iyer rcc-host 2332/tcp RCC Host rcc-host 2332/udp RCC Host # Martin Shoemaker snapp 2333/tcp SNAPP snapp 2333/udp SNAPP # Kevin Obsorn ace-client 2334/tcp ACE Client Auth ace-client 2334/udp ACE Client Auth ace-proxy 2335/tcp ACE Proxy ace-proxy 2335/udp ACE Proxy # Riaz Zolfonoon appleugcontrol 2336/tcp Apple UG Control appleugcontrol 2336/udp Apple UG Control # Gene Tyacke ideesrv 2337/tcp ideesrv ideesrv 2337/udp ideesrv # Marazzi norton-lambert 2338/tcp Norton Lambert norton-lambert 2338/udp Norton Lambert # Richard de Mornay 3com-webview 2339/tcp 3Com WebView 3com-webview 2339/udp 3Com WebView # Jennifer Grace wrs_registry 2340/tcp WRS Registry wrs_registry 2340/udp WRS Registry # Christophe Cleraux xiostatus 2341/tcp XIO Status xiostatus 2341/udp XIO Status # Randy Maas manage-exec 2342/tcp Seagate Manage Exec manage-exec 2342/udp Seagate Manage Exec # Jim Flaherty nati-logos 2343/tcp nati logos nati-logos 2343/udp nati logos # David Pierce fcmsys 2344/tcp fcmsys fcmsys 2344/udp fcmsys dbm 2345/tcp dbm dbm 2345/udp dbm # Dean Robson redstorm_join 2346/tcp Game Connection Port redstorm_join 2346/udp Game Connection Port redstorm_find 2347/tcp Game Announcement and Location redstorm_find 2347/udp Game Announcement and Location redstorm_info 2348/tcp Information to query for game status redstorm_info 2348/udp Information to query for game status redstorm_diag 2349/tcp Diagnostics Port redstorm_diag 2349/udp Disgnostics Port # David Weinstein psbserver 2350/tcp psbserver psbserver 2350/udp psbserver psrserver 2351/tcp psrserver psrserver 2351/udp psrserver pslserver 2352/tcp pslserver pslserver 2352/udp pslserver pspserver 2353/tcp pspserver pspserver 2353/udp pspserver psprserver 2354/tcp psprserver psprserver 2354/udp psprserver psdbserver 2355/tcp psdbserver psdbserver 2355/udp psdbserver # Paul Reddy gxtelmd 2356/tcp GXT License Managemant gxtelmd 2356/udp GXT License Managemant # Robert Hodgson unihub-server 2357/tcp UniHub Server unihub-server 2357/udp UniHub Server # Tim Kenyon futrix 2358/tcp Futrix futrix 2358/udp Futrix # Peter Frankenberg flukeserver 2359/tcp FlukeServer flukeserver 2359/udp FlukeServer # Bill Marbaker nexstorindltd 2360/tcp NexstorIndLtd nexstorindltd 2360/udp NexstorIndLtd # NexStor India Limited tl1 2361/tcp TL1 tl1 2361/udp TL1 # Charles Scott Roberson # 2362-2388 Unassigned ovsessionmgr 2389/tcp OpenView Session Mgr ovsessionmgr 2389/udp OpenView Session Mgr # Eric Pulsipher rsmtp 2390/tcp RSMTP rsmtp 2390/udp RSMTP # Geoff Collyer 3com-net-mgmt 2391/tcp 3COM Net Management 3com-net-mgmt 2391/udp 3COM Net Management # Prathibha Nagvar tacticalauth 2392/tcp Tactical Auth tacticalauth 2392/udp Tactical Auth # David Yon ms-olap1 2393/tcp MS OLAP 1 ms-olap1 2393/udp MS OLAP 1 ms-olap2 2394/tcp MS OLAP 2 ms-olap2 2394/udp MA OLAP 2 # Mosha Pasumansky lan900_remote 2395/tcp LAN900 Remote lan900_remote 2395/udp LAN900 Remote # Tom Quinlan wusage 2396/tcp Wusage wusage 2396/udp Wusage # Thomas Boutell ncl 2397/tcp NCL ncl 2397/udp NCL # Robert Wiebe orbiter 2398/tcp Orbiter orbiter 2398/udp Orbiter # David Goldberg fmpro-fdal 2399/tcp FileMaker, Inc. - Data Access Layer fmpro-fdal 2399/udp FileMaker, Inc. - Data Access Layer # Clay Maeckal opequus-server 2400/tcp OpEquus Server opequus-server 2400/udp OpEquus Server # Gavin Hutchinson cvspserver 2401/tcp cvspserver cvspserver 2401/udp cvspserver # Jim Kingdon taskmaster2000 2402/tcp TaskMaster 2000 Server taskmaster2000 2402/udp TaskMaster 2000 Server taskmaster2000 2403/tcp TaskMaster 2000 Web taskmaster2000 2403/udp TaskMaster 2000 Web # Ed Odjaghian iec870-5-104 2404/tcp IEC870-5-104 iec870-5-104 2404/udp IEC870-5-104 # Walter Eichelburg trc-netpoll 2405/tcp TRC Netpoll trc-netpoll 2405/udp TRC Netpoll # Bizhan Ghavami jediserver 2406/tcp JediServer jediserver 2406/udp JediServer # Paul McEntire orion 2407/tcp Orion orion 2407/udp Orion # Matthew Horoschun optimanet 2408/tcp OptimaNet optimanet 2408/udp OptimaNet # John Graham-Cumming sns-protocol 2409/tcp SNS Protocol sns-protocol 2409/udp SNS Protocol # Amir Blich vrts-registry 2410/tcp VRTS Registry vrts-registry 2410/udp VRTS Registry # Pranay Varma netwave-ap-mgmt 2411/tcp Netwave AP Management netwave-ap-mgmt 2411/udp Netwave AP Management # Johnny Zweig cdn 2412/tcp CDN cdn 2412/udp CDN # Alan Noble orion-rmi-reg 2413/tcp orion-rmi-reg orion-rmi-reg 2413/udp orion-rmi-reg # J.S. Greenfield interlingua 2414/tcp Interlingua interlingua 2414/udp Interlingua # Bob Deblier comtest 2415/tcp COMTEST comtest 2415/udp COMTEST # Sylvia Ross rmtserver 2416/tcp RMT Server rmtserver 2416/udp RMT Server # Yvon Marineau composit-server 2417/tcp Composit Server composit-server 2417/udp Composit Server # Katsuaki Naoi cas 2418/tcp cas cas 2418/udp cas # Akiyoshi Ochi attachmate-s2s 2419/tcp Attachmate S2S attachmate-s2s 2419/udp Attachmate S2S # Chris Rominski dslremote-mgmt 2420/tcp DSL Remote Management dslremote-mgmt 2420/udp DSL Remote Management # Westell, Inc. g-talk 2421/tcp G-Talk g-talk 2421/udp G-Talk # Matt Hammond crmsbits 2422/tcp CRMSBITS crmsbits 2422/udp CRMSBITS # Rod Ward rnrp 2423/tcp RNRP rnrp 2423/udp RNRP # Per Sahlqvist kofax-svr 2424/tcp KOFAX-SVR kofax-svr 2424/udp KOFAX-SVR # Terry Reagan fjitsuappmgr 2425/tcp Fujitsu App Manager fjitsuappmgr 2425/udp Fujitsu App Manager # Hiroyuki Kawabuchi applianttcp 2426/tcp Appliant tcp appliantudp 2426/udp Appliant UDP # Brad Chen stgcp 2427/tcp Simple telephony Gateway Control Protocol stgcp 2427/udp Simple telephony Gateway Control Protocol # Christian Huitema ott 2428/tcp One Way Trip Time ott 2428/udp One Way Trip Time # Beverly Schwartz ft-role 2429/tcp FT-ROLE ft-role 2429/udp FT-ROLE # Doug Boone venus 2430/tcp venus venus 2430/udp venus venus-se 2431/tcp venus-se venus-se 2431/udp venus-se codasrv 2432/tcp codasrv codasrv 2432/udp codasrv codasrv-se 2433/tcp codasrv-se codasrv-se 2433/udp codasrv-se # Robert Watson pxc-epmap 2434/tcp pxc-epmap pxc-epmap 2434/udp pxc-epmap # Jun Nakamura optilogic 2435/tcp OptiLogic optilogic 2435/udp OptiLogic # Clark Williams topx 2436/tcp TOP/X topx 2436/udp TOP/X # Dragos Pop unicontrol 2437/tcp UniControl unicontrol 2437/udp UniControl # Ing. Markus Huemer msp 2438/tcp MSP msp 2438/udp MSP # Evan Caves sybasedbsynch 2439/tcp SybaseDBSynch sybasedbsynch 2439/udp SybaseDBSynch # Anthony Scian spearway 2440/tcp Spearway Lockers spearway 2440/udp Spearway Lockser # Pierre Frisch pvsw-inet 2441/tcp pvsw-inet pvsw-inet 2441/udp pvsw-inet # John McDowell netangel 2442/tcp Netangel netangel 2442/udp Netangel # Ladislav Baranyay powerclientcsf 2443/tcp PowerClient Central Storage Facility powerclientcsf 2443/udp PowerClient Central Storage Facility # Brian Klassen btpp2sectrans 2444/tcp BT PP2 Sectrans btpp2sectrans 2444/udp BT PP2 Sectrans # Ian Daniels dtn1 2445/tcp DTN1 dtn1 2445/udp DTN1 # Bob Gaddie bues_service 2446/tcp bues_service bues_service 2446/udp bues_service # Leonhard Diekmann # ovwdb 2447/tcp OpenView NNM daemon ovwdb 2447/udp OpenView NNM daemon # Eric Pulsipher hpppssvr 2448/tcp hpppsvr hpppssvr 2448/udp hpppsvr # Bridgette Landers ratl 2449/tcp RATL ratl 2449/udp RATL # Paul Greenfield netadmin 2450/tcp netadmin netadmin 2450/udp netadmin netchat 2451/tcp netchat netchat 2451/udp netchat # Julian Mehnle snifferclient 2452/tcp SnifferClient snifferclient 2452/udp SnifferClient # Amy Weaver madge-om 2453/tcp madge-om madge-om 2453/udp madge-om # Andrew Draper indx-dds 2454/tcp IndX-DDS indx-dds 2454/udp IndX-DDS # Paul Carmichael wago-io-system 2455/tcp WAGO-IO-SYSTEM wago-io-system 2455/udp WAGO-IO-SYSTEM # Uwe Rathert altav-remmgt 2456/tcp altav-remmgt altav-remmgt 2456/udp altav-remmgt # JC Ferguson rapido-ip 2457/tcp Rapido_IP rapido-ip 2457/udp Rapido_IP # Man Shuen Cheung griffin 2458/tcp griffin griffin 2458/udp griffin # Tom Taylor community 2459/tcp Community community 2459/udp Community # David Schwartz ms-theater 2460/tcp ms-theater ms-theater 2460/udp ms-theater # Anton Kucer qadmifoper 2461/tcp qadmifoper qadmifoper 2461/udp qadmifoper qadmifevent 2462/tcp qadmifevent qadmifevent 2462/udp qadmifevent # Pekka Takaranta symbios-raid 2463/tcp Symbios Raid symbios-raid 2463/udp Symbios Raid # Bill Delaney direcpc-si 2464/tcp DirecPC SI direcpc-si 2464/udp DirecPC SI # Doug Dillon lbm 2465/tcp Load Balance Management lbm 2465/udp Load Balance Management lbf 2466/tcp Load Balance Forwarding lbf 2466/udp Load Balance Forwarding # Kazuhiro Koide high-criteria 2467/tcp High Criteria high-criteria 2467/udp High Criteria # Konstantin Iavid qip_msgd 2468/tcp qip_msgd qip_msgd 2468/udp qip_msgd # Mike Morgan mti-tcs-comm 2469/tcp MTI-TCS-COMM mti-tcs-comm 2469/udp MTI-TCS-COMM # Mario Bonin taskman_port 2470/tcp taskman port taskman_port 2470/udp taskman port # Boris Panteleev seaodbc 2471/tcp SeaODBC seaodbc 2471/udp SeaODBC # Adrian Hornby c3 2472/tcp C3 c3 2472/udp C3 # Eckhard Grieger aker-cdp 2473/tcp Aker-cdp aker-cdp 2473/udp Aker-cdp # Rodrigo Ormonde vitalanalysis 2474/tcp Vital Analysis vitalanalysis 2474/udp Vital Analysis # Srinivas Reddy ace-server 2475/tcp ACE Server ace-server 2475/udp ACE Server ace-svr-prop 2476/tcp ACE Server Propagation ace-svr-prop 2476/udp ACE Server Propagation ssm-cvs 2477/tcp SecurSight Certificate Valifation Service ssm-cvs 2477/udp SecurSight Certificate Valifation Service ssm-cssps 2478/tcp SecurSight Authentication Server (SLL) ssm-cssps 2478/udp SecurSight Authentication Server (SSL) ssm-els 2479/tcp SecurSight Event Logging Server (SSL) ssm-els 2479/udp SecurSight Event Logging Server (SSL) # John Linn lingwood 2480/tcp Lingwood's Detail lingwood 2480/udp Lingwood's Detail # David Richmond giop 2481/tcp Oracle GIOP giop 2481/udp Oracle GIOP giop-ssl 2482/tcp Oracle GIOP SSL giop-ssl 2482/udp Oracle GIOP SSL ttc 2483/tcp Oracle TTC ttc 2483/udp Oracel TTC ttc-ssl 2484/tcp Oracle TTC SSL ttc-ssl 2484/udp Oracle TTC SSL # Chandar Venkataraman netobjects1 2485/tcp Net Objects1 netobjects1 2485/udp Net Objects1 netobjects2 2486/tcp Net Objects2 netobjects2 2486/udp Net Objects2 # Francois Granade pns 2487/tcp Policy Notice Service pns 2487/udp Policy Notice Service # Akiyoshi Ochi moy-corp 2488/tcp Moy Corporation moy-corp 2488/udp Moy Corporation # Gang Gong Moy tsilb 2489/tcp TSILB tsilb 2489/udp TSILB # James Irwin qip_qdhcp 2490/tcp qip_qdhcp qip_qdhcp 2490/udp qip_qdhcp # Mike Morgan conclave-cpp 2491/tcp Conclave CPP conclave-cpp 2491/udp Conclave CPP # Larry Lipstone groove 2492/tcp GROOVE groove 2492/udp GROOVE # Ray Ozzie talarian-mqs 2493/tcp Talarian MQS talarian-mqs 2493/udp Talarian MQS # Jim Stabile bmc-ar 2494/tcp BMC AR bmc-ar 2494/udp BMC AR # Shelia Childs fast-rem-serv 2495/tcp Fast Remote Services fast-rem-serv 2495/udp Fast Remote Services # Scott St. Clair dirgis 2496/tcp DIRGIS dirgis 2496/udp DIRGIS # Deutschland Informations- und # Reservierungsgesellschaft mbH quaddb 2497/tcp Quad DB quaddb 2497/udp Quad DB # Jeff Rosenthal odn-castraq 2498/tcp ODN-CasTraq odn-castraq 2498/udp ODN-CasTraq # Richard Hodges unicontrol 2499/tcp UniControl unicontrol 2499/udp UniControl # Ing. Markus Huemer rtsserv 2500/tcp Resource Tracking system server rtsserv 2500/udp Resource Tracking system server rtsclient 2501/tcp Resource Tracking system client rtsclient 2501/udp Resource Tracking system client # Aubrey Turner # kentrox-prot 2502/tcp Kentrox Protocol kentrox-prot 2502/udp Kentrox Protocol # Anil Lakhwara nms-dpnss 2503/tcp NMS-DPNSS nms-dpnss 2503/udp NMS-DPNSS # Jean-Christophe Desire # wlbs 2504/tcp WLBS wlbs 2504/udp WLBS # William Bain torque-traffic 2505/tcp torque-traffic torque-traffic 2505/udp torque-traffic # Alan Porter jbroker 2506/tcp jbroker jbroker 2506/udp jbroker # Rohit Garg spock 2507/tcp spock spock 2507/udp spock # Jon A. Christopher datastore 2508/tcp datastore datastore 2508/udp datastore # Jen Ole Lauridsen fjmpss 2509/tcp fjmpss fjmpss 2509/udp fjmpss # Makoto Watanabe fjappmgrbulk 2510/tcp fjappmgrbulk fjappmgrbulk 2510/udp fjappmgrbulk # Hiroyuki Kawabuchi metastorm 2511/tcp Metastorm metastorm 2511/udp Metastorm # Eric Isom citrixima 2512/tcp Citrix IMA citrixima 2512/udp Citrix IMA citrixadmin 2513/tcp Citrix ADMIN citrixadmin 2513/udp Citrix ADMIN # Kurt Mahan facsys-ntp 2514/tcp Facsys NTP facsys-ntp 2514/udp Facsys NTP facsys-router 2515/tcp Facsys Router facsys-router 2515/udp Facsys Router # Jeff Hoffman maincontrol 2516/tcp Main Control maincontrol 2516/udp Main Control # Nathan Sadia call-sig-trans 2517/tcp Call Signalling Transport call-sig-trans 2517/udp Call Signalling Transport # Gur Kimchi willy 2518/tcp Willy willy 2518/udp Willy # Carl-Johan Wik globmsgsvc 2519/tcp globmsgsvc globmsgsvc 2519/udp globmsgsvc # David Wiltz pvsw 2520/tcp pvsw pvsw 2520/udp pvsw # Ghassan Yammine adaptecmgr 2521/tcp Adaptec Manager adaptecmgr 2521/udp Adaptec Manager # Mark Parenti windb 2522/tcp WinDb windb 2522/udp WinDb # Larry Traylor qke-llc-v3 2523/tcp Qke LLC V.3 qke-llc-v3 2523/udp Qke LLC V.3 # Peter Ostermann optiwave-lm 2524/tcp Optiwave License Management optiwave-lm 2524/udp Optiwave License Management # Slawomir Krzesinski ms-v-worlds 2525/tcp MS V-Worlds ms-v-worlds 2525/udp MS V-Worlds # Pete Wong ema-sent-lm 2526/tcp EMA License Manager ema-sent-lm 2526/udp EMA License Manager # Thaddeus Perala iqserver 2527/tcp IQ Server iqserver 2527/udp IQ Server # Nick Straguzzi ncr_ccl 2528/tcp NCR CCL ncr_ccl 2528/udp NCR CCL # Amitava Dutta utsftp 2529/tcp UTS FTP utsftp 2529/udp UTS FTP # David Moore vrcommerce 2530/tcp VR Commerce vrcommerce 2530/udp VR Commerce # Yosi Mass ito-e-gui 2531/tcp ITO-E GUI ito-e-gui 2531/udp ITO-E GUI # Michael Haeuptle ovtopmd 2532/tcp OVTOPMD ovtopmd 2532/udp OVTOPMD # Eric Pulsipher snifferserver 2533/tcp SnifferServer snifferserver 2533/udp SnifferServer # Amy Weaver combox-web-acc 2534/tcp Combox Web Access combox-web-acc 2534/udp Combox Web Access # Yochai Cohen mdhcp 2535/tcp MDHCP mdhcp 2535/udp MDHCP # Stephen Hanna btpp2audctr1 2536/tcp btpp2audctr1 btpp2audctr1 2536/udp btpp2audctr1 # Ian Daniels upgrade 2537/tcp Upgrade Protocol upgrade 2537/udp Upgrade Protocol # Breck Auten vnwk-prapi 2538/tcp vnwk-prapi vnwk-prapi 2538/udp vnwk-prapi # John Hasselkus vsiadmin 2539/tcp VSI Admin vsiadmin 2539/udp VSI Admin # Rob Juergens lonworks 2540/tcp LonWorks lonworks 2540/udp LonWorks lonworks2 2541/tcp LonWorks2 lonworks2 2541/udp LonWorks2 # Gary Bartlett davinci 2542/tcp daVinci davinci 2542/udp daVinci # Mattias Werner reftek 2543/tcp REFTEK reftek 2543/udp REFTEK # Robert Banfill novell-zen 2544/tcp Novell ZEN novell-zen 2544/tcp Novell ZEN # Randy Cook sis-emt 2545/tcp sis-emt sis-emt 2545/udp sis-emt # Bill Crawford vytalvaultbrtp 2546/tcp vytalvaultbrtp vytalvaultbrtp 2546/udp vytalvaultbrtp vytalvaultvsmp 2547/tcp vytalvaultvsmp vytalvaultvsmp 2547/udp vytalvaultvsmp vytalvaultpipe 2548/tcp vytalvaultpipe vytalvaultpipe 2548/udp vytalvaultpipe # Tim Boldt ipass 2549/tcp IPASS ipass 2549/udp IPASS # Michael Fischer ads 2550/tcp ADS ads 2550/udp ADS # Michael O'Connor isg-uda-server 2551/tcp ISG UDA Server isg-uda-server 2551/udp ISG UDA Server # Dror Harari call-logging 2552/tcp Call Logging call-logging 2552/udp Call Logging # Dean Webb efidiningport 2553/tcp efidiningport efidiningport 2553/udp efidiningport # Lynn Carter vcnet-link-v10 2554/tcp VCnet-Link v10 vcnet-link-v10 2554/udp VCnet-Link v10 # Csaba Mate compaq-wcp 2555/tcp Compaq WCP compaq-wcp 2555/udp Compaq WCP # Ferruccio Barletta nicetec-nmsvc 2556/tcp nicetec-nmsvc nicetec-nmsvc 2556/udp nicetec-nmsvc nicetec-mgmt 2557/tcp nicetec-mgmt nicetec-mgmt 2557/udp nicetec-mgmt # Joerg Paulus pclemultimedia 2558/tcp PCLE Multi Media pclemultimedia 2558/udp PCLE Multi Media # Bernd Scharping lstp 2559/tcp LSTP lstp 2559/udp LSTP # Waiki Wright labrat 2560/tcp labrat labrat 2560/udp labrat # John Harvey mosaixcc 2561/tcp MosaixCC mosaixcc 2561/udp MosaixCC # Steven Frare delibo 2562/tcp Delibo delibo 2562/udp Delibo # NovaWiz LTD cti-redwood 2563/tcp CTI Redwood cti-redwood 2563/udp CTI Redwood # Songwon Chi hp-3000-telnet 2564/tcp HP 3000 NS/VT block mode telnet # coord-svr 2565/tcp Coordinator Server coord-svr 2565/udp Coordinator Server # Richard Steiger pcs-pcw 2566/tcp pcs-pcw pcs-pcw 2566/udp pcs-pcw # W. Jordan Fitzhugh clp 2567/tcp Cisco Line Protocol clp 2567/udp Cisco Line Protocol # Susan Hinrichs spamtrap 2568/tcp SPAM TRAP spamtrap 2568/udp SPAM TRAP # Chuck Bennett sonuscallsig 2569/tcp Sonus Call Signal sonuscallsig 2569/udp Sonus Call Signal # Mark Garti hs-port 2570/tcp HS Port hs-port 2570/udp HS Port # Uri Doron cecsvc 2571/tcp CECSVC cecsvc 2571/udp CECSVC # Roger Pao ibp 2572/tcp IBP ibp 2572/udp IBP # Jonathan Downes trustestablish 2573/tcp Trust Establish trustestablish 2573/udp Trust Establish # Yosi Mass blockade-bpsp 2574/tcp Blockade BPSP blockade-bpsp 2574/udp Blockade BPSP # Jay Maharaj hl7 2575/tcp HL7 hl7 2575/udp HL7 # Tim Jacobs tclprodebugger 2576/tcp TCL Pro Debugger tclprodebugger 2576/udp TCL Pro Debugger scipticslsrvr 2577/tcp Scriptics Lsrvr scipticslsrvr 2577/udp Scriptics Lsrvr # Brent Welch rvs-isdn-dcp 2578/tcp RVS ISDN DCP rvs-isdn-dcp 2578/udp RVS ISDN DCP # Michael Zirpel mpfoncl 2579/tcp mpfoncl mpfoncl 2579/udp mpfoncl # Itaru Kimura tributary 2580/tcp Tributary tributary 2580/udp Tributary # Louis Lu argis-te 2581/tcp ARGIS TE argis-te 2581/udp ARGIS TE argis-ds 2582/tcp ARGIS DS argis-ds 2582/udp ARGIS DS # John Legh-Page mon 2583/tcp MON mon 2583/udp MON # Jim Trocki cyaserv 2584/tcp cyaserv cyaserv 2584/udp cyaserv # Morgan Jones netx-server 2585/tcp NETX Server netx-server 2585/udp NETX Server netx-agent 2586/tcp NETX Agent netx-agent 2586/udp NETX Agent # Brett Dolecheck masc 2587/tcp MASC masc 2587/udp MASC # Pavlin Ivanov Radoslavov # privilege 2588/tcp Privilege privilege 2588/udp Privilege # Gil Hecht quartus-tcl 2589/tcp quartus tcl quartus-tcl 2589/udp quartus tcl # Subroto Datta idotdist 2590/tcp idotdist idotdist 2590/udp idotdist # Jason Hunter maytagshuffle 2591/tcp Maytag Shuffle maytagshuffle 2591/udp Maytag Shuffle # Maytag Corporation netrek 2592/tcp netrek netrek 2592/udp netrek # Al Guetzlaff mns-mail 2593/tcp MNS Mail Notice Service mns-mail 2593/udp MNS Mail Notice Service # Rumiko Kikuta dts 2594/tcp Data Base Server dts 2594/udp Data Base Server # Andreas Roene worldfusion1 2595/tcp World Fusion 1 worldfusion1 2595/udp World Fusion 1 worldfusion2 2596/tcp World Fusion 2 worldfusion2 2596/udp World Fusion 2 # World Fusion homesteadglory 2597/tcp Homestead Glory homesteadglory 2597/udp Homestead Glory # John Tokash citriximaclient 2598/tcp Citrix MA Client citriximaclient 2598/udp Citrix MA Client # Kurt Mahan meridiandata 2599/tcp Meridian Data meridiandata 2599/udp Meridian Data # David Stahl hpstgmgr 2600/tcp HPSTGMGR hpstgmgr 2600/udp HPSTGMGR # Kevin Collins discp-client 2601/tcp discp client discp-client 2601/udp discp client discp-server 2602/tcp discp server discp-server 2602/udp discp server # Peter White servicemeter 2603/tcp Service Meter servicemeter 2603/udp Service Meter # Duncan Hare nsc-ccs 2604/tcp NSC CCS nsc-ccs 2604/udp NSC CCS nsc-posa 2605/tcp NSC POSA nsc-posa 2605/udp NSC POSA # Tom Findley netmon 2606/tcp Dell Netmon netmon 2606/udp Dell Netmon connection 2607/tcp Dell Connection connection 2607/udp Dell Connection # Sudhir Shetty wag-service 2608/tcp Wag Service wag-service 2608/udp Wag Service # Gilles Bourquard system-monitor 2609/tcp System Monitor system-monitor 2609/udp System Monitor # Greg Robson-Garth versa-tek 2610/tcp VersaTek versa-tek 2610/udp VersaTek # James Kou lionhead 2611/tcp LIONHEAD lionhead 2611/udp LIONHEAD # Tim Rance qpasa-agent 2612/tcp Qpasa Agent qpasa-agent 2612/udp Qpasa Agent # Craig Ching smntubootstrap 2613/tcp SMNTUBootstrap smntubootstrap 2613/udp SMNTUBootstrap # Matt Cecile neveroffline 2614/tcp Never Off Line neveroffline 2614/udp Never Off Line # Dustin Brand firepower 2615/tcp firepower firepower 2615/udp firepower # Jason Volk appswitch-emp 2616/tcp appswitch-emp appswitch-emp 2616/udp appswitch-emp # Ted Ross cmadmin 2617/tcp Clinical Context Managers cmadmin 2617/udp Clinical Context Managers # Mark Morwood priority-e-com 2618/tcp Priority E-Com priority-e-com 2618/udp Priority E-Com # Marcelo Einhorn bruce 2619/tcp bruce bruce 2619/udp bruce # Alec Muffett lpsrecommender 2620/tcp LPSRecommender lpsrecommender 2620/udp LPSRecommender # Pritham Shetty miles-apart 2621/tcp Miles Apart Jukebox Server miles-apart 2621/udp Miles Apart Jukebox Server # Michael Rathmann # 2622-2627 Unassigned dict 2628/tcp DICT dict 2628/udp DICT # Rik Faith sitaraserver 2629/tcp Sitara Server sitaraserver 2629/udp Sitara Server sitaramgmt 2630/tcp Sitara Management sitaramgmt 2630/udp Sitara Management sitaradir 2631/tcp Sitara Dir sitaradir 2631/udp Sitara Dir # Manickam R.Sridhar irdg-post 2632/tcp IRdg Post irdg-post 2632/udp IRdg Post # IRdg, Inc. interintelli 2633/tcp InterIntelli interintelli 2633/udp InterIntelli # Mike Gagle pk-electronics 2634/tcp PK Electronics pk-electronics 2634/udp PK Electronics # Seb Ibis backburner 2635/tcp Back Burner backburner 2635/udp Back Burner # Kevin Teiskoetter solve 2636/tcp Solve solve 2636/udp Solve # Peter Morrison imdocsvc 2637/tcp Import Document Service imdocsvc 2637/udp Import Document Service # Zia Bhatti sybaseanywhere 2638/tcp Sybase Anywhere sybaseanywhere 2638/udp Sybase Anywhere # Verna Friesen aminet 2639/tcp AMInet aminet 2639/udp AMInet # Alcorn McBride Inc. sai_sentlm 2640/tcp Sabbagh Associates Licence Manager sai_sentlm 2640/udp Sabbagh Associates Licence Manager # Elias Sabbagh hdl-srv 2641/tcp HDL Server hdl-srv 2641/udp HDL Server # David Ely tragic 2642/tcp Tragic tragic 2642/udp Tragic # Stu Mark gte-samp 2643/tcp GTE-SAMP gte-samp 2643/udp GTE-SAMP # Asher Altman travsoft-ipx-t 2644/tcp Travsoft IPX Tunnel travsoft-ipx-t 2644/udp Travsoft IPX Tunnel # Jack Wilson novell-ipx-cmd 2645/tcp Novell IPX CMD novell-ipx-cmd 2645/udp Novell IPX CMD # Juan Carlos Luciani and-lm 2646/tcp AND Licence Manager and-lm 2646/udp AND License Manager # Dick van der Sijs syncserver 2647/tcp SyncServer syncserver 2647/udp SyncServer # Dave Finnegan upsnotifyprot 2648/tcp Upsnotifyprot upsnotifyprot 2648/udp Upsnotifyprot # Mario Leboute vpsipport 2649/tcp VPSIPPORT vpsipport 2649/udp VPSIPPORT # Joon Radley eristwoguns 2650/tcp eristwoguns eristwoguns 2650/udp eristwoguns # Ed Harris ebinsite 2651/tcp EBInSite ebinsite 2651/udp EBInSite # Lefteris Kalamaras interpathpanel 2652/tcp InterPathPanel interpathpanel 2652/udp InterPathPanel # Stephen Misel sonus 2653/tcp Sonus sonus 2653/udp Sonus # Mark Garti corel_vncadmin 2654/tcp Corel VNC Admin corel_vncadmin 2654/udp Corel VNC Admin # Oleg Noskov unglue 2655/tcp UNIX Nt Glue unglue 2655/udp UNIX Nt Glue # Peter Santoro kana 2656/tcp Kana kana 2656/udp Kana # Colin Goldstein sns-dispatcher 2657/tcp SNS Dispatcher sns-dispatcher 2657/udp SNS Dispatcher sns-admin 2658/tcp SNS Admin sns-admin 2658/udp SNS Admin sns-query 2659/tcp SNS Query sns-query 2659/udp SNS Query # Mary Holstege gcmonitor 2660/tcp GC Monitor gcmonitor 2660/udp GC Monitor # Gustavo Rodriguez-Rivera olhost 2661/tcp OLHOST olhost 2661/udp OLHOST # Robert Ripberger bintec-capi 2662/tcp BinTec-CAPI bintec-capi 2662/udp BinTec-CAPI bintec-tapi 2663/tcp BinTec-TAPI bintec-tapi 2663/udp BinTec-TAPI # command-mq-gm 2664/tcp Command MQ GM command-mq-gm 2664/udp Command MQ GM command-mq-pm 2665/tcp Command MQ PM command-mq-pm 2665/udp Command MQ PM # Richard Nikula extensis 2666/tcp extensis extensis 2666/udp extensis # Milton Sagen alarm-clock-s 2667/tcp Alarm Clock Server alarm-clock-s 2667/udp Alarm Clock Server alarm-clock-c 2668/tcp Alarm Clock Client alarm-clock-c 2668/udp Alarm Clock Client toad 2669/tcp TOAD toad 2669/udp TOAD # Michael Marking tve-announce 2670/tcp TVE Announce tve-announce 2670/udp TVE Announce # Dean Blackketter newlixreg 2671/tcp newlixreg newlixreg 2671/udp newlixreg # Jean-Serge Gagnon nhserver 2672/tcp nhserver nhserver 2672/udp nhserver # Adrian Hornby firstcall42 2673/tcp First Call 42 firstcall42 2673/udp First Call 42 # Luke Bowen ewnn 2674/tcp ewnn ewnn 2674/udp ewnn # Yasunari Yamashita ttc-etap 2675/tcp TTC ETAP ttc-etap 2675/udp TTC ETAP # Daniel Becker simslink 2676/tcp SIMSLink simslink 2676/udp SIMSLink # Steve Ryckman gadgetgate1way 2677/tcp Gadget Gate 1 Way gadgetgate1way 2677/udp Gadget Gate 1 Way gadgetgate2way 2678/tcp Gadget Gate 2 Way gadgetgate2way 2678/udp Gadget Gate 2 Way # Matt Rollins syncserverssl 2679/tcp Sync Server SSL syncserverssl 2679/udp Sync Server SSL # Dave Finnegan pxc-sapxom 2680/tcp pxc-sapxom pxc-sapxom 2680/udp pxc-sapxom # Hideki Kiriyama mpnjsomb 2681/tcp mpnjsomb mpnjsomb 2681/udp mpnjsomb # Takenori Miyahara srsp 2682/tcp SRSP srsp 2682/udp SRSP # Martin Eriksson ncdloadbalance 2683/tcp NCDLoadBalance ncdloadbalance 2683/udp NCDLoadBalance # Tim Stevenson mpnjsosv 2684/tcp mpnjsosv mpnjsosv 2684/udp mpnjsosv mpnjsocl 2685/tcp mpnjsocl mpnjsocl 2685/udp mpnjsocl mpnjsomg 2686/tcp mpnjsomg mpnjsomg 2686/udp mpnjsomg # Takenori Miyahara pq-lic-mgmt 2687/tcp pq-lic-mgmt pq-lic-mgmt 2687/udp pq-lic-mgmt # Bob Sledge md-cg-http 2688/tcp md-cf-http md-cg-http 2688/udp md-cf-http # Lyndon Nerenberg fastlynx 2689/tcp FastLynx fastlynx 2689/udp FastLynx # Dave Sewell # 2690-2699 Unassigned tqdata 2700/tcp tqdata tqdata 2700/udp tqdata # Al Guetzlaff # 2701-2783 IANA - Unassigned VPN-1-enc 2746/udp Check Point VPN-1 IPSEC encapsulation [unverified] www-dev 2784/tcp world wide web - development www-dev 2784/udp world wide web - development aic-np 2785/tcp aic-np aic-np 2785/udp aic-np # Brad Parker aic-oncrpc 2786/tcp aic-oncrpc - Destiny MCD database aic-oncrpc 2786/udp aic-oncrpc - Destiny MCD database # Brad Parker piccolo 2787/tcp piccolo - Cornerstone Software piccolo 2787/udp piccolo - Cornerstone Software # Dave Bellivea fryeserv 2788/tcp NetWare Loadable Module - Seagate Software fryeserv 2788/udp NetWare Loadable Module - Seagate Software # Joseph LoPilato media-agent 2789/tcp Media Agent media-agent 2789/udp Media Agent # Nitzan Daube # 2789-2827 Unassigned itm-lm 2828/tcp ITM License Manager itm-lm 2828/udp ITM License Manager # Miles O'Neal # 2829-2907 Unassigned mao 2908/tcp mao mao 2908/udp mao # Marc Baudoin funk-dialout 2909/tcp Funk Dialout funk-dialout 2909/udp Funk Dialout # Cimarron Boozer tdaccess 2910/tcp TDAccess tdaccess 2910/udp TDAccess # Tom Haapanen blockade 2911/tcp Blockade blockade 2911/udp Blockade # Konstantin Iavid epicon 2912/tcp Epicon epicon 2912/udp Epicon # Michael Khalandovsky boosterware 2913/tcp Booster Ware boosterware 2913/udp Booster Ware # Ido Ben-David gamelobby 2914/tcp Game Lobby gamelobby 2914/udp Game Lobby # Paul Ford-Hutchinson tksocket 2915/tcp TK Socket tksocket 2915/udp TK Socket # Alan Fahrner elvin_server 2916/tcp Elvin Server elvin_server 2916/ucp Elvin Server elvin_client 2917/tcp Elvin Client elvin_client 2917/udp Elvin Client # David Arnold kastenchasepad 2918/tcp Kasten Chase Pad kastenchasepad 2918/udp Kasten Chase Pad # Marc Gauthier # 2918-2970 Unassigned netclip 2971/tcp Net Clip netclip 2971/udp Net Clip # Rudi Chiarito pmsm-webrctl 2972/tcp PMSM Webrctl pmsm-webrctl 2972/udp PMSM Webrctl # Markus Michels svnetworks 2973/tcp SV Networks svnetworks 2973/udp SV Networks # Sylvia Siu signal 2974/tcp Signal signal 2974/udp Signal # Wyatt Williams fjmpcm 2975/tcp Fujitsu Configuration Management Service fjmpcm 2975/udp Fujitsu Configuration Management Service # Hiroki Kawano cns-srv-port 2976/tcp CNS Server Port cns-srv-port 2976/udp CNS Server Port # Ram Golla ttc-etap-ns 2977/tcp TTCs Enterprise Test Access Protocol - NS ttc-etap-ns 2977/udp TTCs Enterprise Test Access Protocol - NS ttc-etap-ds 2978/tcp TTCs Enterprise Test Access Protocol - DS ttc-etap-ds 2978/udp TTCs Enterprise Test Access Protocol - DS # Daniel Becker # 2979-2997 Unassigned realsecure 2998/tcp Real Secure realsecure 2998/udp Real Secure # Tim Farley remoteware-un 2999/tcp RemoteWare Unassigned remoteware-un 2999/udp RemoteWare Unassigned # Tim Farley hbci 3000/tcp HBCI hbci 3000/udp HBCI # Kurt Haubner # The following entry records an unassigned but widespread use remoteware-cl 3000/tcp RemoteWare Client remoteware-cl 3000/udp RemoteWare Client # Tim Farley redwood-broker 3001/tcp Redwood Broker (Also used by Nessus Security Scanner {Server}) redwood-broker 3001/udp Redwood Broker # Joseph Morrison exlm-agent 3002/tcp EXLM Agent exlm-agent 3002/udp EXLM Agent # Randy Martin # The following entry records an unassigned but widespread use remoteware-srv 3002/tcp RemoteWare Server remoteware-srv 3002/udp RemoteWare Server # Tim Farley cgms 3003/tcp CGMS cgms 3003/udp CGMS # Jim Mazzonna csoftragent 3004/tcp Csoft Agent csoftragent 3004/udp Csoft Agent # Nedelcho Stanev geniuslm 3005/tcp Genius License Manager geniuslm 3005/udp Genius License Manager # Jakob Spies ii-admin 3006/tcp Instant Internet Admin ii-admin 3006/udp Instant Internet Admin # Lewis Donzis lotusmtap 3007/tcp Lotus Mail Tracking Agent Protocol lotusmtap 3007/udp Lotus Mail Tracking Agent Protocol # Ken Lin midnight-tech 3008/tcp Midnight Technologies midnight-tech 3008/udp Midnight Technologies # Kyle Unice pxc-ntfy 3009/tcp PXC-NTFY pxc-ntfy 3009/udp PXC-NTFY # Takeshi Nishizawa gw 3010/tcp Telerate Workstation ping-pong 3010/udp Telerate Workstation # Timo Sivonen trusted-web 3011/tcp Trusted Web trusted-web 3011/udp Trusted Web twsdss 3012/tcp Trusted Web Client twsdss 3012/udp Trusted Web Client # Alex Duncan gilatskysurfer 3013/tcp Gilat Sky Surfer gilatskysurfer 3013/udp Gilat Sky Surfer # Yossi Gal broker_service 3014/tcp Broker Service broker_service 3014/udp Broker Service # Dale Bethers nati-dstp 3015/tcp NATI DSTP nati-dstp 3015/udp NATI DSTP # Paul Austin notify_srvr 3016/tcp Notify Server notify_srvr 3016/udp Notify Server # Hugo Parra event_listener 3017/tcp Event Listener event_listener 3017/udp Event Listener # Ted Tronson srvc_registry 3018/tcp Service Registry srvc_registry 3018/udp Service Registry # Mark Killgore resource_mgr 3019/tcp Resource Manager resource_mgr 3019/udp Resource Manager # Gary Glover cifs 3020/tcp CIFS cifs 3020/udp CIFS # Paul Leach agriserver 3021/tcp AGRI Server agriserver 3021/udp AGRI Server # Frank Neulichedl csregagent 3022/tcp CSREGAGENT csregagent 3022/udp CSREGAGENT # Nedelcho Stanev magicnotes 3023/tcp magicnotes magicnotes 3023/udp magicnotes # Karl Edwall nds_sso 3024/tcp NDS_SSO nds_sso 3024/udp NDS_SSO # Mel Oyler arepa-raft 3025/tcp Arepa Raft arepa-raft 3025/udp Arepa Raft # Mark Ellison agri-gateway 3026/tcp AGRI Gateway agri-gateway 3026/udp AGRI Gateway # Agri Datalog LiebDevMgmt_C 3027/tcp LiebDevMgmt_C LiebDevMgmt_C 3027/udp LiebDevMgmt_C LiebDevMgmt_DM 3028/tcp LiebDevMgmt_DM LiebDevMgmt_DM 3028/udp LiebDevMgmt_DM LiebDevMgmt_A 3029/tcp LiebDevMgmt_A LiebDevMgmt_A 3029/udp LiebDevMgmt_A # Mike Velten arepa-cas 3030/tcp Arepa Cas arepa-cas 3030/udp Arepa Cas # Seth Silverman agentvu 3031/tcp AgentVU agentvu 3031/udp AgentVU # Chad Williams redwood-chat 3032/tcp Redwood Chat redwood-chat 3032/udp Redwood Chat # Songwon Chi pdb 3033/tcp PDB pdb 3033/udp PDB # Don Bowman osmosis-aeea 3034/tcp Osmosis AEEA osmosis-aeea 3034/udp Osmosis AEEA # Larry Atkin fjsv-gssagt 3035/tcp FJSV gssagt fjsv-gssagt 3035/udp FJSV gssagt # Tomoji Koike hagel-dump 3036/tcp Hagel DUMP hagel-dump 3036/udp Hagel DUMP # Haim Gelfenbeyn hp-san-mgmt 3037/tcp HP SAN Mgmt hp-san-mgmt 3037/udp HP SAN Mgmt # Steve Britt santak-ups 3038/tcp Santak UPS santak-ups 3038/udp Santak UPS # Tom Liu cogitate 3039/tcp Cogitate, Inc. cogitate 3039/udp Cogitate, Inc. # Jim Harlan tomato-springs 3040/tcp Tomato Springs tomato-springs 3040/udp Tomato Springs # Jack Waller III di-traceware 3041/tcp di-traceware di-traceware 3041/udp di-traceware # Carlos Hung journee 3042/tcp journee journee 3042/udp journee # Stephen Favor brp 3043/tcp BRP brp 3043/udp BRP # Greg Gee msexch-routing 3044/tcp msexch-routing msexch-routing 3044/udp msexch-routing # David Lemson responsenet 3045/tcp ResponseNet responsenet 3045/udp ResponseNet # Chul Yoon di-ase 3046/tcp di-ase di-ase 3046/udp di-ase # Carlos Hung hlserver 3047/tcp Fast Security HL Server hlserver 3047/udp Fast Security HL Server # Michael Zunke pctrader 3048/tcp Sierra Net PC Trader pctrader 3048/udp Sierra Net PC Trader # Chris Hahn nsws 3049/tcp NSWS nsws 3049/udp NSWS # Ray Gwinn gds_db 3050/tcp gds_db gds_db 3050/udp gds_db # Madhukar N. Thakur # 3051-3059 Unassigned interserver 3060/tcp interserver interserver 3060/udp interserver # Madhukar N. Thakur # 3061-3079 Unassigned stm_pproc 3080/tcp stm_pproc stm_pproc 3080/udp stm_pproc # Paul McGinnis # 3081-3104 Unassigned cardbox 3105/tcp Cardbox cardbox 3105/udp Cardbox cardbox-http 3106/tcp Cardbox HTTP cardbox-http 3106/udp Cardbox HTTP # Martin Kochanski # 3107-3129 Unassigned squid-proxy 3128/tcp Normally unassigned, but used by Squid Proxy by default icpv2 3130/tcp ICPv2 icpv2 3130/udp ICPv2 # Duane Wessels netbookmark 3131/tcp Net Book Mark netbookmark 3131/udp Net Book Mark # Yiftach Ravid # 3132-3140 Unassigned vmodem 3141/tcp VMODEM vmodem 3141/udp VMODEM # Ray Gwinn rdc-wh-eos 3142/tcp RDC WH EOS rdc-wh-eos 3142/udp RDC WH EOS # Udi Nir seaview 3143/tcp Sea View seaview 3143/udp Sea View # Jim Flaherty tarantella 3144/tcp Tarantella tarantella 3144/udp Tarantella # Roger Binns csi-lfap 3145/tcp CSI-LFAP csi-lfap 3145/udp CSI-LFAP # Paul Amsden # 3146 Unassigned rfio 3147/tcp RFIO rfio 3147/udp RFIO # Frederic Hemmer nm-game-admin 3148/tcp NetMike Game Administrator nm-game-admin 3148/udp NetMike Game Administrator nm-game-server 3149/tcp NetMike Game Server nm-game-server 3149/udp NetMike Game Server nm-asses-admin 3150/tcp NetMike Assessor Administrator nm-asses-admin 3150/udp NetMike Assessor Administrator nm-assessor 3151/tcp NetMike Assessor nm-assessor 3151/udp NetMike Assessor # Andrew Sharpe # 3152-3179 Unassigned mc-brk-srv 3180/tcp Millicent Broker Server mc-brk-srv 3180/udp Millicent Broker Server # Steve Glassman # 3181-3263 Unassigned ccmail 3264/tcp cc:mail/lotus ccmail 3264/udp cc:mail/lotus altav-tunnel 3265/tcp Altav Tunnel altav-tunnel 3265/udp Altav Tunnel # JC Ferguson ns-cfg-server 3266/tcp NS CFG Server ns-cfg-server 3266/udp NS CFG Server # Aivi Lie ibm-dial-out 3267/tcp IBM Dial Out ibm-dial-out 3267/udp IBM Dial Out # Skip Booth msft-gc 3268/tcp Microsoft Global Catalog msft-gc 3268/udp Microsoft Global Catalog msft-gc-ssl 3269/tcp Microsoft Global Catalog with LDAP/SSL msft-gc-ssl 3269/udp Microsoft Global Catalog with LDAP/SSL # Steve Judd verismart 3270/tcp Verismart verismart 3270/udp Verismart # Jay Weber csoft-prev 3271/tcp CSoft Prev Port csoft-prev 3271/udp CSoft Prev Port # Nedelcho Stanev user-manager 3272/tcp Fujitsu User Manager user-manager 3272/udp Fujitsu User Manager # Yukihiko Sakurai sxmp 3273/tcp Simple Extensible Multiplexed Protocol sxmp 3273/udp Simple Extensible Multiplexed Protocol # Jerry Jongerius ordinox-server 3274/tcp Ordinox Server ordinox-server 3274/udp Ordinox Server # Guy Letourneau samd 3275/tcp SAMD samd 3275/udp SAMD # Edgar Circenis maxim-asics 3276/tcp Maxim ASICs maxim-asics 3276/udp Maxim ASICs # Dave Inman awg-proxy 3277/tcp AWG Proxy awg-proxy 3277/udp AWG Proxy # Alex McDonald lkcmserver 3278/tcp LKCM Server lkcmserver 3278/udp LKCM Server # Javier Jimenez admind 3279/tcp admind admind 3279/udp admind # Jeff Haynes vs-server 3280/tcp VS Server vs-server 3280/udp VS Server # Scott Godlew sysopt 3281/tcp SYSOPT sysopt 3281/udp SYSOPT # Tony Hoffman datusorb 3282/tcp Datusorb datusorb 3282/udp Datusorb # Thomas Martin net-assistant 3283/tcp Net Assistant net-assistant 3283/udp Net Assistant # Michael Stein 4talk 3284/tcp 4Talk 4talk 3284/udp 4Talk # Tony Bushnell plato 3285/tcp Plato plato 3285/udp Plato # Jim Battin e-net 3286/tcp E-Net e-net 3286/udp E-Net # Steven Grigsby directvdata 3287/tcp DIRECTVDATA directvdata 3287/udp DIRECTVDATA # Michael Friedman cops 3288/tcp COPS cops 3288/udp COPS # Shai Herzog enpc 3289/tcp ENPC enpc 3289/udp ENPC # SEIKO EPSON caps-lm 3290/tcp CAPS LOGISTICS TOOLKIT - LM caps-lm 3290/udp CAPS LOGISTICS TOOLKIT - LM # Joseph Krebs sah-lm 3291/tcp S A Holditch & Associates - LM sah-lm 3291/udp S A Holditch & Associates - LM # Randy Hudgens cart-o-rama 3292/tcp Cart O Rama cart-o-rama 3292/udp Cart O Rama # Phillip Dillinger fg-fps 3293/tcp fg-fps fg-fps 3293/udp fg-fps fg-gip 3294/tcp fg-gip fg-gip 3294/udp fg-gip # Jean-Marc Frailong dyniplookup 3295/tcp Dynamic IP Lookup dyniplookup 3295/udp Dynamic IP Lookup # Eugene Osovetsky rib-slm 3296/tcp Rib License Manager rib-slm 3296/udp Rib License Manager # Kristean Heisler cytel-lm 3297/tcp Cytel License Manager cytel-lm 3297/udp Cytel License Manager # Yogesh P. Gajjar transview 3298/tcp Transview transview 3298/udp Transview # Richard Obermeier pdrncs 3299/tcp pdrncs pdrncs 3299/udp pdrncs # Paul Wissenbach bmcpatrolagent 3300/tcp BMC Patrol Agent bmcpatrolagent 3300/udp BMC Patrol Agent bmcpatrolrnvu 3301/tcp BMC Patrol Rendezvous bmcpatrolrnvu 3301/udp BMC Patrol Rendezvous # Eric Anderson mcs-fastmail 3302/tcp MCS Fastmail mcs-fastmail 3302/udp MCS Fastmail # Patti Jo Newsom opsession-clnt 3303/tcp OP Session Client opsession-clnt 3303/udp OP Session Client opsession-srvr 3304/tcp OP Session Server opsession-srvr 3304/udp OP Session Server # Amir Blich odette-ftp 3305/tcp ODETTE-FTP odette-ftp 3305/udp ODETTE-FTP # David Nash mysql 3306/tcp MySQL mysql 3306/udp MySQL # Monty opsession-prxy 3307/tcp OP Session Proxy opsession-prxy 3307/udp OP Session Proxy # Amir Blich tns-server 3308/tcp TNS Server tns-server 3308/udp TNS Server tns-adv 3309/tcp TNS ADV tns-adv 3309/udp TND ADV # Jerome Albin dyna-access 3310/tcp Dyna Access dyna-access 3310/udp Dyna Access # Dave Belliveau # mcns-tel-ret 3311/tcp MCNS Tel Ret mcns-tel-ret 3311/udp MCNS Tel Ret # Randall Atkinson appman-server 3312/tcp Application Management Server appman-server 3312/udp Application Management Server uorb 3313/tcp Unify Object Broker uorb 3313/udp Unify Object Broker uohost 3314/tcp Unify Object Host uohost 3314/udp Unify Object Host # Dave Glende cdid 3315/tcp CDID cdid 3315/udp CDID # Andrew Borisov aicc-cmi 3316/tcp AICC/CMI aicc-cmi 3316/udp AICC/CMI # William McDonald vsaiport 3317/tcp VSAI PORT vsaiport 3317/udp VSAI PORT # Rieko Asai ssrip 3318/tcp Swith to Swith Routing Information Protocol ssrip 3318/udp Swith to Swith Routing Information Protocol # Baba Hidekazu sdt-lmd 3319/tcp SDT License Manager sdt-lmd 3319/udp SDT License Manager # Salvo Nassisi officelink2000 3320/tcp Office Link 2000 officelink2000 3320/udp Office Link 2000 # Mike Balch vnsstr 3321/tcp VNSSTR vnsstr 3321/udp VNSSTR # Takeshi Ohmura active-net 3322-3325 Active Networks # Bob Braden sftu 3326/tcp SFTU sftu 3326/udp SFTU # Eduardo Rosenberg de Moura bbars 3327/tcp BBARS bbars 3327/udp BBARS # George Stevens egptlm 3328/tcp Eaglepoint License Manager egptlm 3328/udp Eaglepoint License Manager # Dave Benton hp-device-disc 3329/tcp HP Device Disc hp-device-disc 3329/udp HP Device Disc # Shivaun Albright mcs-calypsoicf 3330/tcp MCS Calypso ICF mcs-calypsoicf 3330/udp MCS Calypso ICF mcs-messaging 3331/tcp MCS Messaging mcs-messaging 3331/udp MCS Messaging mcs-mailsvr 3332/tcp MCS Mail Server mcs-mailsvr 3332/udp MCS Mail Server # Patti Jo Newsom dec-notes 3333/tcp DEC Notes dec-notes 3333/udp DEC Notes # Kim Moraros directv-web 3334/tcp Direct TV Webcasting directv-web 3334/udp Direct TV Webcasting directv-soft 3335/tcp Direct TV Software Updates directv-soft 3335/udp Direct TV Software Updates directv-tick 3336/tcp Direct TV Tickers directv-tick 3336/udp Direct TV Tickers directv-catlg 3337/tcp Direct TV Data Catalog directv-catlg 3337/udp Direct TV Data Catalog # Michael Friedman anet-b 3338/tcp OMF data b anet-b 3338/udp OMF data b anet-l 3339/tcp OMF data l anet-l 3339/udp OMF data l anet-m 3340/tcp OMF data m anet-m 3340/udp OMF data m anet-h 3341/tcp OMF data h anet-h 3341/udp OMF data h # Per Sahlqvist webtie 3342/tcp WebTIE webtie 3342/udp WebTIE # Kevin Frender ms-cluster-net 3343/tcp MS Cluster Net ms-cluster-net 3343/udp MS Cluster Net # Mike Massa bnt-manager 3344/tcp BNT Manager bnt-manager 3344/udp BNT Manager # Brian Ives influence 3345/tcp Influence influence 3345/udp Influence # Russ Ferriday trnsprntproxy 3346/tcp Trnsprnt Proxy trnsprntproxy 3346/udp Trnsprnt Proxy # Grant Kirby phoenix-rpc 3347/tcp Phoenix RPC phoenix-rpc 3347/udp Phoenix RPC # Ian Anderson pangolin-laser 3348/tcp Pangolin Laser pangolin-laser 3348/udp Pangolin Laser # William Benner chevinservices 3349/tcp Chevin Services chevinservices 3349/udp Chevin Services # Gus McNaughton findviatv 3350/tcp FINDVIATV findviatv 3350/udp FINDVIATV # Oran Davis btrieve 3351/tcp BTRIEVE btrieve 3351/udp BTRIEVE ssql 3352/tcp SSQL ssql 3352/udp SSQL # John McDowell fatpipe 3353/tcp FATPIPE fatpipe 3353/udp FATPIPE # Sanchaita Datta suitjd 3354/tcp SUITJD suitjd 3354/udp SUITJD # Todd Moyer ordinox-dbase 3355/tcp Ordinox Dbase ordinox-dbase 3355/udp Ordinox Dbase # Guy Litourneau upnotifyps 3356/tcp UPNOTIFYPS upnotifyps 3356/udp UPNOTIFYPS # Mark Fox adtech-test 3357/tcp Adtech Test IP adtech-test 3357/udp Adtech Test IP # Robin Uyeshiro mpsysrmsvr 3358/tcp Mp Sys Rmsvr mpsysrmsvr 3358/udp Mp Sys Rmsvr # Hiroyuki Kawabuchi wg-netforce 3359/tcp WG NetForce wg-netforce 3359/udp WG NetForce # Lee Wheat kv-server 3360/tcp KV Server kv-server 3360/udp KV Server kv-agent 3361/tcp KV Agent kv-agent 3361/udp KV Agent # Thomas Soranno dj-ilm 3362/tcp DJ ILM dj-ilm 3362/udp DJ ILM # Don Tyson nati-vi-server 3363/tcp NATI Vi Server nati-vi-server 3363/udp NATI Vi Server # Robert Dye creativeserver 3364/tcp Creative Server creativeserver 3364/udp Creative Server contentserver 3365/tcp Content Server contentserver 3365/udp Content Server creativepartnr 3366/tcp Creative Partner creativepartnr 3366/udp Creative Partner # Jesus Ortiz satvid-datalnk 3367-3371 Satellite Video Data Link # Scott Engel tip2 3372/tcp TIP 2 tip2 3372/udp TIP 2 # Keith Evans lavenir-lm 3373/tcp Lavenir License Manager lavenir-lm 3373/udp Lavenir License Manager # Marius Matioc cluster-disc 3374/tcp Cluster Disc cluster-disc 3374/udp Cluster Disc # Jeff Hughes vsnm-agent 3375/tcp VSNM Agent vsnm-agent 3375/udp VSNM Agent # Venkat Rangan cdborker 3376/tcp CD Broker cdbroker 3376/udp CD Broker # Moon Ho Chung cogsys-lm 3377/tcp Cogsys Network License Manager cogsys-lm 3377/udp Cogsys Network License Manager # Simon Chinnick wsicopy 3378/tcp WSICOPY wsicopy 3378/udp WSICOPY # James Overby socorfs 3379/tcp SOCORFS socorfs 3379/udp SOCORFS # Hugo Charbonneau sns-channels 3380/tcp SNS Channels sns-channels 3380/udp SNS Channels # Shekar Pasumarthi geneous 3381/tcp Geneous geneous 3381/udp Geneous # Nick de Smith fujitsu-neat 3382/tcp Fujitsu Network Enhanced Antitheft function fujitsu-neat 3382/udp Fujitsu Network Enhanced Antitheft function # Markku Viima esp-lm 3383/tcp Enterprise Software Products License Manager esp-lm 3383/udp Enterprise Software Products License Manager # George Rudy hp-clic 3384/tcp Cluster Management Services hp-clic 3384/udp Hardware Management # Rajesh Srinivasaraghavan qnxnetman 3385/tcp qnxnetman qnxnetman 3385/udp qnxnetman # Michael Hunter gprs-data 3386/tcp GPRS Data gprs-sig 3386/udp GPRS SIG # Ansgar Bergmann backroomnet 3387/tcp Back Room Net backroomnet 3387/udp Back Room Net # Clayton Wilkinson cbserver 3388/tcp CB Server cbserver 3388/udp CB Server # Allen Wei ms-wbt-server 3389/tcp MS WBT Server ms-wbt-server 3389/udp MS WBT Server # Ritu Bahl dsc 3390/tcp Distributed Service Coordinator dsc 3390/udp Distributed Service Coordinator # Chas Honton savant 3391/tcp SAVANT savant 3391/udp SAVANT # Andy Bruce efi-lm 3392/tcp EFI License Management efi-lm 3392/udp EFI License Management # Ross E. Greinke d2k-tapestry1 3393/tcp D2K Tapestry Client to Server d2k-tapestry1 3393/udp D2K Tapestry Client to Server d2k-tapestry2 3394/tcp D2K Tapestry Server to Server d2k-tapestry2 3394/udp D2K Tapestry Server to Server # Eric Lan dyna-lm 3395/tcp Dyna License Manager (Elam) dyna-lm 3395/udp Dyna License Manager (Elam) # Anjana Iyer printer_agent 3396/tcp Printer Agent printer_agent 3396/udp Printer Agent # Devon Taylor cloanto-lm 3397/tcp Cloanto License Manager cloanto-lm 3397/udp Cloanto License Manager # Takeo Sato mercantile 3398/tcp Mercantile mercantile 3398/udp Mercantile # Erik Kragh Jensen csms 3399/tcp CSMS csms 3399/udp CSMS csms2 3400/tcp CSMS2 csms2 3400/udp CSMS2 # Markus Michels # 3401-3420 Unassigned bmap 3421/tcp Bull Apprise portmapper bmap 3421/udp Bull Apprise portmapper # Jeremy Gilbert mira 3454/tcp Apple Remote Access Protocol # Mike Alexander prsvp 3455/tcp RSVP Port prsvp 3455/udp RSVP Port # Bob Braden vat 3456/tcp VAT default data vat 3456/udp VAT default data # Van Jacobson vat-control 3457/tcp VAT default control vat-control 3457/udp VAT default control # Van Jacobson d3winosfi 3458/tcp D3WinOsfi d3winosfi 3458/udp DsWinOSFI # Brad Hamilton integral 3459/tcp Integral integral 3459/udp Integral # Olivier Mascia edm-manager 3460/tcp EDM Manger edm-manager 3460/udp EDM Manger edm-stager 3461/tcp EDM Stager edm-stager 3461/udp EDM Stager edm-std-notify 3462/tcp EDM STD Notify edm-std-notify 3462/udp EDM STD Notify edm-adm-notify 3463/tcp EDM ADM Notify edm-adm-notify 3463/udp EDM ADM Notify edm-mgr-sync 3464/tcp EDM MGR Sync edm-mgr-sync 3464/udp EDM MGR Sync edm-mgr-cntrl 3465/tcp EDM MGR Cntrl edm-mgr-cntrl 3465/udp EDM MGR Cntrl # Tom Hennessy workflow 3466/tcp WORKFLOW workflow 3466/udp WORKFLOW # Robert Hufsky rcst 3467/tcp RCST rcst 3467/udp RCST # Kit Sturgeon ttcmremotectrl 3468/tcp TTCM Remote Controll ttcmremotectrl 3468/udp TTCM Remote Controll # Yossi Cohen-Shahar pluribus 3469/tcp Pluribus pluribus 3469/udp Pluribus # Mark Miller jt400 3470/tcp jt400 jt400 3470/udp jt400 jt400-ssl 3471/tcp jt400-ssl jt400-ssl 3471/udp jt400-ssl # Clifton Nock # 3472-3562 Unassigned watcomdebug 3563/tcp Watcom Debug watcomdebug 3563/udp Watcom Debug # Anthony Scian # 3564-3671 Unassigned harlequinorb 3672/tcp harlequinorb harlequinorb 3672/udp harlequinorb # Jason Trenouth # 3673-3899 Unassigned udt_os 3900/tcp Unidata UDT OS udt_os 3900/udp Unidata UDT OS # James Powell mapper-nodemgr 3984/tcp MAPPER network node manager mapper-nodemgr 3984/udp MAPPER network node manager mapper-mapethd 3985/tcp MAPPER tcp/IP server mapper-mapethd 3985/udp MAPPER tcp/IP server mapper-ws_ethd 3986/tcp MAPPER workstation server mapper-ws_ethd 3986/udp MAPPER workstation server # John C. Horton centerline 3987/tcp Centerline centerline 3987/udp Centerline # Mark Simpson # 3988-3999 Unassigned terabase 4000/tcp Terabase terabase 4000/udp Terabase # Thor Olson ####### PORT 4000 also used by ICQ ################### ####### Potential Conflict of ports ################################ newoak 4001/tcp NewOak newoak 4001/udp NewOak # Jim Philippou pxc-spvr-ft 4002/tcp pxc-spvr-ft pxc-spvr-ft 4002/udp pxc-spvr-ft pxc-splr-ft 4003/tcp pxc-splr-ft pxc-splr-ft 4003/udp pxc-splr-ft pxc-roid 4004/tcp pxc-roid pxc-roid 4004/udp pxc-roid pxc-pin 4005/tcp pxc-pin pxc-pin 4005/udp pxc-pin pxc-spvr 4006/tcp pxc-spvr pxc-spvr 4006/udp pxc-spvr pxc-splr 4007/tcp pxc-splr pxc-splr 4007/udp pxc-splr # Dave Nesbitt netcheque 4008/tcp NetCheque accounting netcheque 4008/udp NetCheque accounting # B. Clifford Neuman chimera-hwm 4009/tcp Chimera HWM chimera-hwm 4009/udp Chimera HWM # Ken Anderson samsung-unidex 4010/tcp Samsung Unidex samsung-unidex 4010/udp Samsung Unidex # Konstantin V. Vyaznikov altserviceboot 4011/tcp Alternate Service Boot altserviceboot 4011/udp Alternate Service Boot # Eric Dittert pda-gate 4012/tcp PDA Gate pda-gate 4012/udp PDA Gate # Masakuni Okada acl-manager 4013/tcp ACL Manager acl-manager 4013/udp ACL Manager # Toru Murai taiclock 4014/tcp TAICLOCK taiclock 4014/udp TAICLOCK # Dan Bernstein talarian-mcast1 4015/tcp Talarian Mcast talarian-mcast1 4015/udp Talarian Mcast talarian-mcast2 4016/tcp Talarian Mcast talarian-mcast2 4016/udp Talarian Mcast talarian-mcast3 4017/tcp Talarian Mcast talarian-mcast3 4017/udp Talarian Mcast talarian-mcast4 4018/tcp Talarian Mcast talarian-mcast4 4018/udp Talarian Mcast talarian-mcast5 4019/tcp Talarian Mcast talarian-mcast5 4019/udp Talarian Mcast # Geoff Mendal # 4020-4095 Unassigned bre 4096/tcp BRE (Bridge Relay Element) bre 4096/udp BRE (Bridge Relay Element) # Stephen Egbert patrolview 4097/tcp Patrol View patrolview 4097/udp Patrol View # Vincent Chin drmsfsd 4098/tcp drmsfsd drmsfsd 4098/udp drmsfsd # Masao Iwai dpcp 4099/tcp DPCP dpcp 4099/udp DPCP # John Croft # 4100-4131 Unassigned nuts_dem 4132/tcp NUTS Daemon nuts_dem 4132/udp NUTS Daemon nuts_bootp 4133/tcp NUTS Bootp Server nuts_bootp 4133/udp NUTS Bootp Server # Martin Freiss nifty-hmi 4134/tcp NIFTY-Serve HMI protocol nifty-hmi 4134/udp NIFTY-Serve HMI protocol # Ryuichi Suzuki oirtgsvc 4141/tcp Workflow Server oirtgsvc 4141/udp Workflow Server oidocsvc 4142/tcp Document Server oidocsvc 4142/udp Document Server oidsr 4143/tcp Document Replication oidsr 4143/udp Document Replication # Norman Brie ########## Compuserve (unoffically) is using port 4144 ######### # 4144-4159 Unassigned jini-discovery 4160/tcp Jini Discovery jini-discovery 4160/udp Jini Discovery # Bryan O'Sullivan # 4161-4199 Unassigned vrml-multi-use 4200-4299 VRML Multi User Systems # Mitra corelccam 4300/tcp Corel CCam corelccam 4300/udp Corel CCam # Jason Aiken # 4301-4320 Unassigned rwhois 4321/tcp Remote Who Is rwhois 4321/udp Remote Who Is # Mark Kosters unicall 4343/tcp UNICALL unicall 4343/udp UNICALL # James Powell vinainstall 4344/tcp VinaInstall vinainstall 4344/udp VinaInstall # Jay Slupesky m4-network-as 4345/tcp Macro 4 Network AS m4-network-as 4345/udp Macro 4 Network AS # Paul Wren elanlm 4346/tcp ELAN LM elanlm 4346/udp ELAN LM # Paul Ballew lansurveyor 4347/tcp LAN Surveyor lansurveyor 4347/udp LAN Surveyor # Michael Swan itose 4348/tcp ITOSE itose 4348/udp ITOSE # Michael Haeuptle fsportmap 4349/tcp File System Port Map fsportmap 4349/udp File System Port Map # Ron Minnich net-device 4350/tcp Net Device net-device 4350/udp Net Device # Glenn Peterson plcy-net-svcs 4351/tcp PLCY Net Services plcy-net-svcs 4351/udp PLCY Net Services # J.J. Ekstrom # 4352 Unassigned f5-iquery 4353/tcp F5 iQuery f5-iquery 4353/udp F5 iQuery # Tom Kee # 4354-4443 Unassigned saris 4442/tcp Saris saris 4442/udp Saris pharos 4443/tcp Pharos pharos 4443/udp Pharos # TeleConsult GmbH, 76275 Ettlingen, Germany # krb524 4444/tcp KRB524 krb524 4444/udp KRB524 # B. Clifford Neuman # PROBLEM krb524 assigned the port, # PROBLEM nv used it without an assignment nv-video 4444/tcp NV Video default nv-video 4444/udp NV Video default # Ron Frederick upnotifyp 4445/tcp UPNOTIFYP upnotifyp 4445/udp UPNOTIFYP # Mark Fox n1-fwp 4446/tcp N1-FWP n1-fwp 4446/udp N1-FWP n1-rmgmt 4447/tcp N1-RMGMT n1-rmgmt 4447/udp N1-RMGMT # Lori Tassin asc-slmd 4448/tcp ASC Licence Manager asc-slmd 4448/udp ASC Licence Manager # Casper Stoel privatewire 4449/tcp PrivateWire privatewire 4449/udp PrivateWire # Uri Resnitzky camp 4450/tcp Camp camp 4450/udp Camp ctisystemmsg 4451/tcp CTI System Msg ctisystemmsg 4451/udp CTI System Msg ctiprogramload 4452/tcp CTI Program Load ctiprogramload 4452/udp CTI Program Load # Steven Cliff nssalertmgr 4453/tcp NSS Alert Manager nssalertmgr 4453/udp NSS Alert Manager nssagentmgr 4454/tcp NSS Agent Manager nssagentmgr 4454/udp NSS Agent Manager # Jim Hill prchat-user 4455/tcp PR Chat User prchat-user 4455/udp PR Chat User prchat-server 4456/tcp PR Chat Server prchat-server 4456/udp PR Chat Server prRegister 4457/tcp PR Register prRegister 4457/udp PR Register # Donny Gilor # 4458-4499 Unassigned sae-urn 4500/tcp sae-urn sae-urn 4500/udp sae-urn urn-x-cdchoice 4501/tcp urn-x-cdchoice urn-x-cdchoice 4501/udp urn-x-cdchoice # Paul Hoffman worldscores 4545/tcp WorldScores worldscores 4545/udp WorldScores # Chris Flynn sf-lm 4546/tcp SF License Manager (Sentinel) sf-lm 4546/udp SF License Manager (Sentinel) # Thomas Koell lanner-lm 4547/tcp Lanner License Manager lanner-lm 4547/udp Lanner License Manager # Les Enstone # 4548-4671 Unassigned rfa 4672/tcp remote file access server rfa 4672/udp remote file access server # 4673-4799 Unassigned iims 4800/tcp Icona Instant Messenging System iims 4800/udp Icona Instant Messenging System iwec 4801/tcp Icona Web Embedded Chat iwec 4801/udp Icona Web Embedded Chat ilss 4802/tcp Icona License System Server ilss 4802/udp Icona License System Server # Paul Stephen Borlie # 4803-4826 Unassigned htcp 4827/tcp Htcp htcp 4827/udp Htcp # Paul Vixie # 4828-4867 Unassigned phrelay 4868/tcp Photon Relay phrelay 4868/udp Photon Relay phrelaydbg 4869/tcp Photon Relay Debug phrelaydbg 4869/udp Photon Relay Debug # Michael Hunter abbs 4885/tcp ABBS abbs 4885/udp ABBS # Ryan Rubley commplex-main 5000/tcp commplex-main 5000/udp commplex-link 5001/tcp commplex-link 5001/udp rfe 5002/tcp radio free ethernet rfe 5002/udp radio free ethernet fmpro-internal 5003/tcp FileMaker, Inc. - Proprietary transport fmpro-internal 5003/udp FileMaker, Inc. - Proprietary name binding # Clay Maeckel avt-profile-1 5004/tcp avt-profile-1 avt-profile-1 5004/udp avt-profile-1 avt-profile-2 5005/tcp avt-profile-2 avt-profile-2 5005/udp avt-profile-2 # Henning Schulzrinne telelpathstart 5010/tcp TelepathStart telelpathstart 5010/udp TelepathStart telelpathattack 5011/tcp TelepathAttack telelpathattack 5011/udp TelepathAttack # Helmuth Breitenfellner zenginkyo-1 5020/tcp zenginkyo-1 zenginkyo-1 5020/udp zenginkyo-1 zenginkyo-2 5021/tcp zenginkyo-2 zenginkyo-2 5021/udp zenginkyo-2 # Masashi Suzaki asnaacceler8db 5042/tcp asnaacceler8db asnaacceler8db 5042/udp asnaacceler8db # Walter Goodwin mmcc 5050/tcp multimedia conference control tool mmcc 5050/udp multimedia conference control tool # Steve Casner ita-agent 5051/tcp ITA Agent ita-agent 5051/udp ITA Agent ita-manager 5052/tcp ITA Manager ita-manager 5052/udp ITA Manager # Don Merrell sip 5060/tcp SIP sip 5060/udp SIP # Henning Schulzrinne rmonitor_secure 5145/tcp rmonitor_secure 5145/udp atmp 5150/tcp Ascend Tunnel Management Protocol atmp 5150/udp Ascend Tunnel Management Protocol # Kory Hamzeh esri_sde 5151/tcp ESRI SDE Instance esri_sde 5151/udp ESRI SDE Remote Start sde-discovery 5152/tcp ESRI SDE Instance Discovery sde-discovery 5152/udp ESRI SDE Instance Discovery # Peter Aronson ife_icorp 5165/tcp ife_1corp ife_icorp 5165/udp ife_1corp # Paul Annala aol 5190/tcp America-Online aol 5190/udp America-Online # Marty Lyons aol-1 5191/tcp AmericaOnline1 aol-1 5191/udp AmericaOnline1 aol-2 5192/tcp AmericaOnline2 aol-2 5192/udp AmericaOnline2 aol-3 5193/tcp AmericaOnline3 aol-3 5193/udp AmericaOnline3 # Bruce Mackey targus-aib1 5200/tcp Targus AIB 1 targus-aib1 5200/udp Targus AIB 1 targus-aib2 5201/tcp Targus AIB 2 targus-aib2 5201/udp Targus AIB 2 targus-tnts1 5202/tcp Targus TNTS 1 targus-tnts1 5202/udp Targus TNTS 1 targus-tnts2 5203/tcp Targus TNTS 2 targus-tnts2 5203/udp Targus TNTS 2 # John Keaveney padl2sim 5236/tcp padl2sim 5236/udp pk 5272/tcp PK pk 5272/udp PK # Patrick Kara hacl-hb 5300/tcp # HA cluster heartbeat hacl-hb 5300/udp # HA cluster heartbeat hacl-gs 5301/tcp # HA cluster general services hacl-gs 5301/udp # HA cluster general services hacl-cfg 5302/tcp # HA cluster configuration hacl-cfg 5302/udp # HA cluster configuration hacl-probe 5303/tcp # HA cluster probing hacl-probe 5303/udp # HA cluster probing hacl-local 5304/tcp # HA Cluster Commands hacl-local 5304/udp hacl-test 5305/tcp # HA Cluster Test hacl-test 5305/udp # Eric Soderberg # Edward Yim sun-mc-grp 5306/tcp Sun MC Group sun-mc-grp 5306/udp Sun MC Group # Michael DeMoney sco-aip 5307/tcp SCO AIP sco-aip 5307/udp SCO AIP # Barrie Cooper cfengine 5308/tcp CFengine cfengine 5308/udp CFengine # Mark Burgess jprinter 5309/tcp J Printer jprinter 5309/udp J Printer # Ken Blackwell outlaws 5310/tcp Outlaws outlaws 5310/udp Outlaws # Richard Fife tmlogin 5311/tcp TM Login tmlogin 5311/udp TM Login # Eric Sharakan # 5312-5399 Unassigned excerpt 5400/tcp Excerpt Search excerpt 5400/udp Excerpt Search excerpts 5401/tcp Excerpt Search Secure excerpts 5401/udp Excerpt Search Secure # John Hinsdale mftp 5402/tcp MFTP mftp 5402/udp MFTP # Alan Rosenberg hpoms-ci-lstn 5403/tcp HPOMS-CI-LSTN hpoms-ci-lstn 5403/udp HPOMS-CI-LSTN hpoms-dps-lstn 5404/tcp HPOMS-DPS-LSTN hpoms-dps-lstn 5404/udp HPOMS-DPS-LSTN # Harold Froehling netsupport 5405/tcp NetSupport netsupport 5405/udp NetSupport # Paul Sanders systemics-sox 5406/tcp Systemics Sox systemics-sox 5406/udp Systemics Sox # Gary Howland foresyte-clear 5407/tcp Foresyte-Clear foresyte-clear 5407/udp Foresyte-Clear foresyte-sec 5408/tcp Foresyte-Sec foresyte-sec 5408/udp Foresyte-Sec # Jorge Aldana salient-dtasrv 5409/tcp Salient Data Server salient-dtasrv 5409/udp Salient Data Server salient-usrmgr 5410/tcp Salient User Manager salient-usrmgr 5410/udp Salient User Manager # Richard Farnham actnet 5411/tcp ActNet actnet 5411/udp ActNet # Simon Robillard continuus 5412/tcp Continuus continuus 5412/udp Continuus # Steven Holtsberg wwiotalk 5413/tcp WWIOTALK wwiotalk 5413/udp WWIOTALK # Roger Knobbe statusd 5414/tcp StatusD statusd 5414/udp StatusD # Stephen Misel ns-server 5415/tcp NS Server ns-server 5415/udp NS Server # Jeffrey Chiao sns-gateway 5416/tcp SNS Gateway sns-gateway 5416/udp SNS Gateway sns-agent 5417/tcp SNS Agent sns-agent 5417/udp SNS Agent # Mary Holstage mcntp 5418/tcp MCNTP mcntp 5418/udp MCNTP # Heiko Rupp dj-ice 5419/tcp DJ-ICE dj-ice 5419/udp DJ-ICE # Don Tyson cylink-c 5420/tcp Cylink-C cylink-c 5420/udp Cylink-C # John Jobe # 5421-5453 Unassigned apc-tcp-udp-4 5454/tcp apc-tcp-udp-4 apc-tcp-udp-4 5454/udp apc-tcp-udp-4 apc-tcp-udp-5 5455/tcp apc-tcp-udp-5 apc-tcp-udp-5 5455/udp apc-tcp-udp-5 apc-tcp-udp-6 5456/tcp apc-tcp-udp-6 apc-tcp-udp-6 5456/udp apc-tcp-udp-6 # Christian Kuiawa # 5457-5499 Unassigned fcp-addr-srvr1 5500/tcp fcp-addr-srvr1 fcp-addr-srvr1 5500/udp fcp-addr-srvr1 fcp-addr-srvr2 5501/tcp fcp-addr-srvr2 fcp-addr-srvr2 5501/udp fcp-addr-srvr2 fcp-srvr-inst1 5502/tcp fcp-srvr-inst1 fcp-srvr-inst1 5502/udp fcp-srvr-inst1 fcp-srvr-inst2 5503/tcp fcp-srvr-inst2 fcp-srvr-inst2 5503/udp fcp-srvr-inst2 fcp-cics-gw1 5504/tcp fcp-cics-gw1 fcp-cics-gw1 5504/udp fcp-cics-gw1 # Mark Zeiss # 5504-5554 Unassigned ############Port 5555 also used by HP Omniback##################### personal-agent 5555/tcp Personal Agent personal-agent 5555/udp Personal Agent # Jackie Wu ################################################################### # 5556-5598 Unassigned esinstall 5599/tcp Enterprise Security Remote Install esinstall 5599/udp Enterprise Security Remote Install esmmanager 5600/tcp Enterprise Security Manager esmmanager 5600/udp Enterprise Security Manager esmagent 5601/tcp Enterprise Security Agent esmagent 5601/udp Enterprise Security Agent # Kimberly Gibbs a1-msc 5602/tcp A1-MSC a1-msc 5602/udp A1-MSC a1-bs 5603/tcp A1-BS a1-bs 5603/udp A1-BS a3-sdunode 5604/tcp A3-SDUNode a3-sdunode 5604/udp A3-SDUNode a4-sdunode 5605/tcp A4-SDUNode a4-sdunode 5605/udp A4-SDUNode # Mike Dolan pcanywheredata 5631/tcp pcANYWHEREdata pcanywheredata 5631/udp pcANYWHEREdata pcanywherestat 5632/tcp pcANYWHEREstat pcanywherestat 5632/udp pcANYWHEREstat # Jon Rosarky rrac 5678/tcp Remote Replication Agent Connection rrac 5678/udp Remote Replication Agent Connection dccm 5679/tcp Direct Cable Connect Manager dccm 5679/udp Direct Cable Connect Manager # Mark Miller proshareaudio 5713/tcp proshare conf audio proshareaudio 5713/udp proshare conf audio prosharevideo 5714/tcp proshare conf video prosharevideo 5714/udp proshare conf video prosharedata 5715/tcp proshare conf data prosharedata 5715/udp proshare conf data prosharerequest 5716/tcp proshare conf request prosharerequest 5716/udp proshare conf request prosharenotify 5717/tcp proshare conf notify prosharenotify 5717/udp proshare conf notify # openmail 5729/tcp Openmail User Agent Layer openmail 5729/udp Openmail User Agent Layer # OpenMail Encyclopedia # Don Loughry ida-discover1 5741/tcp IDA Discover Port 1 ida-discover1 5741/udp IDA Discover Port 1 ida-discover2 5742/tcp IDA Discover Port 2 ida-discover2 5742/udp IDA Discover Port 2 # Morten Christensen fcopy-server 5745/tcp fcopy-server fcopy-server 5745/udp fcopy-server fcopys-server 5746/tcp fcopys-server fcopys-server 5746/udp fcopys-server # Moshe Leibovitch # Don Loughry vnc-network 5900/tcp Virtual Network Computing Multi-Platform Remote Control Agent mppolicy-v5 5968/tcp mppolicy-v5 mppolicy-v5 5968/udp mppolicy-v5 mppolicy-mgr 5969/tcp mppolicy-mgr mppolicy-mgr 5969/udp mppolicy-mgr # Yutaka Ono x11 6000-6063/tcp X Window System x11 6000-6063/udp X Window System # Stephen Gildea softcm 6110/tcp HP SoftBench CM softcm 6110/udp HP SoftBench CM spc 6111/tcp HP SoftBench Sub-Process Control spc 6111/udp HP SoftBench Sub-Process Control # Scott A. Kramer dtspcd 6112/tcp dtspcd dtspcd 6112/udp dtspcd # Doug Royer backup-express 6123/tcp Backup Express backup-express 6123/udp Backup Express # Chi Shih Chang meta-corp 6141/tcp Meta Corporation License Manager meta-corp 6141/udp Meta Corporation License Manager # Osamu Masuda <--none---> aspentec-lm 6142/tcp Aspen Technology License Manager aspentec-lm 6142/udp Aspen Technology License Manager # Kevin Massey watershed-lm 6143/tcp Watershed License Manager watershed-lm 6143/udp Watershed License Manager # David Ferrero statsci1-lm 6144/tcp StatSci License Manager - 1 statsci1-lm 6144/udp StatSci License Manager - 1 statsci2-lm 6145/tcp StatSci License Manager - 2 statsci2-lm 6145/udp StatSci License Manager - 2 # Scott Blachowicz lonewolf-lm 6146/tcp Lone Wolf Systems License Manager lonewolf-lm 6146/udp Lone Wolf Systems License Manager # Dan Klein montage-lm 6147/tcp Montage License Manager montage-lm 6147/udp Montage License Manager # Michael Ubell ricardo-lm 6148/tcp Ricardo North America License Manager ricardo-lm 6148/udp Ricardo North America License Manager # M Flemming tal-pod 6149/tcp tal-pod tal-pod 6149/udp tal-pod # Steven Loomis crip 6253/tcp CRIP crip 6253/udp CRIP # Mike Rodbell Gnutella 6346/tcp Napster-like MP3 search and sharing client # clariion-evr01 6389/tcp clariion-evr01 clariion-evr01 6389/udp clariion-evr01 # Dave DesRoches skip-cert-recv 6455/tcp SKIP Certificate Receive skip-cert-send 6456/tcp SKIP Certificate Send # Tom Markson lvision-lm 6471/tcp LVision License Manager lvision-lm 6471/udp LVision License Manager # Brian McKinnon # 6472-6499 Unassigned boks 6500/tcp BoKS Master boks 6500/udp BoKS Master boks_servc 6501/tcp BoKS Servc boks_servc 6501/udp BoKS Servc boks_servm 6502/tcp BoKS Servm boks_servm 6502/udp BoKS Servm boks_clntd 6503/tcp BoKS Clntd boks_clntd 6503/udp BoKS Clntd # 6504 Unassigned badm_priv 6505/tcp BoKS Admin Private Port badm_priv 6505/udp BoKS Admin Private Port badm_pub 6506/tcp BoKS Admin Public Port badm_pub 6506/udp BoKS Admin Public Port bdir_priv 6507/tcp BoKS Dir Server, Private Port bdir_priv 6507/udp BoKS Dir Server, Private Port bdir_pub 6508/tcp BoKS Dir Server, Public Port bdir_pub 6508/udp BoKS Dir Server, Public Port # Magnus Nystrom # 6509-6546 Unassigned apc-tcp-udp-1 6547/tcp apc-tcp-udp-1 apc-tcp-udp-1 6547/udp apc-tcp-udp-1 apc-tcp-udp-2 6548/tcp apc-tcp-udp-2 apc-tcp-udp-2 6548/udp apc-tcp-udp-2 apc-tcp-udp-3 6549/tcp apc-tcp-udp-3 apc-tcp-udp-3 6549/udp apc-tcp-udp-3 # Christian Kuiawa fg-sysupdate 6550/tcp fg-sysupdate fg-sysupdate 6550/udp fg-sysupdate # Mark Beyer # 6551-6557 Unassigned xdsxdm 6558/tcp xdsxdm 6558/udp ircu 6665-6669/tcp IRCU ircu 6665-6669/udp IRCU # Brian Tackett vocaltec-gold 6670/tcp Vocaltec Global Online Directory vocaltec-gold 6670/udp Vocaltec Global Online Directory # Scott Petrack vision_server 6672/tcp vision_server vision_server 6672/udp vision_server vision_elmd 6673/tcp vision_elmd vision_elmd 6673/udp vision_elmd # Chris Kramer napster 6699/tcp www.napster.com, MP3 search utility kti-icad-srvr 6701/tcp KTI/ICAD Nameserver kti-icad-srvr 6701/udp KTI/ICAD Nameserver # Stanley Knutson hnmp 6790/tcp HNMP hnmp 6790/udp HNMP # Jude George ambit-lm 6831/tcp ambit-lm ambit-lm 6831/udp ambit-lm # Don Hejna netmo-default 6841/tcp Netmo Default netmo-default 6841/udp Netmo Default netmo-http 6842/tcp Netmo HTTP netmo-http 6842/udp Netmo HTTP # Urs Bertschinger jmact3 6961/tcp JMACT3 jmact3 6961/udp JMACT3 jmevt2 6962/tcp jmevt2 jmevt2 6962/udp jmevt2 swismgr1 6963/tcp swismgr1 swismgr1 6963/udp swismgr1 swismgr2 6964/tcp swismgr2 swismgr2 6964/udp swismgr2 swistrap 6965/tcp swistrap swistrap 6965/udp swistrap swispol 6966/tcp swispol swispol 6966/udp swispol # Yutaka Ono acmsoda 6969/tcp acmsoda acmsoda 6969/udp acmsoda # Daniel Simms iatp-highpri 6998/tcp IATP-highPri iatp-highpri 6998/udp IATP-highPri iatp-normalpri 6999/tcp IATP-normalPri iatp-normalpri 6999/udp IATP-normalPri # John Murphy afs3-fileserver 7000/tcp file server itself afs3-fileserver 7000/udp file server itself afs3-callback 7001/tcp callbacks to cache managers afs3-callback 7001/udp callbacks to cache managers afs3-prserver 7002/tcp users & groups database afs3-prserver 7002/udp users & groups database afs3-vlserver 7003/tcp volume location database afs3-vlserver 7003/udp volume location database afs3-kaserver 7004/tcp AFS/Kerberos authentication service afs3-kaserver 7004/udp AFS/Kerberos authentication service afs3-volser 7005/tcp volume managment server afs3-volser 7005/udp volume managment server afs3-errors 7006/tcp error interpretation service afs3-errors 7006/udp error interpretation service afs3-bos 7007/tcp basic overseer process afs3-bos 7007/udp basic overseer process afs3-update 7008/tcp server-to-server updater afs3-update 7008/udp server-to-server updater afs3-rmtsys 7009/tcp remote cache manager service afs3-rmtsys 7009/udp remote cache manager service ups-onlinet 7010/tcp onlinet uninterruptable power supplies ups-onlinet 7010/udp onlinet uninterruptable power supplies # Brian Hammill dpserve 7020/tcp DP Serve dpserve 7020/udp DP Serve dpserveadmin 7021/tcp DP Serve Admin dpserveadmin 7021/udp DP Serve Admin # Allan Stanley arcp 7070/tcp ARCP arcp 7070/udp ARCP # Jude George lazy-ptop 7099/tcp lazy-ptop lazy-ptop 7099/udp lazy-ptop # Guy Keren font-service 7100/tcp X Font Service font-service 7100/udp X Font Service # Stephen Gildea virprot-lm 7121/tcp Virtual Prototypes License Manager virprot-lm 7121/udp Virtual Prototypes License Manager # Victor Galis clutild 7174/tcp Clutild clutild 7174/udp Clutild # Cheryl Stoutenburg fodms 7200/tcp FODMS FLIP fodms 7200/udp FODMS FLIP # David Anthony # dlip 7201/tcp DLIP dlip 7201/udp DLIP # Albert Manfredi # swx 7300-7390 The Swiss Exchange # Edgar Blum # 7391-7394 Unassigned winqedit 7395/tcp winqedit winqedit 7395/udp winqedit # David Greer # 7396-7425 Unassigned pmdmgr 7426/tcp OpenView DM Postmaster Manager pmdmgr 7426/udp OpenView DM Postmaster Manager oveadmgr 7427/tcp OpenView DM Event Agent Manager oveadmgr 7427/udp OpenView DM Event Agent Manager ovladmgr 7428/tcp OpenView DM Log Agent Manager ovladmgr 7428/udp OpenView DM Log Agent Manager opi-sock 7429/tcp OpenView DM rqt communication opi-sock 7429/udp OpenView DM rqt communication xmpv7 7430/tcp OpenView DM xmpv7 api pipe xmpv7 7430/udp OpenView DM xmpv7 api pipe pmd 7431/tcp OpenView DM ovc/xmpv3 api pipe pmd 7431/udp OpenView DM ovc/xmpv3 api pipe # Dave Lamb faximum 7437/tcp Faximum faximum 7437/udp Faximum # George Pajari telops-lmd 7491/tcp telops-lmd telops-lmd 7491/udp telops-lmd # David Spencer pafec-lm 7511/tcp pafec-lm pafec-lm 7511/udp pafec-lm # Billy Dhillon nta-ds 7544/tcp FlowAnalyzer DisplayServer nta-ds 7544/udp FlowAnalyzer DisplayServer nta-us 7545/tcp FlowAnalyzer UtilityServer nta-us 7545/udp FlowAnalyzer UtilityServer # Fred Messinger vsi-omega 7566/tcp VSI Omega vsi-omega 7566/udp VSI Omega # Curtis Smith aries-kfinder 7570/tcp Aries Kfinder aries-kfinder 7570/udp Aries Kfinder # James King, III sun-lm 7588/tcp Sun License Manager sun-lm 7588/udp Sun License Manager # Sophie Deng pmdfmgt 7633/tcp PMDF Management pmdfmgt 7633/udp PMDF Management # Chris Newman cbt 7777/tcp cbt. Also Unreal, Klingon Honor Guard cbt 7777/udp cbt # Tony Ballardie games 7778/tcp Unreal Tournament accu-lmgr 7781/tcp accu-lmgr accu-lmgr 7781/udp accu-lmgr # Moises E. Hernandez t2-drm 7932/tcp Tier 2 Data Resource Manager t2-drm 7932/udp Tier 2 Data Resource Manager t2-brm 7933/tcp Tier 2 Business Rules Manager t2-brm 7933/udp Tier 2 Business Rules Manager # Peter Carlson quest-vista 7980/tcp Quest Vista quest-vista 7980/udp Quest Vista # Preston Bannister irdmi2 7999/tcp iRDMI2 irdmi2 7999/udp iRDMI2 irdmi 8000/tcp iRDMI, Also ShoutCast streaming audio (Live365 server) irdmi 8000/udp iRDMI, Also ShoutCast streaming audio (Live365 server) # Gil Shafriri vcom-tunnel 8001/tcp VCOM Tunnel vcom-tunnel 8001/udp VCOM Tunnel # Mark Lewandowski nai-websh 8004/tcp NAI Webshield Management GUI Interface http-alt 8008/tcp HTTP Alternate http-alt 8008/udp HTTP Alternate # James Gettys pro-ed 8032/tcp ProEd pro-ed 8032/udp ProEd mindprint 8033/tcp MindPrint mindprint 8033/udp MindPrint # Larry Tusoni xcom 8044/tcp Computer Associates http-alt 8080/tcp HTTP Alternate (see port 80) http-alt 8080/udp HTTP Alternate (see port 80) # Stephen Casner trivnet1 8200/tcp TRIVNET (also GoToMyPc.Com polling port!!) trivnet1 8200/udp TRIVNET trivnet2 8201/tcp TRIVNET trivnet2 8201/udp TRIVNET # Saar Wilf lm-perfworks 8204/tcp LM Perfworks lm-perfworks 8204/udp LM Perfworks lm-instmgr 8205/tcp LM Instmgr lm-instmgr 8205/udp LM Instmgr lm-dta 8206/tcp LM Dta lm-dta 8206/udp LM Dta lm-sserver 8207/tcp LM SServer lm-sserver 8207/udp LM SServer # Chris Flynn server-find 8351/tcp Server Find server-find 8351/udp Server Find # Chris Brown cruise-enum 8376/tcp Cruise ENUM cruise-enum 8376/udp Cruise ENUM cruise-swroute 8377/tcp Cruise SWROUTE cruise-swroute 8377/udp Cruise SWROUTE cruise-config 8378/tcp Cruise CONFIG cruise-config 8378/udp Cruise CONFIG cruise-diags 8379/tcp Cruise DIAGS cruise-diags 8379/udp Cruise DIAGS cruise-update 8380/tcp Cruise UPDATE cruise-update 8380/udp Cruise UPDATE # Steve Husak cvd 8400/tcp cvd cvd 8400/udp cvd sabarsd 8401/tcp sabarsd sabarsd 8401/udp sabarsd abarsd 8402/tcp abarsd abarsd 8402/udp abarsd admind 8403/tcp admind admind 8403/udp admind # Aaron Bilbrey npmp 8450/tcp npmp npmp 8450/udp npmp # Ian Chard vp2p 8473/tcp Virtual Point to Point vp2p 8473/udp Virtual Point to Point # Jerome Grimbert rtsp-alt 8554/tcp RTSP Alternate (see port 554) rtsp-alt 8554/udp RTSP Alternate (see port 554) # Stephen Casner ibus 8733/tcp iBus ibus 8733/udp iBus # Silvano Maffeis ultraseek-http 8765/tcp Ultraseek HTTP ultraseek-http 8765/udp Ultraseek HTTP # Walter Underwood cddbp-alt 8880/tcp CDDBP cddbp-alt 8880/udp CDDBP # Steve Scherf ddi-tcp-1 8888/tcp NewsEDGE server tcp (tcp 1) ddi-udp-1 8888/udp NewsEDGE server UDP (UDP 1) ddi-tcp-2 8889/tcp Desktop Data tcp 1 ddi-udp-2 8889/udp NewsEDGE server broadcast ddi-tcp-3 8890/tcp Desktop Data tcp 2 ddi-udp-3 8890/udp NewsEDGE client broadcast ddi-tcp-4 8891/tcp Desktop Data tcp 3: NESS application ddi-udp-4 8891/udp Desktop Data UDP 3: NESS application ddi-tcp-5 8892/tcp Desktop Data tcp 4: FARM product ddi-udp-5 8892/udp Desktop Data UDP 4: FARM product ddi-tcp-6 8893/tcp Desktop Data tcp 5: NewsEDGE/Web application ddi-udp-6 8893/udp Desktop Data UDP 5: NewsEDGE/Web application ddi-tcp-7 8894/tcp Desktop Data tcp 6: COAL application ddi-udp-7 8894/udp Desktop Data UDP 6: COAL application # Fred Yao jmb-cds1 8900/tcp JMB-CDS 1 jmb-cds1 8900/udp JMB-CDS 1 jmb-cds2 8901/tcp JMB-CDS 2 jmb-cds2 8901/udp JMB-CDS 2 # Curtis Bray cslistener 9000/tcp CSlistener cslistener 9000/udp CSlistener # David Jones sctp 9006/tcp SCTP sctp 9006/udp SCTP # Gary Regan websm 9090/tcp WebSM websm 9090/udp WebSM # I-Hsing Tsao wap-wsp 9200/tcp WAP connectionless session service wap-wsp 9200/udp WAP connectionless session service wap-wsp-wtp 9201/tcp WAP session service wap-wsp-wtp 9201/udp WAP session service wap-wsp-s 9202/tcp WAP secure connectionless session service wap-wsp-s 9202/udp WAP secure connectionless session service wap-wsp-wtp-s 9203/tcp WAP secure session service wap-wsp-wtp-s 9203/udp WAP secure session service wap-vcard 9204/tcp WAP vCard wap-vcard 9204/udp WAP vCard wap-vcal 9205/tcp WAP vCal wap-vcal 9205/udp WAP vCal wap-vcard-s 9206/tcp WAP vCard Secure wap-vcard-s 9206/udp WAP vCard Secure wap-vcal-s 9207/tcp WAP vCal Secure wap-vcal-s 9207/udp WAP vCal Secure # WAP Forum # WAP Forum guibase 9321/tcp guibase guibase 9321/udp guibase # Yutaka Ono mpidcmgr 9343/tcp MpIdcMgr mpidcmgr 9343/udp MpIdcMgr # Yutaka Ono fjdmimgr 9374/tcp fjdmimgr fjdmimgr 9374/udp fjdmimgr # Yutaka Ono fjinvmgr 9396/tcp fjinvmgr fjinvmgr 9396/udp fjinvmgr mpidcagt 9397/tcp MpIdcAgt mpidcagt 9397/udp MpIdcAgt # Yutaka Ono ismserver 9500/tcp ismserver ismserver 9500/udp ismserver # Ian Gordon man 9535/tcp man 9535/udp msgsys 9594/tcp Message System msgsys 9594/udp Message System pds 9595/tcp Ping Discovery Service pds 9595/udp Ping Discovery Service # Kai Ming Chan sd 9876/tcp Session Director sd 9876/udp Session Director # Van Jacobson cyborg-systems 9888/tcp CYBORG Systems cyborg-systems 9888/udp CYBORG Systems # Malcolm Graham monkeycom 9898/tcp MonkeyCom monkeycom 9898/udp MonkeyCom # Yuji Kuwabara # 9899-9991 Unassigned palace 9992/tcp Palace palace 9992/udp Palace palace 9993/tcp Palace palace 9993/udp Palace palace 9994/tcp Palace palace 9994/udp Palace palace 9995/tcp Palace palace 9995/udp Palace palace 9996/tcp Palace palace 9996/udp Palace palace 9997/tcp Palace palace 9997/udp Palace # Charles Kawasaki distinct32 9998/tcp Distinct32 distinct32 9998/udp Distinct32 distinct 9999/tcp distinct distinct 9999/udp distinct # Anoop Tewari ndmp 10000/tcp Network Data Management Protocol ndmp 10000/udp Network Data Management Protocol # Brian Ehrmantraut # 10001-10006 Unassigned mvs-capacity 10007/tcp MVS Capacity mvs-capacity 10007/udp MVS Capacity # Donna Dillenberger # 10008-10079 Unassigned amanda 10080/tcp Amanda amanda 10080/udp Amanda # John Jackson # # 10081-10287 Unassigned blocks 10288/tcp Blocks blocks 10288/udp Blocks # Carl Malamud # 10289-10999 Unassigned irisa 11000/tcp IRISA irisa 11000/udp IRISA # Vladimir Brauner metasys 11001/tcp Metasys metasys 11001/udp Metasys # Tobin Schuster vce 11111/tcp Viral Computing Environment (VCE) vce 11111/udp Viral Computing Environment (VCE) # Fred Cohen atm-uhas 11367/tcp ATM UHAS atm-uhas 11367/udp ATM UHAS # Todd Barker AOL-6.0 11523/tcp AOL 6.0 [unverified] entextxid 12000/tcp IBM Enterprise Extender SNA XID Exchange entextxid 12000/udp IBM Enterprise Extender SNA XID Exchange entextnetwk 12001/tcp IBM Enterprise Extender SNA COS Network Priority entextnetwk 12001/udp IBM Enterprise Extender SNA COS Network Priority entexthigh 12002/tcp IBM Enterprise Extender SNA COS High Priority entexthigh 12002/udp IBM Enterprise Extender SNA COS High Priority entextmed 12003/tcp IBM Enterprise Extender SNA COS Medium Priority entextmed 12003/udp IBM Enterprise Extender SNA COS Medium Priority entextlow 12004/tcp IBM Enterprise Extender SNA COS Low Priority entextlow 12004/udp IBM Enterprise Extender SNA COS Low Priority # Eugene Cox tsaf 12753/tcp tsaf port tsaf 12753/udp tsaf port # Andreas Fehr <100042.2070@CompuServe.COM> i-zipqd 13160/tcp I-ZIPQD i-zipqd 13160/udp I-ZIPQD # Chuck Runquist bprd 13720/tcp BPRD Protocol (VERITAS NetBackup) bprd 13720/udp BPRD Protocol (VERITAS NetBackup) bpbrm 13721/tcp BPBRM Protocol (VERITAS NetBackup) bpbrm 13721/udp BPBRM Protocol (VERITAS NetBackup) # Jeff Holmbeck bpjava-msvc 13722/tcp BP Java MSVC Protocol bpjava-msvc 13722/udp BP Java MSVC Protocol # Tim Schmidt bpcd 13782/tcp VERITAS NetBackup bpcd 13782/udp VERITAS NetBackup vopied 13783/tcp VOPIED Protocol vopied 13783/udp VOPIED Protocol # Jeff Holmbeck dsmcc-config 13818/tcp DSMCC Config dsmcc-config 13818/udp DSMCC Config dsmcc-session 13819/tcp DSMCC Session Messages dsmcc-session 13819/udp DSMCC Session Messages dsmcc-passthru 13820/tcp DSMCC Pass-Thru Messages dsmcc-passthru 13820/udp DSMCC Pass-Thru Messages dsmcc-download 13821/tcp DSMCC Download Protocol dsmcc-download 13821/udp DSMCC Download Protocol dsmcc-ccp 13822/tcp DSMCC Channel Change Protocol dsmcc-ccp 13822/udp DSMCC Channel Change Protocol # Tim Addington # ISO/IEC 13818-6 MPEG-2 DSM-CC itu-sccp-ss7 14001/tcp ITU SCCP (SS7) itu-sccp-ss7 14001/udp ITU SCCP (SS7) # Miguel Angel Garcia netserialext1 16360/tcp netserialext1 netserialext1 16360/udp netserialext1 netserialext2 16361/tcp netserialext2 netserialext2 16361/udp netserialext2 netserialext3 16367/tcp netserialext3 netserialext3 16367/udp netserialext3 netserialext4 16368/tcp netserialext4 netserialext4 16368/udp netserialext4 # Mike Hoy isode-dua 17007/tcp isode-dua 17007/udp # Con-Spy 17027/tcp Conducent Spyware (unverified) # chipper 17219/tcp Chipper chipper 17219/udp Chipper # Ronald Jimmink biimenu 18000/tcp Beckman Instruments, Inc. biimenu 18000/udp Beckman Instruments, Inc. # R. L. Meyering hp-sco 19410/tcp hp-sco hp-sco 19410/udp hp-sco hp-sca 19411/tcp hp-sca hp-sca 19411/udp hp-sca # Larry Schwartz jcp 19541/tcp JCP Client jcp 19541/udp JCP Client # Yuji Sasaki dnp 20000/tcp DNP dnp 20000/udp DNP # Michael Thesing track 20670/tcp Track track 20670/udp Track # Michael Sweet webphone 21845/tcp webphone webphone 21845/udp webphone netspeak-is 21846/tcp NetSpeak Corp. Directory Services netspeak-is 21846/udp NetSpeak Corp. Directory Services netspeak-cs 21847/tcp NetSpeak Corp. Connection Services netspeak-cs 21847/udp NetSpeak Corp. Connection Services netspeak-acd 21848/tcp NetSpeak Corp. Automatic Call Distribution netspeak-acd 21848/udp NetSpeak Corp. Automatic Call Distribution netspeak-cps 21849/tcp NetSpeak Corp. Credit Processing System netspeak-cps 21849/udp NetSpeak Corp. Credit Processing System # Shane D. Mattaway wnn6 22273/tcp wnn6 wnn6 22273/udp wnn6 # Yasunari Gon Yamasita aws-brf 22800/tcp Telerate Information Platform LAN aws-brf 22800/udp Telerate Information Platform LAN # Timo Sivonen brf-gw 22951/tcp Telerate Information Platform WAN brf-gw 22951/udp Telerate Information Platform WAN # Timo Sivonen med-ltp 24000/tcp med-ltp med-ltp 24000/udp med-ltp med-fsp-rx 24001/tcp med-fsp-rx med-fsp-rx 24001/udp med-fsp-rx med-fsp-tx 24002/tcp med-fsp-tx med-fsp-tx 24002/udp med-fsp-tx med-supp 24003/tcp med-supp med-supp 24003/udp med-supp med-ovw 24004/tcp med-ovw med-ovw 24004/udp med-ovw med-ci 24005/tcp med-ci med-ci 24005/udp med-ci med-net-svc 24006/tcp med-net-svc med-net-svc 24006/udp med-net-svc # Juergen Fischbach intel_rci 24386/tcp Intel RCI intel_rci 24386/udp Intel RCI # Mark Lewis icl-twobase1 25000/tcp icl-twobase1 icl-twobase1 25000/udp icl-twobase1 icl-twobase2 25001/tcp icl-twobase2 icl-twobase2 25001/udp icl-twobase2 icl-twobase3 25002/tcp icl-twobase3 icl-twobase3 25002/udp icl-twobase3 icl-twobase4 25003/tcp icl-twobase4 icl-twobase4 25003/udp icl-twobase4 icl-twobase5 25004/tcp icl-twobase5 icl-twobase5 25004/udp icl-twobase5 icl-twobase6 25005/tcp icl-twobase6 icl-twobase6 25005/udp icl-twobase6 icl-twobase7 25006/tcp icl-twobase7 icl-twobase7 25006/udp icl-twobase7 icl-twobase8 25007/tcp icl-twobase8 icl-twobase8 25007/udp icl-twobase8 icl-twobase9 25008/tcp icl-twobase9 icl-twobase9 25008/udp icl-twobase9 icl-twobase10 25009/tcp icl-twobase10 icl-twobase10 25009/udp icl-twobase10 # J. A. (Tony) Sever vocaltec-hos 25793/tcp Vocaltec Address Server vocaltec-hos 25793/udp Vocaltec Address Server # Scott Petrack quake 26000/tcp quake quake 26000/udp quake wnn6-ds 26208/tcp wnn6-ds wnn6-ds 26208/udp wnn6-ds games 26900/tcp Hexen-2 games 26950/tcp HexenWorld # Yasunari Gon Yamasita flex-lm 27000-27009 FLEX LM (1-10) # Daniel Birns games 27015/tcp Games -- Half Life and TFC games 27500/tcp QuakeWorld games 27910/tcp Quake2 tw-auth-key 27999/tcp TW Authentication/Key Distribution and tw-auth-key 27999/udp Attribute Certificate Services # Alex Duncan games 28000/udp Starsiege Tribes --Unverified games 28910/tcp Heretic 2 rem-any 30732/tcp Remotely Anywhere (NT Remote Control) filenet-tms 32768/tcp Filenet TMS filenet-tms 32768/udp Filenet TMS filenet-rpc 32769/tcp Filenet RPC filenet-rpc 32769/udp Filenet RPC filenet-nch 32770/tcp Filenet NCH filenet-nch 32770/udp Filenet NCH # Daniel Whelan traceroute 33434/tcp traceroute use traceroute 33434/udp traceroute use # IANA kastenxpipe 36865/tcp KastenX Pipe kastenxpipe 36865/udp KastenX Pipe # Guy Cheng symantec 41508/udp Symantec Directed discovery broadcast ######## Possible unauthorized use of Port 43188 by reachout ######### rockwell-encap 44818/tcp Rockwell Encapsulation rockwell-encap 44818/udp Rockwell Encapsulation # Brian Batke eba 45678/tcp EBA PRISE eba 45678/udp EBA PRISE # Patrick dbbrowse 47557/tcp Databeam Corporation dbbrowse 47557/udp Databeam Corporation # Cindy Martin directplaysrvr 47624/tcp Direct Play Server directplaysrvr 47624/udp Direct Play Server # Ajay Jindal ap 47806/tcp ALC Protocol ap 47806/udp ALC Protocol # Andrew Newton bacnet 47808/tcp Building Automation and Control Networks bacnet 47808/udp Building Automation and Control Networks # H. Michael Newman nimcontroller 48000/tcp Nimbus Controller nimcontroller 48000/udp Nimbus Controller nimspooler 48001/tcp Nimbus Spooler nimspooler 48001/udp Nimbus Spooler nimhub 48002/tcp Nimbus Hub nimhub 48002/udp Nimbus Hub nimgtw 48003/tcp Nimbus Gateway nimgtw 48003/udp Nimbus Gateway # Carstein Seeberg DYNAMIC AND/OR PRIVATE PORTS The Dynamic and/or Private Ports are those from 49152 through 65535 ASSIGNED INTERNET PROTOCOL NUMBERS Dec. Keyword Protocol References ---- ------- -------- ---------- 0 Reserved [JBP] 1 ICMP Internet Control Message [RFC792,JBP] 2 IGMP Internet Group Management [RFC1112,JBP] 3 GGP Gateway-to-Gateway [RFC823,MB] 4 IP IP in IP (encasulation) [JBP] 5 ST Stream [RFC1190,IEN119,JWF] 6 TCP Transmission Control [RFC793,JBP] 7 UCL UCL [PK] 8 EGP Exterior Gateway Protocol [RFC888,DLM1] 9 IGP any private interior gateway [JBP] 10 BBN-RCC-MON BBN RCC Monitoring [SGC] 11 NVP-II Network Voice Protocol [RFC741,SC3] 12 PUP PUP [PUP,XEROX] 13 ARGUS ARGUS [RWS4] 14 EMCON EMCON [BN7] 15 XNET Cross Net Debugger [IEN158,JFH2] 16 CHAOS Chaos [NC3] 17 UDP User Datagram [RFC768,JBP] 18 MUX Multiplexing [IEN90,JBP] 19 DCN-MEAS DCN Measurement Subsystems [DLM1] 20 HMP Host Monitoring [RFC869,RH6] 21 PRM Packet Radio Measurement [ZSU] 22 XNS-IDP XEROX NS IDP [ETHERNET,XEROX] 23 TRUNK-1 Trunk-1 [BWB6] 24 TRUNK-2 Trunk-2 [BWB6] 25 LEAF-1 Leaf-1 [BWB6] 26 LEAF-2 Leaf-2 [BWB6] 27 RDP Reliable Data Protocol [RFC908,RH6] 28 IRTP Internet Reliable Transaction [RFC938,TXM] 29 ISO-TP4 ISO Transport Protocol Class 4 [RFC905,RC77] 30 NETBLT Bulk Data Transfer Protocol [RFC969,DDC1] 31 MFE-NSP MFE Network Services Protocol [MFENET,BCH2] 32 MERIT-INP MERIT Internodal Protocol [HWB] 33 SEP Sequential Exchange Protocol [JC120] 34 3PC Third Party Connect Protocol [SAF3] 35 IDPR Inter-Domain Policy Routing Protocol [MXS1] 36 XTP XTP [GXC] 37 DDP Datagram Delivery Protocol [WXC] 38 IDPR-CMTP IDPR Control Message Transport Proto [MXS1] 39 TP++ TP++ Transport Protocol [DXF] 40 IL IL Transport Protocol [DXP2] 41 SIP Simple Internet Protocol [SXD] 42 SDRP Source Demand Routing Protocol [DXE1] 43 SIP-SR SIP Source Route [SXD] 44 SIP-FRAG SIP Fragment [SXD] 45 IDRP Inter-Domain Routing Protocol [Sue Hares] 46 RSVP Reservation Protocol [Bob Braden] 47 GRE General Routing Encapsulation [Tony Li] 48 MHRP Mobile Host Routing Protocol[David Johnson] 49 BNA BNA [Gary Salamon] 50 SIPP-ESP SIPP Encap Security Payload [Steve Deering] 51 SIPP-AH SIPP Authentication Header [Steve Deering] 52 I-NLSP Integrated Net Layer Security TUBA [GLENN] 53 SWIPE IP with Encryption [JI6] 54 NHRP NBMA Next Hop Resolution Protocol 55-60 Unassigned [JBP] 61 any host internal protocol [JBP] 62 CFTP CFTP [CFTP,HCF2] 63 any local network [JBP] 64 SAT-EXPAK SATNET and Backroom EXPAK [SHB] 65 KRYPTOLAN Kryptolan [PXL1] 66 RVD MIT Remote Virtual Disk Protocol [MBG] 67 IPPC Internet Pluribus Packet Core [SHB] 68 any distributed file system [JBP] 69 SAT-MON SATNET Monitoring [SHB] 70 VISA VISA Protocol [GXT1] 71 IPCV Internet Packet Core Utility [SHB] 72 CPNX Computer Protocol Network Executive [DXM2] 73 CPHB Computer Protocol Heart Beat [DXM2] 74 WSN Wang Span Network [VXD] 75 PVP Packet Video Protocol [SC3] 76 BR-SAT-MON Backroom SATNET Monitoring [SHB] 77 SUN-ND SUN ND PROTOCOL-Temporary [WM3] 78 WB-MON WIDEBAND Monitoring [SHB] 79 WB-EXPAK WIDEBAND EXPAK [SHB] 80 ISO-IP ISO Internet Protocol [MTR] 81 VMTP VMTP [DRC3] 82 SECURE-VMTP SECURE-VMTP [DRC3] 83 VINES VINES [BXH] 84 TTP TTP [JXS] 85 NSFNET-IGP NSFNET-IGP [HWB] 86 DGP Dissimilar Gateway Protocol [DGP,ML109] 87 TCF TCF [GAL5] 88 IGRP IGRP [CISCO,GXS] 89 OSPFIGP OSPFIGP [RFC1583,JTM4] 90 Sprite-RPC Sprite RPC Protocol [SPRITE,BXW] 91 LARP Locus Address Resolution Protocol [BXH] 92 MTP Multicast Transport Protocol [SXA] 93 AX.25 AX.25 Frames [BK29] 94 IPIP IP-within-IP Encapsulation Protocol [JI6] 95 MICP Mobile Internetworking Control Pro. [JI6] 96 SCC-SP Semaphore Communications Sec. Pro. [HXH] 97 ETHERIP Ethernet-within-IP Encapsulation [RXH1] 98 ENCAP Encapsulation Header [RFC1241,RXB3] 99 any private encryption scheme [JBP] 100 GMTP GMTP [RXB5] 101-254 Unassigned [JBP] 255 Reserved [JBP] REFERENCES [RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, USC/Information Sciences Institute, August 1980. [RFC793] Postel, J., ed., "Transmission Control Protocol - DARPA Internet Program Protocol Specification", STD 7, RFC 793, USC/Information Sciences Institute, September 1981. [] mason-1.0.0.orig/debian/0040755000765700007640000000000007006634007013666 5ustar martinedvmason-1.0.0.orig/debian/postinst0100644000765700007640000000241207006222747015474 0ustar martinedv#! /bin/sh # postinst script for mason # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-deconfigure' `in-favour' # `removing' # # for details, see /usr/doc/packaging-manual/ # # quoting from the policy: # Any necessary prompting should almost always be confined to the # post-installation script, and should be protected with a conditional # so that unnecessary prompting doesn't happen if a package's # installation fails and the `postinst' is called with `abort-upgrade', # `abort-remove' or `abort-deconfigure'. case "$1" in configure) /usr/sbin/update-rc.d mason defaults 19 > /dev/null ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 0 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 mason-1.0.0.orig/debian/changelog0100644000765700007640000000062007006140224015524 0ustar martinedvmason (0.13.0.92-1) unstable; urgency=low * Newer upstream version. * Real working package, this time. :-) -- Jeff Licquia Thu, 28 Oct 1999 16:30:12 -0500 mason (0.12.0-1) unstable; urgency=low * Initial Release. -- Jeff Licquia Wed, 31 Mar 1999 21:49:35 -0600 Local variables: mode: debian-changelog add-log-mailing-address: "jeff@luci.org" End: mason-1.0.0.orig/debian/copyright0100644000765700007640000000161607467613402015631 0ustar martinedvThis package was debianized by Jeff Licquia jeff@luci.org on Wed, 31 Mar 1999 21:49:35 -0600. It was downloaded from http://www.pobox.com/~wstearns/mason/ Upstream Author(s): William Stearns Copyright (C) 1998-2002 William Stearns From the main mason script: --- This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. --- On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in /usr/doc/copyright/GPL'. mason-1.0.0.orig/debian/conffiles0100644000765700007640000000007007006226744015560 0ustar martinedv/etc/masonrc /etc/init.d/mason /var/lib/mason/baserules mason-1.0.0.orig/debian/postrm0100644000765700007640000000167107006227516015142 0ustar martinedv#! /bin/sh # postrm script for mason # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' overwrit>r> # for details, see /usr/doc/packaging-manual/ case "$1" in purge) /usr/sbin/update-rc.d mason remove > /dev/null /bin/rm -rf /var/lib/mason ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 0 esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# mason-1.0.0.orig/debian/control0100644000765700007640000000065607006137663015303 0ustar martinedvSource: mason Section: net Priority: extra Maintainer: Jeff Licquia Standards-Version: 3.0.0 Package: mason Architecture: all Depends: bash Description: Interactively creates a Linux packet filtering firewall. Mason creates a firewall that exactly matches the types of TCP/IP traffic flowing in, out and through a Linux computer. It can be used to create a full firewall or add rules to an existing firewall. mason-1.0.0.orig/debian/rules0100755000765700007640000000377007006222253014746 0ustar martinedv#!/usr/bin/make -f # Made with the aid of dh_make, by Craig Small # Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess. # Some lines taken from debmake, by Cristoph Lameter. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 build: build-stamp build-stamp: dh_testdir # Add here commands to compile the package. # $(MAKE) touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp install-stamp # Add here commands to clean up after the build process. -$(MAKE) clean dh_clean install: install-stamp install-stamp: build-stamp dh_testdir dh_testroot dh_clean -k dh_installdirs # Make directories mkdir -p `pwd`/debian/tmp/usr/bin mkdir -p `pwd`/debian/tmp/usr/share/man/man1 mkdir -p `pwd`/debian/tmp/var/lib/mason mkdir -p `pwd`/debian/tmp/etc/init.d # Add here commands to install the package into debian/tmp. $(MAKE) install DESTDIR=`pwd`/debian/tmp \ DOCDIR=`pwd`/debian/tmp/usr/share/doc/mason/ \ MANDIR=`pwd`/debian/tmp/usr/share/man/man1/ \ SYSVDIR=`pwd`/debian/tmp/etc/init.d/ # Miscellaneous cleanup mv debian/tmp/etc/init.d/firewall debian/tmp/etc/init.d/mason rm debian/tmp/usr/share/doc/mason/COPYING chmod +x debian/tmp/var/lib/mason/regression-test touch install-stamp # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install # dh_testversion dh_testdir dh_testroot dh_installdocs # dh_installexamples # dh_installmenu # dh_installemacsen # dh_installinit # dh_installcron # dh_installmanpages # dh_undocumented dh_installchangelogs dh_strip dh_compress dh_fixperms # dh_suidregister dh_installdeb # dh_shlibdeps dh_gencontrol # dh_makeshlibs dh_md5sums dh_builddeb source diff: @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary mason-1.0.0.orig/debian/README.Debian0100644000765700007640000000033707006220207015720 0ustar martinedvmason for DEBIAN ---------------------- The changes between the stock mason distribution and this are very minor, mostly dealing with issues with the FHS and Debian policy. Jeff Licquia , Wed, 28 Oct 1999 mason-1.0.0.orig/redhat/0040755000765700007640000000000006716414406013721 5ustar martinedvmason-1.0.0.orig/redhat/mason.spec0100644000765700007640000000572507467637271015733 0ustar martinedv%define version 1.0.0 Summary: Interactively creates a Linux packet filtering firewall. Name: mason Version: %{version} Release: 2 Copyright: GPL Group: Utilities/Network Source: http://www.stearns.org/mason/mason-%{version}.tar.gz URL: http://www.stearns.org/mason/index.html Vendor: William Stearns Packager: William Stearns BuildRoot: /var/tmp/mason-root Buildarch: noarch Prereq: samlib %description Mason creates a firewall that exactly matches the types of TCP/IP traffic flowing in, out and through a Linux computer. It can be used to create a full firewall or add rules to an existing firewall. %prep %setup %build %install if [ "$RPM_BUILD_ROOT" = "/var/tmp/mason-root" ]; then rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/etc mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d mkdir -p $RPM_BUILD_ROOT/usr/bin mkdir -p $RPM_BUILD_ROOT/usr/doc/mason-%{version} mkdir -p $RPM_BUILD_ROOT/usr/man/man1 mkdir -p $RPM_BUILD_ROOT/var/lib/mason make DESTDIR=$RPM_BUILD_ROOT install else echo Invalid Buildroot exit 1 fi %clean if [ "$RPM_BUILD_ROOT" = "/var/tmp/mason-root" ]; then rm -rf $RPM_BUILD_ROOT else echo Invalid Buildroot exit 1 fi %files %doc COPYING index.html mason.lsm mason.sgml mason.txt mason.html mason-1.html mason-2.html mason-3.html mason-4.html mason-5.html mason-6.html mason-7.html mason-8.html mason-9.html mason-10.html mason-11.html toc.gif prev.gif next.gif mason.pdb mason-banner.gif %attr(600,root,root) %config /etc/masonrc %attr(755,root,root) /etc/rc.d/init.d/firewall %attr(755,root,root) /usr/bin/mason %attr(755,root,root) /usr/bin/mason-decide %attr(755,root,root) /usr/bin/mason-gui-text %attr(644,root,root) /usr/man/man1/mason.1.gz %attr(644,root,root) /usr/man/man1/mason-gui-text.1.gz %attr(755,root,root) %dir /var/lib/mason %attr(644,root,root) /var/lib/mason/all-ip-numbers.txt %attr(755,root,root) /var/lib/mason/baserules.sample %attr(755,root,root) /var/lib/mason/masonlib %attr(644,root,root) /var/lib/mason/moreservices %attr(644,root,root) /var/lib/mason/graffiti-services %attr(644,root,root) /var/lib/mason/nmap-services %attr(644,root,root) /var/lib/mason/portsdb-services %attr(755,root,root) /var/lib/mason/regression-test %pre if [ -f /etc/masonrc ]; then rm -f /etc/masonrc.oldversion cp -pf /etc/masonrc /etc/masonrc.oldversion fi %post if [ ! -f /var/lib/mason/baserules ]; then cp -p /var/lib/mason/baserules.sample /var/lib/mason/baserules chown root.root /var/lib/mason/baserules chmod 700 /var/lib/mason/baserules fi if [ ! -f /var/lib/mason/newrules ]; then touch /var/lib/mason/newrules chown root.root /var/lib/mason/newrules chmod 700 /var/lib/mason/newrules fi if [ -f /etc/masonrc.oldversion ]; then cat /etc/masonrc.oldversion | grep -v '^#' | grep -v '^$' >>/etc/masonrc rm -f /etc/masonrc.oldversion echo "NOTE - your old settings have been appended to the end of the " >>/etc/masonrc.README echo "new /etc/masonrc." >>/etc/masonrc.README fi mason-1.0.0.orig/AUTHORS0100644000765700007640000000004507467512250013516 0ustar martinedvWilliam Stearns mason-1.0.0.orig/COPYING0100644000765700007640000004307606101205312013472 0ustar martinedv GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19yy name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. mason-1.0.0.orig/CREDITS0100644000765700007640000000017507201046042013455 0ustar martinedv- Jeff Licquia for the debian packaging. - Steve Wray for the awk only replacement for grep|awk|sed. mason-1.0.0.orig/ChangeLog0100644000765700007640000000000007201045571014200 0ustar martinedvmason-1.0.0.orig/INSTALL0100644000765700007640000000000007201045563013460 0ustar martinedvmason-1.0.0.orig/Makefile0100644000765700007640000001152607467637726014134 0ustar martinedv# # Makefile for the Mason firewall builder # #Copyleft: # Mason interactively creates a Linux packet filtering firewall. # Copyright (C) 1998-2000 William Stearns # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # The author can also be reached at: # William Stearns #email: wstearns@pobox.com (preferred) #web: http://www.pobox.com/~wstearns #snail: 6 Manchester Dr. # Lebanon NH, 03766, USA # # Modified for Debian GNU/Linux. DESTDIR = ##Make sure mason has MASONVER updated when this changes MASONVER = 1.0.0 #No quotes around multi file specs. BINDIR=$(DESTDIR)/usr/bin/ BINFILES=mason mason-gui-text mason-decide CONFDIR=$(DESTDIR)/etc/ CONFFILE=masonrc LIBDIR=$(DESTDIR)/var/lib/mason/ LIBFILES=masonlib baserules.sample graffiti-services moreservices nmap-services portsdb-services regression-test all-ip-numbers.txt DOCDIR=$(DESTDIR)/usr/doc/mason-${MASONVER}/ DOCFILES=COPYING index.html mason.sgml mason.txt mason.html mason-1.html mason-2.html mason-3.html mason-4.html mason-5.html mason-6.html mason-7.html mason-8.html mason-9.html mason-10.html mason-11.html toc.gif prev.gif next.gif mason-banner.gif #DOCDIR=$(DESTDIR)/usr/doc/mason/ #DOCFILES=index.html mason.sgml mason.txt mason.html mason-1.html mason-2.html mason-3.html mason-4.html mason-5.html mason-6.html mason-7.html mason-8.html mason-9.html mason-10.html mason-11.html toc.gif prev.gif next.gif MANDIR=$(DESTDIR)/usr/man/man1/ MANFILES=mason.1 mason-gui-text.1 SYSVDIR=$(DESTDIR)/etc/rc.d/init.d/ SYSVFILES=firewall # SYSVDIR=/etc/rc.d/init.d/ # SYSVFILES=firewall install: @echo -n "Installing files... " @echo -n "${BINFILES}... " @install -o root -g root -m 0755 ${BINFILES} ${BINDIR} @echo -n "lib directory... " @install -o root -g root -m 0755 -d ${LIBDIR} @echo -n "${LIBFILES}... " @install -o root -g root -m 0644 ${LIBFILES} ${LIBDIR} @echo -n "doc directory... " @install -o root -g root -m 0755 -d ${DOCDIR} @echo -n "${DOCFILES}... " @install -o root -g root -m 0644 ${DOCFILES} ${DOCDIR} @echo -n "${MANFILES}... " @install -o root -g root -m 0644 ${MANFILES} ${MANDIR} @echo -n "${SYSVFILES}... " @install -o root -g root -m 0755 ${SYSVFILES} ${SYSVDIR} @if [ ! -f ${LIBDIR}baserules ] ; then \ install -o root -g root -m 0600 ${LIBDIR}baserules.sample ${LIBDIR}baserules ; \ echo -n "baserules... " ; \ else \ echo -n "${LIBDIR}baserules already exists, not overwriting... " ; \ fi @if [ ! -f ${CONFDIR}${CONFFILE} ] ; then \ install -o root -g root -m 0600 ${CONFFILE} ${CONFDIR}${CONFFILE} ; \ echo -n "${CONFFILE}... " ; \ else \ rm -f ${CONFDIR}${CONFFILE}.old ; \ mv -f ${CONFDIR}${CONFFILE} ${CONFDIR}${CONFFILE}.old ; \ install -o root -g root -m 0600 ${CONFFILE} ${CONFDIR}${CONFFILE} ; \ echo "" >>${CONFDIR}${CONFFILE} ; \ echo "#Your previous settings, if any:" >>${CONFDIR}${CONFFILE} ; \ cat ${CONFDIR}${CONFFILE}.old | grep -v "^#" | grep -v "^$$" >>${CONFDIR}${CONFFILE} ; \ echo -n "${CONFDIR}${CONFFILE} already exists, appending your settings to the new ${CONFFILE}... " ; \ fi @echo done! docs: sgml2html --imagebuttons mason.sgml \ && sgml2txt -f mason.sgml \ && makedoc mason.txt mason.pdb 'The Mason HOWTO' regress: @if ./regression-test ; then \ echo Regression test succeeded. ; \ else \ echo Regression test failed, exiting. ; \ exit 1 ; \ fi distribs: regress docs @echo This should only need to be used by the author in @echo packing up the mason package. @cat /etc/services | grep -v PRIVATE >moreservices cd .. \ && tar cf - mason-${MASONVER}/ | \ gzip -9 > mason-${MASONVER}.tar.gz \ && rm -f mason-current \ && ln -sf mason-${MASONVER} mason-current \ && tar cf - mason-current/* | \ gzip -9 > mason-current.tar.gz \ && cp mason-${MASONVER}.tar.gz /usr/src/redhat/SOURCES/ \ && cd mason-${MASONVER} \ && cp -f redhat/mason.spec /usr/src/redhat/SPECS/ \ && rpm --sign -ba /usr/src/redhat/SPECS/mason.spec \ && mv -f /usr/src/mason-*.tar.gz /usr/src/mysource/ \ && mv -f /usr/src/redhat/RPMS/noarch/mason-*.noarch.rpm /usr/src/mysource/ \ && mv -f /usr/src/redhat/SRPMS/mason-*.src.rpm /usr/src/mysource/ mini-install: cp -pf mason mason-decide mason-gui-text /usr/bin ; cp -pf masonlib baserules.sample /var/lib/mason mason-1.0.0.orig/NEWS0100644000765700007640000000000007201045577013133 0ustar martinedvmason-1.0.0.orig/README0100644000765700007640000000000007201045603013302 0ustar martinedvmason-1.0.0.orig/TODO0100644000765700007640000000000007201045605013114 0ustar martinedvmason-1.0.0.orig/baserules.sample0100644000765700007640000000344007467512500015636 0ustar martinedv#Put any fixed rules you wish here. Example: #if [ -f /proc/net/ip_fwchains ]; then # #Place the ipchains versions of your rules here # /sbin/ipchains -A forward -s 172.16.0.0/24 -j MASQ #Masquerade from internal lan out #elif [ -f /proc/net/ip_input ]; then # #Place the ipfwadm versions of your rules here. # /sbin/ipfwadm -F -a accept -m -S 172.16.0.0/24 #Masquerade from internal lan out #else #The old >>>elif [ -n "`lsmod | grep '^ip_tables '`" ]; then<<<< doesn't work as iptables can be kernel-resident. Cross your fingers. # #Place the iptables versions of your rules here # #The following loads all netfilter modules - this may or may not be appropriate for you # MODDIR="/lib/modules/`uname -r`" # for MOD in \ # $MODDIR/ipv4/ip_* \ # $MODDIR/ipv4/ipt_* \ # $MODDIR/ipv4/iptable_* \ # $MODDIR/kernel/net/ipv4/netfilter/ip_* \ # $MODDIR/kernel/net/ipv4/netfilter/ipt_* \ # $MODDIR/kernel/net/ipv4/netfilter/iptable_* ; do # insmod $MOD >/dev/null 2>/dev/null ; modprobe $MOD >/dev/null 2>/dev/null # done # #Masquerade from internal lan out - syntax from iptables howto; thanks, Rusty. # iptables -A POSTROUTING -t nat -s 172.16.0.0/24 -o ppp0 -j MASQUERADE # #The following will allow the response packets back in/out/through your firewall. # #This, too, may or may not be appropriate for you and should not be taken as a suggestion. # #It is only here as a convience. If you use these, Mason will build a firewall # #of opening packets only. # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #fi mason-1.0.0.orig/firewall0100755000765700007640000000273007075003206014173 0ustar martinedv#!/bin/sh # # firewall Starts a Mason firewall. # # # chkconfig: 2345 18 92 # description: firewall starts the firewall created by the Mason \ # firewall builder. As a firewall is important to system security, \ # it should be always turned on. # Debian init script derived from original script by Jeff Licquia. # Debian flags for runlevels - similar to RH's chkconfig. FLAGS="defaults 19" # Source function library. if [ -f /etc/rc.d/init.d/functions ]; then . /etc/rc.d/init.d/functions fi MASONCONF=${MASONCONF:-"/etc/masonrc"} [ -f $MASONCONF ] || exit 0 MASONDIR=${MASONDIR:-"/var/lib/mason/"} MASONLIB=${MASONLIB:-"/var/lib/mason/masonlib"} if [ -f $MASONLIB ]; then . $MASONLIB else echo Missing $MASONLIB library file. Please get a complete copy of Mason from >/dev/stderr echo http://www.pobox.com/~wstearns/mason/ . Exiting. >/dev/stderr exit fi if [ -f /etc/masonrc ]; then . /etc/masonrc fi checksys checkconf # See how we were called. case "$1" in start) echo -n "Starting Mason firewall: " flushfirewall runfirewall STANDARD if [ -d /var/lock/subsys ]; then touch /var/lock/subsys/firewall fi echo ;; stop) echo -n "Shutting down Mason firewall: " flushfirewall if [ -d /var/lock/subsys ]; then rm -f /var/lock/subsys/firewall fi echo ;; # status) # status syslogd # status klogd # ;; restart) $0 stop $0 start ;; force-reload) $0 stop $0 start ;; *) echo "Usage: $0 {start|stop|restart|force-reload}" exit 1 esac exit 0 mason-1.0.0.orig/gmader-prep.html0100644000765700007640000002523007061637033015537 0ustar martinedv Preparing to use Mason

Preparing to use Mason

 

1. Introduction.


Sometimes the hardest part in starting a new project is knowing what you want to do.  I knew that I wanted to set up a firewall, as I saw the example the IPCHAINS HOWTO. I had created a simple one at home, and I told my boss that this was the solution that we wanted to go with for setting up our company.  After a certain amount of convincing, and a lot of trust on his part, I was given the "Go Ahead" to replicate the chapter 7 model, "A Serious Example". So, with gleaming optimisim, I gave copied their example, and made changes to only the ip address and interface names.
 

2. One Change at a Time!

The optimisim faded quickly, as I realized that I couldn't get the machines to talk.

Router ( To Internet)
       | 209.83.9.193
                  |
External Network (To router)
       |
       |
  eth1 |
 ---------------
| 209.83.9.194 |             Server Network (DMZ)
|              |eth2
|              |-------------------------------------------------
|              |209.83.9.195   |             |                  |
|              |               |             |                  |
| 192.168.1.0  |               |             |                  |
 ---------------             --------       ------------       -------
        | eth0               | mail |      |workstation |      | WWW |
        |                    --------       ------------       -------
        |                  209.83.9.198    209.83.9.199    209.83.9.196
        |
Internal Network (198.168.1.X)
 

None of the machines could get to the outside world, the machines on the internal network couldn't get their mail, and I was perplexed. It was time to take a step backwards.

I went back to very simple rules for the chains.

/sbin/ipchains -F
/sbin/ipchains -X
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward DENY

(This flushes the rule set, and sets new base rules)
 

/sbin/ipchains -A forward -p all -i eth0 -s 192.168.1.0/24 -j MASQ
/sbin/ipchains -A forward -p all -s 209.83.9.194 -j ACCEPT
/sbin/ipchains -A forward -p all -s 209.83.9.198 -j ACCEPT
/sbin/ipchains -A forward -p all -s 209.83.9.199 -j ACCEPT
/sbin/ipchains -A forward -p all -s 209.83.9.196 -j ACCEPT
(This sets up new rules to forward packets from these machines to the internet.)
 

The internal networked machines were now able to see out to the internet, but the mail and web servers were still not working right.  I didn't know enough about ipchains to even ask the right question. Why was masquerading working, but not the machines with real IP addresses?
 

3.Thank you, Mr. Stearns.


Bill Stearns took pity on me, and told me about a simple, strange rule in ipchains.  Masquerading a network only requires ONE rule, but forwarding public IP packets require TWO rules, one for incoming packets, and one for outgoing. This inconsistancy, while well known about, didn't jump out and make itself obvious.  My new rules looked like this:
/sbin/ipchains -F
/sbin/ipchains -X
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward DENY

(This flushes the rule set, and sets new base rules)
 

/sbin/ipchains -A forward -p all -i eth0 -s 192.168.1.0/24 -j MASQ
/sbin/ipchains -A forward -p all -s 209.83.9.194 -j ACCEPT
/sbin/ipchains -A forward -p all -d 209.83.9.194 -j ACCEPT
/sbin/ipchains -A forward -p all -s 209.83.9.198 -j ACCEPT
/sbin/ipchains -A forward -p all -d 209.83.9.198 -j ACCEPT
/sbin/ipchains -A forward -p all -s 209.83.9.199 -j ACCEPT
/sbin/ipchains -A forward -p all -d 209.83.9.199 -j ACCEPT
/sbin/ipchains -A forward -p all -s 209.83.9.196 -j ACCEPT
/sbin/ipchains -A forward -p all -d 209.83.9.196 -j ACCEPT
(This sets up new rules to forward packets from these machines to the internet.)

Huzzah, it worked! I now had all of the machines able to see each other, and get out to the internet.  I couldn't see in to our web server, though, from the outside.  After more pondering, and another conversation with Bill, I found out that packets directed to our web server were getting lost at the router.  The web server hadn't changed addresses, but it was removed by one hop from the router.  Bill suggested that I try to fool the router by setting the external interface network card on the firewall to answer calls for the MAC hardware address of the web server.  This complicated sounding procedure is actually very easy.

/sbin/arp -s 209.83.9.198 00:A0:CC:26:B5:67 pub
/sbin/arp -s 209.83.9.199 00:A0:CC:26:B5:67 pub
/sbin/arp -s 209.83.9.196 00:A0:CC:26:B5:67 pub

The (00:A0:CC:26:B5:67)number is the MAC address for the external interface card.  When packets come in from the internet, the router would then send the packets to the MAC address of the external card.  The routing tables that linux uses then figure out that the packet actually does not belong to it, and forwards them to the correct machine.

With this fix, I could now see our webserver from the outside, send and receive email, and interoperate.  I contacted our ISP, Chorus , to help make this permanent.  The tech staff at our ISP created a static route, from their router, through ours, directly to the web, and email servers.  With this change, I could take out the arp commands, and the traffic would route correctly.
 
 

4. Conclusions.

This example of what I went through demonstrates an important rule:
 
  • Start simple.  The experts, like Paul Russell, make this stuff look easy.  Make sure you prototype a simple attempt before you try the full scale approach.


    • This basic set of rules is not secure, and does not take advantage of all of the power of ipchains.  It is only to get you started, and then I suggest that you look into Mason, a really cool firewall building tool that Bill wrote.  Mason will take you the rest of the way towards a secure, well thought out firewall.

    Greg Mader
    gmader@geoanalytics.com
      mason-1.0.0.orig/graffiti-services0100644000765700007640000076254707022373711016025 0ustar martinedvrtmp 1/ddp # routing table maintenance protocol tcpmux 1/tcp # tcp port service multiplexer [rfc-1078], tcp port service multiplexer, tcp port multiplexer (rfc1078) tcpmux 1/udp # tcp port service multiplexer nbp 2/ddp # name binding protocol compressnet 2/tcp # management utility compressnet 2/udp # management utility compressnet 3/tcp # compression process compressnet 3/udp # compression process echo 4/ddp # appletalk echo protocol rje 5/tcp # remote job entry rje 5/udp # remote job entry zip 6/ddp # zone information protocol echo 7/tcp # echo echo 7/udp # echo discard 9/tcp null sink # sink null, discard discard 9/udp null sink # sink null, discard systat 11/tcp users # active users systat 11/udp users # active users daytime 13/tcp # daytime (rfc 867) daytime 13/udp # daytime (rfc 867) netstat 15/tcp qotd 17/tcp quote # quote of the day qotd 17/udp quote # quote of the day msp 18/tcp # message send protocol msp 18/udp # message send protocol chargen 19/tcp source ttytst # ttytst source character generator, character generator chargen 19/udp source ttytst # ttytst source character generator, character generator ftp-data 20/tcp # file transfer [default data], default ftp data port ftp-data 20/udp # file transfer [default data] ftp 21/tcp # file transfer [control], file transfer protocol ftp 21/udp # file transfer [control] ssh 22/tcp # secure shell login, ssh remote login protocol, secure shell ssh 22/udp # secure shell login, ssh remote login protocol telnet 23/tcp # telnet telnet 23/udp # telnet priv-mail 24/tcp # any private mail system priv-mail 24/udp # any private mail system smtp 25/tcp mail # simple mail transfer smtp 25/udp mail # simple mail transfer nsw-fe 27/tcp # nsw user system fe nsw-fe 27/udp # nsw user system fe msg-icp 29/tcp # msg icp msg-icp 29/udp # msg icp msg-auth 31/tcp # msg authentication msg-auth 31/udp # msg authentication dsp 33/tcp # display support protocol dsp 33/udp # display support protocol priv-print 35/tcp # any private printer server priv-print 35/udp # any private printer server time 37/tcp timserver # timserver, time time 37/udp timserver # timserver, time rap 38/tcp # route access protocol rap 38/udp # route access protocol rlp 39/tcp resource # resource location protocol rlp 39/udp resource # resource location, resource location protocol graphics 41/tcp # graphics graphics 41/udp # graphics name 42/tcp nameserver name # ien 116, host name server name 42/udp nameserver name # host name server nicname 43/tcp whois nicname # who is, nicname, usually to sri-nic nicname 43/udp whois shois # who is, nicname mpm-flags 44/tcp # mpm flags protocol mpm-flags 44/udp # mpm flags protocol mpm 45/tcp # message processing module [recv] mpm 45/udp # message processing module [recv] mpm-snd 46/tcp # mpm [default send] mpm-snd 46/udp # mpm [default send] ni-ftp 47/tcp # ni ftp ni-ftp 47/udp # ni ftp auditd 48/tcp # digital audit daemon auditd 48/udp # digital audit daemon tacacs 49/tcp # login host protocol (tacacs) tacacs 49/udp # login host protocol (tacacs) re-mail-ck 50/tcp # remote mail checking protocol re-mail-ck 50/udp # remote mail checking protocol la-maint 51/tcp # imp logical address maintenance la-maint 51/udp # imp logical address maintenance xns-time 52/tcp # xns time protocol xns-time 52/udp # xns time protocol domain 53/tcp nameserver # domain name server, name-domain server domain 53/udp nameserver # domain name server xns-ch 54/tcp # xns clearinghouse xns-ch 54/udp # xns clearinghouse isi-gl 55/tcp # isi graphics language isi-gl 55/udp # isi graphics language xns-auth 56/tcp # xns authentication xns-auth 56/udp # xns authentication mtp 57/tcp priv-term # any private terminal access, deprecated priv-term 57/udp # any private terminal access xns-mail 58/tcp # xns mail xns-mail 58/udp # xns mail priv-file 59/tcp # any private file service priv-file 59/udp # any private file service ni-mail 61/tcp # ni mail ni-mail 61/udp # ni mail acas 62/tcp # aca services acas 62/udp # aca services whois++ 63/tcp via-ftp # whois++, via systems - ftp & whois++ whois++ 63/udp via-ftp # whois++, via systems - ftp & whois++ covia 64/tcp # communications integrator (ci) covia 64/udp # communications integrator (ci) tacacs-ds 65/tcp # tacacs-database service tacacs-ds 65/udp # tacacs-database service sql*net 66/tcp # oracle sql*net sql*net 66/udp # oracle sql*net bootps 67/tcp dhcps # bootp server, bootstrap protocol server bootps 67/udp dhcps # bootstrap protocol server bootpc 68/tcp dhcpc # bootp client, bootstrap protocol client bootpc 68/udp dhcpc # bootstrap protocol client tftp 69/tcp # trivial file transfer tftp 69/udp # trivial file transfer, trivial file transfer protocol gopher 70/tcp gn # gopher, internet gopher gopher 70/udp # gopher netrjs-1 71/tcp # remote job service netrjs-1 71/udp # remote job service netrjs-2 72/tcp # remote job service netrjs-2 72/udp # remote job service netrjs-3 73/tcp # remote job service netrjs-3 73/udp # remote job service netrjs-4 74/tcp # remote job service netrjs-4 74/udp # remote job service priv-dial 75/tcp # any private dial out service priv-dial 75/udp # any private dial out service deos 76/tcp # distributed external object store deos 76/udp # distributed external object store rje 77/tcp netrjs priv-rje # any private rje service, netrjs priv-rje 77/udp # any private rje service, netjrs vettcp 78/tcp # vettcp vettcp 78/udp # vettcp finger 79/tcp # finger finger 79/udp # finger http 80/tcp http www-http www # worldwideweb http, world wide web http http 80/udp www-http www # hypertext transfer protocol, world wide web http hosts2-ns 81/tcp # hosts2 name server hosts2-ns 81/udp # hosts2 name server xfer 82/tcp # xfer utility xfer 82/udp # xfer utility mit-ml-dev 83/tcp # mit ml device mit-ml-dev 83/udp # mit ml device ctf 84/tcp # common trace facility ctf 84/udp # common trace facility mit-ml-dev 85/tcp # mit ml device mit-ml-dev 85/udp # mit ml device mfcobol 86/tcp # micro focus cobol mfcobol 86/udp # micro focus cobol link 87/tcp priv-term-l ttylink # any private terminal link, ttylink kerberos 88/tcp krb5 kerberos kerberos-sec # kerberos v5, kerberos secondary port tcp, kerberos (v5), krb5 # kerberos (v5), kerberos kerberos 88/udp kerberos kerberos-sec # kerberos (v5), krb5 # kerberos (v5), kerberos secondary port udp, kerberos su-mit-tg 89/tcp # su/mit telnet gateway su-mit-tg 89/udp # su/mit telnet gateway dnsix 90/tcp # dnsix securit attribute token map dnsix 90/udp # dnsix securit attribute token map mit-dov 91/tcp # mit dover spooler mit-dov 91/udp # mit dover spooler npp 92/tcp # network printing protocol npp 92/udp # network printing protocol dcp 93/tcp # device control protocol dcp 93/udp # device control protocol objcall 94/tcp # tivoli object dispatcher objcall 94/udp # tivoli object dispatcher supdup 95/tcp # supdup, bsd supdupd(8) supdup 95/udp # supdup dixie 96/tcp # dixie protocol specification dixie 96/udp # dixie protocol specification swift-rvf 97/tcp # swift remote virtural file protocol swift-rvf 97/udp # swift remote virtural file protocol tacnews 98/tcp linuxconf # added by linuxconf rpm, tac news tacnews 98/udp # tac news metagram 99/tcp # metagram relay metagram 99/udp # metagram relay newacct 100/tcp # [unauthorized use] hostname 101/tcp hostnames hostname # usually from sri-nic, nic host name server, hostnames nic host name server, usually to sri-nic hostname 101/udp hostnames # nic host name server, hostnames nic host name server iso-tsap 102/tcp tsap # tsap iso-tsap class 0, part of isode., iso-tsap class 0 iso-tsap 102/udp tsap # tsap iso-tsap class 0, iso-tsap class 0 gppitnp 103/tcp x400 # iso e-mail, genesis point-to-point trans net, or x400 iso email, iso mail, genesis point-to-point trans net gppitnp 103/udp # genesis point-to-point trans net acr-nema 104/tcp x400-snd # acr-nema digital imag. & comm. 300 acr-nema 104/udp # acr-nema digital imag. & comm. 300 cso 105/tcp cso-ns csnet-ns cso # also used by cso name server, ccso name server protocol, mailbox name nameserver cso 105/udp cso-ns csnet-ns cso # ccso name server protocol, mailbox name nameserver 3com-tsmux 106/tcp 3com-tsmux pop3pw # 3com-tsmux, eudora compatible pw changer 3com-tsmux 106/udp # 3com-tsmux rtelnet 107/tcp # remote telnet, remote telnet service rtelnet 107/udp # remote telnet service snagas 108/tcp # sna gateway access server snagas 108/udp # sna gateway access server pop2 109/tcp postoffice pop-2 # postoffice v.2, post office protocol - version 2, post office, post office protocol 2, pop version 2 pop2 109/udp postoffice pop-2 # postoffice v.2, post office protocol - version 2 pop3 110/tcp pop3 pop-3 # pop version 3, postoffice v.3, post office, post office protocol - version 3, post office protocol 3 pop3 110/udp pop-3 # postoffice v.3, post office protocol - version 3 sunrpc 111/tcp rpcbind portmap # portmapper, rpcbind, remote procedure call, sun remote procedure call sunrpc 111/udp rpcbind portmap # portmapper, rpcbind, sun remote procedure call mcidas 112/tcp # mcidas data transmission protocol mcidas 112/udp # mcidas data transmission protocol ident 113/tcp authentication auth ident tap # authentication service, ident, tap, authentication service auth 113/udp ident tap # authentication service, ident, tap, authentication service audionews 114/tcp # audio news multicast audionews 114/udp # audio news multicast sftp 115/tcp # simple file transfer protocol sftp 115/udp # simple file transfer protocol ansanotify 116/tcp # ansa rex notify ansanotify 116/udp # ansa rex notify uucp-path 117/tcp # uucp path service uucp-path 117/udp # uucp path service sqlserv 118/tcp # sql services sqlserv 118/udp # sql services nntp 119/tcp readnews usenet untp # usenet news transfer protocol, network news transfer, network news transfer protocol nntp 119/udp usenet # network news transfer protocol cfdptkt 120/tcp # cfdptkt cfdptkt 120/udp # cfdptkt erpc 121/tcp # encore expedited remote pro.call erpc 121/udp # encore expedited remote pro.call smakynet 122/tcp # smakynet smakynet 122/udp # smakynet ntp 123/tcp # network time protocol ntp 123/udp # network time protocol ansatrader 124/tcp # ansa rex trader ansatrader 124/udp # ansa rex trader locus-map 125/tcp # locus pc-interface net map ser locus-map 125/udp # locus pc-interface net map ser unitary 126/tcp # unisys unitary login unitary 126/udp # unisys unitary login locus-con 127/tcp # locus pc-interface conn server locus-con 127/udp # locus pc-interface conn server gss-xlicen 128/tcp # gss x license verification gss-xlicen 128/udp # gss x license verification pwdgen 129/tcp # password generator protocol pwdgen 129/udp # password generator protocol cisco-fna 130/tcp # cisco fnative cisco-fna 130/udp # cisco fnative cisco-tna 131/tcp # cisco tnative cisco-tna 131/udp # cisco tnative cisco-sys 132/tcp # cisco sysmaint cisco-sys 132/udp # cisco sysmaint statsrv 133/tcp # statistics service statsrv 133/udp # statistics service ingres-net 134/tcp # ingres-net service ingres-net 134/udp # ingres-net service epmap 135/tcp epmap loc-srv # dce endpoint resolution, location service, ncs local location broker epmap 135/udp epmap loc-srv # dce endpoint resolution, location service profile 136/tcp # profile naming system profile 136/udp # profile naming system netbios-ns 137/tcp # netbios name service netbios-ns 137/udp # netbios name service netbios-dgm 138/tcp # netbios datagram service netbios-dgm 138/udp # netbios datagram service netbios-ssn 139/tcp # netbios session service netbios-ssn 139/udp # netbios session service emfis-data 140/tcp # emfis data service emfis-data 140/udp # emfis data service emfis-cntl 141/tcp # emfis control service emfis-cntl 141/udp # emfis control service bl-idm 142/tcp # britton-lee idm bl-idm 142/udp # britton-lee idm imap 143/tcp imap2 imap4 imap # interactive mail access prot, interim mail access proto v2, internet message access protocol, interim mail access protocol v2 imap 143/udp imap2 imap4 # internet message access protocol, interim mail access protocol v2 uma 144/tcp news NeWS # universal management architecture, news window system, window system uma 144/udp news NeWS # universal management architecture, news window system, window system uaac 145/tcp # uaac protocol uaac 145/udp # uaac protocol iso-tp0 146/tcp # iso-ip0 iso-tp0 146/udp # iso-ip0 iso-ip 147/tcp # iso-ip iso-ip 147/udp # iso-ip jargon 148/tcp jargon cronus # jargon, cronus-support jargon 148/udp jargon cronus # jargon, cronus-support aed-512 149/tcp # aed 512 emulation service aed-512 149/udp # aed 512 emulation service sql-net 150/tcp # sql-net sql-net 150/udp # sql-net hems 151/tcp # hems hems 151/udp # hems bftp 152/tcp # background file transfer proto, background file transfer program bftp 152/udp # background file transfer program sgmp 153/tcp # sgmp sgmp 153/udp # sgmp netsc-prod 154/tcp # netsc netsc-prod 154/udp # netsc netsc-dev 155/tcp # netsc netsc-dev 155/udp # netsc sqlsrv 156/tcp # sql service sqlsrv 156/udp # sql service knet-cmp 157/tcp # knet/vm command/message protocol knet-cmp 157/udp # knet/vm command/message protocol pcmail-srv 158/tcp # pcmail server pcmail-srv 158/udp # pcmail server nss-routing 159/tcp # nss-routing nss-routing 159/udp # nss-routing sgmp-traps 160/tcp # sgmp-traps sgmp-traps 160/udp # sgmp-traps snmp 161/tcp # snmp snmp 161/udp # simple net mgmt proto, snmp snmptrap 162/tcp snmp-trap # snmp-trap, snmptrap snmptrap 162/udp snmp-trap snmptrap # snmp-trap, snmptrap, traps for snmp cmip-man 163/tcp # iso mgmt over ip (cmot), cmip/tcp manager cmip-man 163/udp # cmip/tcp manager cmip-agent 164/tcp # cmip/tcp agent smip-agent 164/udp cmip-agent # cmip/tcp agent xns-courier 165/tcp # xerox xns-courier 165/udp # xerox s-net 166/tcp # sirius systems s-net 166/udp # sirius systems namp 167/tcp # namp namp 167/udp # namp rsvd 168/tcp # rsvd rsvd 168/udp # rsvd send 169/tcp # send send 169/udp # send print-srv 170/tcp # network postscript print-srv 170/udp # network postscript multiplex 171/tcp # network innovations multiplex multiplex 171/udp # network innovations multiplex cl/1 172/tcp # network innovations cl/1 cl/1 172/udp # network innovations cl/1 xyplex-mux 173/tcp # xyplex xyplex-mux 173/udp # xyplex mailq 174/tcp # mailq, zmailer mta mailq 174/udp # mailq vmnet 175/tcp # vmnet vmnet 175/udp # vmnet genrad-mux 176/tcp # genrad-mux genrad-mux 176/udp # genrad-mux xdmcp 177/tcp # x display manager control protocol, x display mgr. control proto xdmcp 177/udp # x display manager control protocol nextstep 178/tcp NeXTStep nextstep NextStep # nextstep window server, nextstep window nextstep 178/udp NeXTStep nextstep NextStep # nextstep window server, server bgp 179/tcp # border gateway proto., border gateway protocol bgp 179/udp # border gateway protocol ris 180/tcp # intergraph ris 180/udp # intergraph unify 181/tcp # unify unify 181/udp # unify audit 182/tcp # unisys audit sitp audit 182/udp # unisys audit sitp ocbinder 183/tcp # ocbinder ocbinder 183/udp # ocbinder ocserver 184/tcp # ocserver ocserver 184/udp # ocserver remote-kis 185/tcp # remote-kis remote-kis 185/udp # remote-kis kis 186/tcp # kis protocol kis 186/udp # kis protocol aci 187/tcp # application communication interface aci 187/udp # application communication interface mumps 188/tcp # plus five's mumps mumps 188/udp # plus five's mumps qft 189/tcp # queued file transport qft 189/udp # queued file transport gacp 190/tcp # gateway access control protocol gacp 190/udp cacp # gateway access control protocol prospero 191/tcp # prospero directory service, cliff neuman's prospero prospero 191/udp # prospero directory service osu-nms 192/tcp # osu network monitoring system osu-nms 192/udp # osu network monitoring system srmp 193/tcp # spider remote monitoring protocol srmp 193/udp # spider remote monitoring protocol irc 194/tcp # internet relay chat protocol, internet relay chat irc 194/udp # internet relay chat protocol dn6-nlm-aud 195/tcp # dnsix network level module audit dn6-nlm-aud 195/udp # dnsix network level module audit dn6-smm-red 196/tcp # dnsix session mgt module audit redir dn6-smm-red 196/udp # dnsix session mgt module audit redir dls 197/tcp # directory location service dls 197/udp # directory location service dls-mon 198/tcp # directory location service monitor dls-mon 198/udp # directory location service monitor smux 199/tcp # snmp unix multiplexer, smux smux 199/udp # smux src 200/tcp # ibm system resource controller src 200/udp # ibm system resource controller at-rtmp 201/tcp # appletalk routing maintenance, appletalk routing at-rtmp 201/udp # appletalk routing maintenance at-nbp 202/tcp # appletalk name binding at-nbp 202/udp # appletalk name binding at-3 203/tcp # appletalk unused at-3 203/udp # appletalk unused at-echo 204/tcp # appletalk echo at-echo 204/udp # appletalk echo at-5 205/tcp # appletalk unused at-5 205/udp # appletalk unused at-zis 206/tcp # appletalk zone information at-zis 206/udp # appletalk zone information at-7 207/tcp # appletalk unused at-7 207/udp # appletalk unused at-8 208/tcp # appletalk unused at-8 208/udp # appletalk unused qmtp 209/tcp tam # the quick mail transfer protocol, trivial authenticated mail protocol qmtp 209/udp tam # the quick mail transfer protocol, trivial authenticated mail protocol z39.50 210/tcp z3950 wais # wais, ansi z39.50, ansi z39.50, niso z39.50 database z39.50 210/udp z3950 wais # wais, ansi z39.50, ansi z39.50 914c/g 211/tcp # texas instruments 914c/g terminal 914c/g 211/udp # texas instruments 914c/g terminal anet 212/tcp # atexsstr anet 212/udp # atexsstr ipx 213/tcp # ipx ipx 213/udp # ipx vmpwscs 214/tcp # vm pwscs vmpwscs 214/udp # vm pwscs softpc 215/tcp # insignia solutions softpc 215/udp # insignia solutions CAIlic 216/tcp atls # access technology license server, computer associates int'l license server CAIlic 216/udp atls # access technology license server, computer associates int'l license server dbase 217/tcp # dbase unix dbase 217/udp # dbase unix mpp 218/tcp # netix message posting protocol mpp 218/udp # netix message posting protocol uarps 219/tcp # unisys arps uarps 219/udp # unisys arps imap3 220/tcp # interactive mail access, interactive mail access protocol v3 imap3 220/udp # protocol v3, interactive mail access protocol v3 fln-spx 221/tcp # berkeley rlogind with spx auth fln-spx 221/udp # berkeley rlogind with spx auth rsh-spx 222/tcp # berkeley rshd with spx auth rsh-spx 222/udp # berkeley rshd with spx auth cdc 223/tcp # certificate distribution center cdc 223/udp # certificate distribution center direct 242/tcp # direct direct 242/udp # direct sur-meas 243/tcp # survey measurement sur-meas 243/udp # survey measurement dayna 244/tcp # dayna dayna 244/udp # dayna link 245/tcp # link link 245/udp # link dsp3270 246/tcp # display systems protocol dsp3270 246/udp # display systems protocol subntbcst_tftp 247/tcp # subntbcst_tftp subntbcst_tftp 247/udp # subntbcst_tftp bhfhs 248/tcp # bhfhs bhfhs 248/udp # bhfhs rap 256/tcp # rap rap 256/udp # rap set 257/tcp # secure electronic transaction set 257/udp # secure electronic transaction yak-chat 258/tcp # yak winsock personal chat yak-chat 258/udp # yak winsock personal chat esro-gen 259/tcp # efficient short remote operations esro-gen 259/udp # efficient short remote operations openport 260/tcp # openport openport 260/udp # openport nsiiops 261/tcp # iiop name service over tls/ssl nsiiops 261/udp # iiop name service over tls/ssl arcisdms 262/tcp # arcisdms arcisdms 262/udp # arcisdms hdap 263/tcp # hdap hdap 263/udp # hdap bgmp 264/tcp # bgmp bgmp 264/udp # bgmp http-mgmt 280/tcp # http-mgmt http-mgmt 280/udp # http-mgmt personal-link 281/tcp # personal link personal-link 281/udp # personal link cableport-ax 282/tcp # cable port a/x cableport-ax 282/udp # cable port a/x novastorbakcup 308/tcp # novastor backup novastorbakcup 308/udp # novastor backup entrusttime 309/tcp # entrusttime entrusttime 309/udp # entrusttime bhmds 310/tcp # bhmds bhmds 310/udp # bhmds asip-webadmin 311/tcp # appleshare ip webadmin asip-webadmin 311/udp # appleshare ip webadmin vslmp 312/tcp # vslmp vslmp 312/udp # vslmp magenta-logic 313/tcp # magenta logic magenta-logic 313/udp # magenta logic opalis-robot 314/tcp # opalis robot opalis-robot 314/udp # opalis robot dpsi 315/tcp # dpsi dpsi 315/udp # dpsi decauth 316/tcp # decauth decauth 316/udp # decauth zannet 317/tcp # zannet zannet 317/udp # zannet pip 321/tcp # pip pip 321/udp # pip pdap 344/tcp # prospero data access protocol pdap 344/udp # prospero data access protocol pawserv 345/tcp # perf analysis workbench pawserv 345/udp # perf analysis workbench zserv 346/tcp # zebra server zserv 346/udp # zebra server fatserv 347/tcp # fatmen server fatserv 347/udp # fatmen server csi-sgwp 348/tcp # cabletron management protocol csi-sgwp 348/udp # cabletron management protocol mftp 349/tcp # mftp mftp 349/udp # mftp matip-type-a 350/tcp # matip type a matip-type-a 350/udp # matip type a matip-type-b 351/tcp bhoetty # bhoetty (added 5/21/97), unassigned but widespread use, matip type b or bhoetty, matip type b matip-type-b 351/udp bhoetty # unassigned but widespread use, matip type b or bhoetty, bhoetty, matip type b dtag-ste-sb 352/tcp bhoedap4 # dtag, bhoedap4 (added 5/21/97), unassigned but widespread use, dtag, or bhoedap4, dtag (assigned long ago) dtag-ste-sb 352/udp bhoedap4 # dtag, unassigned but widespread use, dtag, or bhoedap4, bhoedap4 ndsauth 353/tcp # ndsauth ndsauth 353/udp # ndsauth bh611 354/tcp # bh611 bh611 354/udp # bh611 datex-asn 355/tcp # datex-asn datex-asn 355/udp # datex-asn cloanto-net-1 356/tcp # cloanto net 1 cloanto-net-1 356/udp # cloanto net 1 bhevent 357/tcp # bhevent bhevent 357/udp # bhevent shrinkwrap 358/tcp # shrinkwrap shrinkwrap 358/udp # shrinkwrap tenebris_nts 359/tcp # tenebris network trace service tenebris_nts 359/udp # tenebris network trace service scoi2odialog 360/tcp # scoi2odialog scoi2odialog 360/udp # scoi2odialog semantix 361/tcp # semantix semantix 361/udp # semantix srssend 362/tcp # srs send srssend 362/udp # srs send rsvp_tunnel 363/tcp # rsvp tunnel rsvp_tunnel 363/udp # rsvp tunnel aurora-cmgr 364/tcp # aurora cmgr aurora-cmgr 364/udp # aurora cmgr dtk 365/tcp # deception tool kit (lame -- see www.all.net), dtk, deception tool kit - fred cohen dtk 365/udp # deception tool kit (lame -- see www.all.net), dtk, deception tool kit - fred cohen odmr 366/tcp # odmr odmr 366/udp # odmr mortgageware 367/tcp # mortgageware mortgageware 367/udp # mortgageware qbikgdp 368/tcp # qbikgdp qbikgdp 368/udp # qbikgdp rpc2portmap 369/tcp # rpc2portmap rpc2portmap 369/udp # rpc2portmap codaauth2 370/tcp # codaauth2 codaauth2 370/udp # codaauth2 clearcase 371/tcp # clearcase clearcase 371/udp # clearcase ulistproc 372/tcp ulistserv ulistproc # unix listserv, listprocessor ulistproc 372/udp ulistserv ulistproc # unix listserv, listprocessor legent-1 373/tcp # legent corporation (now computer associates intl.), legent corporation legent-1 373/udp # legent corporation (now computer associates intl.), legent corporation legent-2 374/tcp # legent corporation (now computer associates intl.), legent corporation legent-2 374/udp # legent corporation (now computer associates intl.), legent corporation hassle 375/tcp # hassle hassle 375/udp # hassle nip 376/tcp # amiga envoy net inquiry prot., amiga envoy network inquiry proto nip 376/udp # amiga envoy net inquiry prot., amiga envoy network inquiry proto tnETOS 377/tcp # nec corporation tnETOS 377/udp # nec corporation dsETOS 378/tcp # nec corporation dsETOS 378/udp # nec corporation is99c 379/tcp # tia/eia/is-99 modem client is99c 379/udp # tia/eia/is-99 modem client is99s 380/tcp # tia/eia/is-99 modem server is99s 380/udp # tia/eia/is-99 modem server hp-collector 381/tcp # hp performance data collector hp-collector 381/udp # hp performance data collector hp-managed-node 382/tcp # hp performance data managed node hp-managed-node 382/udp # hp performance data managed node hp-alarm-mgr 383/tcp # hp performance data alarm manager hp-alarm-mgr 383/udp # hp performance data alarm manager arns 384/tcp # a remote network server system arns 384/udp # a remote network server system ibm-app 385/tcp # ibm application ibm-app 385/udp # ibm application asa 386/tcp # asa message router object def. asa 386/udp # asa message router object def. aurp 387/tcp # appletalk update-based routing pro. aurp 387/udp # appletalk update-based routing pro. unidata-ldm 388/tcp # unidata ldm version 4 unidata-ldm 388/udp # unidata ldm version 4 ldap 389/tcp # lightweight directory access protocol ldap 389/udp # lightweight directory access protocol uis 390/tcp # uis uis 390/udp # uis synotics-relay 391/tcp # synoptics snmp relay port synotics-relay 391/udp # synoptics snmp relay port synotics-broker 392/tcp # synoptics port broker port synotics-broker 392/udp # synoptics port broker port dis 393/tcp # data interpretation system dis 393/udp # data interpretation system embl-ndt 394/tcp # embl nucleic data transfer embl-ndt 394/udp # embl nucleic data transfer netcp 395/tcp # netscout control protocol netcp 395/udp # netscout control protocol netware-ip 396/tcp # novell netware over ip netware-ip 396/udp # novell netware over ip mptn 397/tcp # multi protocol trans. net. mptn 397/udp # multi protocol trans. net. kryptolan 398/tcp # kryptolan kryptolan 398/udp # kryptolan iso-tsap-c2 399/tcp # iso-tsap class 2, iso transport class 2 non-control over tcp iso-tsap-c2 399/udp # iso-tsap class 2, iso transport class 2 non-control over tcp work-sol 400/tcp # workstation solutions work-sol 400/udp # workstation solutions ups 401/tcp # uninterruptible power supply ups 401/udp # uninterruptible power supply genie 402/tcp # genie protocol genie 402/udp # genie protocol decap 403/tcp # decap decap 403/udp # decap nced 404/tcp # nced nced 404/udp # nced ncld 405/tcp # ncld ncld 405/udp # ncld imsp 406/tcp # interactive mail support protocol imsp 406/udp # interactive mail support protocol timbuktu 407/tcp # timbuktu timbuktu 407/udp # timbuktu prm-sm 408/tcp # prospero resource manager sys. man. prm-sm 408/udp # prospero resource manager sys. man. prm-nm 409/tcp # prospero resource manager node man. prm-nm 409/udp # prospero resource manager node man. decladebug 410/tcp # decladebug remote debug protocol decladebug 410/udp # decladebug remote debug protocol rmt 411/tcp # remote mt protocol rmt 411/udp # remote mt protocol synoptics-trap 412/tcp # trap convention port synoptics-trap 412/udp # trap convention port smsp 413/tcp # smsp smsp 413/udp # smsp infoseek 414/tcp # infoseek infoseek 414/udp # infoseek bnet 415/tcp # bnet bnet 415/udp # bnet silverplatter 416/tcp # silverplatter silverplatter 416/udp # silverplatter onmux 417/tcp # onmux onmux 417/udp # onmux hyper-g 418/tcp # hyper-g hyper-g 418/udp # hyper-g ariel1 419/tcp # ariel ariel1 419/udp # ariel smpte 420/tcp # smpte smpte 420/udp # smpte ariel2 421/tcp # ariel ariel2 421/udp # ariel ariel3 422/tcp # ariel ariel3 422/udp # ariel opc-job-start 423/tcp # ibm operations planning and control start opc-job-start 423/udp # ibm operations planning and control start opc-job-track 424/tcp # ibm operations planning and control track opc-job-track 424/udp # ibm operations planning and control track icad-el 425/tcp # icad icad-el 425/udp # icad smartsdp 426/tcp # smartsdp smartsdp 426/udp # smartsdp svrloc 427/tcp # server location svrloc 427/udp # server location ocs_cmu 428/tcp # ocs_cmu ocs_cmu 428/udp # ocs_cmu ocs_amu 429/tcp # ocs_amu ocs_amu 429/udp # ocs_amu utmpsd 430/tcp # utmpsd utmpsd 430/udp # utmpsd utmpcd 431/tcp # utmpcd utmpcd 431/udp # utmpcd iasd 432/tcp # iasd iasd 432/udp # iasd nnsp 433/tcp usenet # network news transfer, usenet, network news transfer, nnsp nnsp 433/udp # nnsp mobileip-agent 434/tcp # mobileip-agent mobileip-agent 434/udp # mobileip-agent mobilip-mn 435/tcp # mobilip-mn mobilip-mn 435/udp # mobilip-mn dna-cml 436/tcp # dna-cml dna-cml 436/udp # dna-cml comscm 437/tcp # comscm comscm 437/udp # comscm dsfgw 438/tcp # dsfgw dsfgw 438/udp # dsfgw dasp 439/tcp # dasp thomas obermair dasp 439/udp # dasp tommy@inlab.m.eunet.de sgcp 440/tcp # sgcp sgcp 440/udp # sgcp decvms-sysmgt 441/tcp # decvms-sysmgt decvms-sysmgt 441/udp # decvms-sysmgt cvc_hostd 442/tcp # cvc_hostd cvc_hostd 442/udp # cvc_hostd https 443/tcp # secure http (ssl), http protocol over tls/ssl https 443/udp # http protocol over tls/ssl snpp 444/tcp # simple network paging protocol snpp 444/udp # simple network paging protocol microsoft-ds 445/tcp # microsoft-ds microsoft-ds 445/udp # microsoft-ds ddm-rdb 446/tcp # ddm-rdb ddm-rdb 446/udp # ddm-rdb ddm-dfm 447/tcp # ddm-rfm ddm-dfm 447/udp # ddm-rfm ddm-ssl 448/tcp ddm-byte # ddm-ssl, ddm-byte ddm-ssl 448/udp ddm-byte # ddm-ssl, ddm-byte as-servermap 449/tcp # as server mapper as-servermap 449/udp # as server mapper tserver 450/tcp # tserver tserver 450/udp # tserver sfs-smp-net 451/tcp # cray network semaphore server sfs-smp-net 451/udp # cray network semaphore server sfs-config 452/tcp # cray sfs config server sfs-config 452/udp # cray sfs config server creativeserver 453/tcp # creativeserver creativeserver 453/udp # creativeserver contentserver 454/tcp # contentserver contentserver 454/udp # contentserver creativepartnr 455/tcp # creativepartnr creativepartnr 455/udp # creativepartnr macon-tcp 456/tcp # macon-tcp macon-udp 456/udp # macon-udp scohelp 457/tcp # scohelp scohelp 457/udp # scohelp appleqtc 458/tcp # apple quick time appleqtc 458/udp # apple quick time ampr-rcmd 459/tcp # ampr-rcmd ampr-rcmd 459/udp # ampr-rcmd skronk 460/tcp # skronk skronk 460/udp # skronk datasurfsrv 461/tcp # datarampsrv datasurfsrv 461/udp # datarampsrv datasurfsrvsec 462/tcp # datarampsrvsec datasurfsrvsec 462/udp # datarampsrvsec alpes 463/tcp # alpes alpes 463/udp # alpes kpasswd 464/tcp kpasswd5 # kerberos (v5), kpasswd kpasswd 464/udp kpasswd5 # kerberos (v5), kpasswd smtps 465/tcp # smtp protocol over tls/ssl (was ssmtp) smtps 465/udp # smtp protocol over tls/ssl (was ssmtp) digital-vrc 466/tcp # digital-vrc digital-vrc 466/udp # digital-vrc mylex-mapd 467/tcp # mylex-mapd mylex-mapd 467/udp # mylex-mapd photuris 468/tcp # proturis, photuris key management photuris 468/udp # proturis rcp 469/tcp # radio control protocol rcp 469/udp # radio control protocol scx-proxy 470/tcp # scx-proxy scx-proxy 470/udp # scx-proxy mondex 471/tcp # mondex mondex 471/udp # mondex ljk-login 472/tcp # ljk-login ljk-login 472/udp # ljk-login hybrid-pop 473/tcp # hybrid-pop hybrid-pop 473/udp # hybrid-pop tn-tl-w1 474/tcp # tn-tl-w1 tn-tl-w2 474/udp # tn-tl-w2 tcpnethaspsrv 475/tcp # tcpnethaspsrv tcpnethaspsrv 475/udp # tcpnethaspsrv tn-tl-fd1 476/tcp # tn-tl-fd1 tn-tl-fd1 476/udp # tn-tl-fd1 ss7ns 477/tcp # ss7ns ss7ns 477/udp # ss7ns spsc 478/tcp # spsc spsc 478/udp # spsc iafserver 479/tcp # iafserver iafserver 479/udp # iafserver iafdbase 480/tcp loadsrv # iafdbase iafdbase 480/udp # iafdbase ph 481/tcp dvs # ph service ph 481/udp # ph service bgs-nsi 482/tcp # bgs-nsi bgs-nsi 482/udp xlog # bgs-nsi ulpnet 483/tcp # ulpnet ulpnet 483/udp # ulpnet integra-sme 484/tcp # integra software management environment integra-sme 484/udp # integra software management environment powerburst 485/tcp # air soft power burst powerburst 485/udp # air soft power burst avian 486/tcp sstats # avian avian 486/udp # avian saft 487/tcp # saft simple asynchronous file transfer saft 487/udp # saft simple asynchronous file transfer gss-http 488/tcp # gss-http gss-http 488/udp # gss-http nest-protocol 489/tcp # nest-protocol nest-protocol 489/udp # nest-protocol micom-pfs 490/tcp # micom-pfs micom-pfs 490/udp # micom-pfs go-login 491/tcp # go-login go-login 491/udp # go-login ticf-1 492/tcp # transport independent convergence for fna ticf-1 492/udp # transport independent convergence for fna ticf-2 493/tcp # transport independent convergence for fna ticf-2 493/udp # transport independent convergence for fna pov-ray 494/tcp # pov-ray pov-ray 494/udp # pov-ray intecourier 495/tcp # intecourier intecourier 495/udp # intecourier pim-rp-disc 496/tcp # pim-rp-disc pim-rp-disc 496/udp # pim-rp-disc dantz 497/tcp # dantz dantz 497/udp # dantz siam 498/tcp # siam siam 498/udp # siam iso-ill 499/tcp # iso ill protocol iso-ill 499/udp # iso ill protocol isakmp 500/tcp # isakmp isakmp 500/udp # isakmp key management, isakmp stmf 501/tcp # stmf stmf 501/udp # stmf asa-appl-proto 502/tcp # asa-appl-proto asa-appl-proto 502/udp # asa-appl-proto intrinsa 503/tcp # intrinsa intrinsa 503/udp # intrinsa citadel 504/tcp # citadel citadel 504/udp # citadel mailbox-lm 505/tcp # mailbox-lm mailbox-lm 505/udp # mailbox-lm ohimsrv 506/tcp # ohimsrv ohimsrv 506/udp # ohimsrv crs 507/tcp # crs crs 507/udp # crs xvttp 508/tcp # xvttp xvttp 508/udp # xvttp snare 509/tcp # snare snare 509/udp # snare fcp 510/tcp # firstclass protocol fcp 510/udp # firstclass protocol passgo 511/tcp # passgo passgo 511/udp # passgo exec 512/tcp # remote execution, remote process execution;, bsd rexecd(8) comsat 512/udp comsat biff # biff the dog, used by mail system to notify users, comsat login 513/tcp # bsd rlogind(8), remote login a la telnet;, remote login who 513/udp whod # remote who, maintains data bases showing who's, bsd rwhod(8) shell 514/tcp cmd # like exec, but automatic, bsd rshd(8), remote command shell, no passwords used, cmd syslog 514/udp # system logger, bsd syslogd(8) printer 515/tcp spooler # line printer spooler, spooler, spooler (lpd) printer 515/udp spooler # spooler, spooler (lpd) videotex 516/tcp # videotex videotex 516/udp # videotex talk 517/tcp # like tenex link, but across talk 517/udp # talk protocols, like tenex link, but across, bsd talkd(8) ntalk 518/tcp # (talkd) ntalk 518/udp # (talkd) utime 519/tcp unixtime # unixtime utime 519/udp unixtime # unixtime efs 520/tcp # extended file name server router 520/udp router routed route # local routing process (on site);, router routed -- rip, rip ripng 521/tcp efs # ripng, extended file name server ripng 521/udp # ripng ulp 522/tcp # ulp ulp 522/udp # ulp ibm-db2 523/tcp # ibm-db2 ibm-db2 523/udp # ibm-db2 ncp 524/tcp # ncp ncp 524/udp # ncp timed 525/tcp timeserver # timeserver timed 525/udp timeserver # timeserver tempo 526/tcp newdate # newdate tempo 526/udp newdate # newdate stx 527/tcp # stock ixchange stx 527/udp # stock ixchange custix 528/tcp # customer ixchange custix 528/udp # customer ixchange irc-serv 529/tcp # irc-serv irc-serv 529/udp # irc-serv courier 530/tcp rpc # rpc, experimental courier 530/udp rpc # rpc conference 531/tcp chat # chat conference 531/udp chat # chat netnews 532/tcp readnews # readnews netnews 532/udp readnews # readnews netwall 533/tcp # for emergency broadcasts netwall 533/udp # -for emergency broadcasts, for emergency broadcasts mm-admin 534/tcp # megamedia admin mm-admin 534/udp # megamedia admin iiop 535/tcp # iiop iiop 535/udp # iiop opalis-rdv 536/tcp # opalis-rdv opalis-rdv 536/udp # opalis-rdv nmsp 537/tcp # networked media streaming protocol nmsp 537/udp # networked media streaming protocol gdomap 538/tcp # gdomap gdomap 538/udp # gdomap apertus-ldp 539/tcp # apertus technologies load determination apertus-ldp 539/udp # apertus technologies load determination uucp 540/tcp uucpd # uucp daemon, uucpd uucp 540/udp uucpd # uucpd uucp-rlogin 541/tcp rdistd rdist # rdist daemon, uucp-rlogin uucp-rlogin 541/udp # uucp-rlogin commerce 542/tcp # commerce commerce 542/udp # commerce klogin 543/tcp # kerberos (v4/v5), kerberos authenticated rlogin, kerberized `rlogin' (v5), kerberos `rlogin' klogin 543/udp # kerberos (v4/v5) kshell 544/tcp krcmd # kerberos `rsh', krcmd, kerberos (v4/v5), krcmd kerberos (v4/v5), kerberized `rsh' (v5), and remote shell kshell 544/udp krcmd # krcmd, kerberos (v4/v5), krcmd kerberos (v4/v5) appleqtcsrvr 545/tcp ekshell # kerberos encrypted remote shell -kfall, appleqtcsrvr appleqtcsrvr 545/udp # appleqtcsrvr dhcpv6-client 546/tcp # dhcpv6 client dhcpv6-client 546/udp # dhcpv6 client dhcpv6-server 547/tcp # dhcpv6 server dhcpv6-server 547/udp # dhcpv6 server afpovertcp 548/tcp # appleshareip protocol, afp over tcp afpovertcp 548/udp # appleshareip protocol, afp over tcp idfp 549/tcp # idfp idfp 549/udp # idfp new-rwho 550/tcp new-who # new-who new-rwho 550/udp new-who # new-who, experimental cybercash 551/tcp # cybercash cybercash 551/udp # cybercash deviceshare 552/tcp # deviceshare deviceshare 552/udp # deviceshare pirp 553/tcp # pirp pirp 553/udp # pirp rtsp 554/tcp # real time stream control protocol rtsp 554/udp # real time stream control protocol dsf 555/tcp dsf 555/udp remotefs 556/tcp rfs_server rfs # rfs server, brunhoff remote filesystem, rfs, rfs_server, brunhoff remote filesystem remotefs 556/udp rfs_server rfs # rfs server, brunhoff remote filesystem, rfs, rfs_server, brunhoff remote filesystem openvms-sysipc 557/tcp # openvms-sysipc openvms-sysipc 557/udp # openvms-sysipc sdnskmp 558/tcp # sdnskmp sdnskmp 558/udp # sdnskmp teedtap 559/tcp # teedtap teedtap 559/udp # teedtap rmonitor 560/tcp rmonitord # rmonitord rmonitor 560/udp rmonitord # experimental, rmonitord monitor 561/tcp monitor 561/udp # experimental chshell 562/tcp chcmd # chcmd chshell 562/udp chcmd # chcmd nntps 563/tcp snews snntp # nntp protocol over tls/ssl (was snntp), nntp protocol over tls/ssl nntps 563/udp snews snntp # nntp protocol over tls/ssl (was snntp), nntp protocol over tls/ssl 9pfs 564/tcp # plan 9 file service 9pfs 564/udp # plan 9 file service whoami 565/tcp # whoami whoami 565/udp # whoami streettalk 566/tcp # streettalk streettalk 566/udp # streettalk banyan-rpc 567/tcp # banyan-rpc banyan-rpc 567/udp # banyan-rpc ms-shuttle 568/tcp # microsoft shuttle ms-shuttle 568/udp # microsoft shuttle ms-rome 569/tcp # microsoft rome ms-rome 569/udp # microsoft rome meter 570/tcp # demon meter 570/udp # demon meter 571/tcp umeter # udemon meter 571/udp umeter # udemon sonar 572/tcp # sonar sonar 572/udp # sonar banyan-vip 573/tcp # banyan-vip banyan-vip 573/udp # banyan-vip ftp-agent 574/tcp # ftp software agent system ftp-agent 574/udp # ftp software agent system vemmi 575/tcp # vemmi vemmi 575/udp # vemmi ipcd 576/tcp # ipcd ipcd 576/udp # ipcd vnas 577/tcp # vnas vnas 577/udp # vnas ipdd 578/tcp # ipdd ipdd 578/udp # ipdd decbsrv 579/tcp # decbsrv decbsrv 579/udp # decbsrv sntp-heartbeat 580/tcp # sntp heartbeat sntp-heartbeat 580/udp # sntp heartbeat bdp 581/tcp # bundle discovery protocol bdp 581/udp # bundle discovery protocol scc-security 582/tcp # scc security scc-security 582/udp # scc security philips-vc 583/tcp # philips video-conferencing philips-vc 583/udp # philips video-conferencing keyserver 584/tcp # key server keyserver 584/udp # key server imap4-ssl 585/tcp # imap4+ssl (use of 585 is not recommended,, imap4+ssl (use 993 instead) imap4-ssl 585/udp # use 993 instead), imap4+ssl (use 993 instead) password-chg 586/tcp # password change password-chg 586/udp # password change submission 587/tcp # submission submission 587/udp # submission cal 588/tcp # cal cal 588/udp # cal eyelink 589/tcp # eyelink eyelink 589/udp # eyelink tns-cml 590/tcp # tns cml tns-cml 590/udp # tns cml http-alt 591/tcp # filemaker, inc. - http alternate, filemaker, inc. - http alternate (see port 80) http-alt 591/udp # filemaker, inc. - http alternate, filemaker, inc. - http alternate (see port 80) eudora-set 592/tcp # eudora set eudora-set 592/udp # eudora set http-rpc-epmap 593/tcp # http rpc ep map http-rpc-epmap 593/udp # http rpc ep map tpip 594/tcp # tpip tpip 594/udp # tpip cab-protocol 595/tcp # cab protocol cab-protocol 595/udp # cab protocol smsd 596/tcp # smsd smsd 596/udp # smsd ptcnameservice 597/tcp # ptc name service ptcnameservice 597/udp # ptc name service sco-websrvrmg3 598/tcp # sco web server manager 3 sco-websrvrmg3 598/udp # sco web server manager 3 acp 599/tcp # aeolon core protocol acp 599/udp # aeolon core protocol ipcserver 600/tcp pcserver # sun ipc server, ecd integrated pc board srvr ipcserver 600/udp # sun ipc server urm 606/tcp # cray unified resource manager urm 606/udp # cray unified resource manager nqs 607/tcp # nqs nqs 607/udp # nqs sift-uft 608/tcp # sender-initiated/unsolicited file transfer sift-uft 608/udp # sender-initiated/unsolicited file transfer npmp-trap 609/tcp # npmp-trap npmp-trap 609/udp # npmp-trap npmp-local 610/tcp # npmp-local npmp-local 610/udp # npmp-local npmp-gui 611/tcp # npmp-gui npmp-gui 611/udp # npmp-gui hmmp-ind 612/tcp # hmmp indication hmmp-ind 612/udp # hmmp indication hmmp-op 613/tcp # hmmp operation hmmp-op 613/udp # hmmp operation sshell 614/tcp # sslshell sshell 614/udp # sslshell sco-inetmgr 615/tcp # internet configuration manager sco-inetmgr 615/udp # internet configuration manager sco-sysmgr 616/tcp # sco system administration server sco-sysmgr 616/udp # sco system administration server sco-dtmgr 617/tcp # sco desktop administration server sco-dtmgr 617/udp # sco desktop administration server dei-icda 618/tcp # dei-icda dei-icda 618/udp # dei-icda digital-evm 619/tcp # digital evm digital-evm 619/udp # digital evm sco-websrvrmgr 620/tcp # sco webserver manager sco-websrvrmgr 620/udp # sco webserver manager escp-ip 621/tcp # escp escp-ip 621/udp # escp collaborator 622/tcp # collaborator collaborator 622/udp # collaborator aux_bus_shunt 623/tcp # aux bus shunt aux_bus_shunt 623/udp # aux bus shunt cryptoadmin 624/tcp # crypto admin cryptoadmin 624/udp # crypto admin dec_dlm 625/tcp # dec dlm dec_dlm 625/udp # dec dlm asia 626/tcp # asia asia 626/udp # asia passgo-tivoli 627/tcp # passgo tivoli passgo-tivoli 627/udp # passgo tivoli qmqp 628/tcp # qmqp qmqp 628/udp # qmqp 3com-amp3 629/tcp # 3com amp3 3com-amp3 629/udp # 3com amp3 rda 630/tcp # rda rda 630/udp # rda ipp 631/tcp # ipp (internet printing protocol) ipp 631/udp # ipp (internet printing protocol) bmpp 632/tcp # bmpp bmpp 632/udp # bmpp servstat 633/tcp # service status update (sterling software) servstat 633/udp # service status update (sterling software) ginad 634/tcp # ginad ginad 634/udp # ginad rlzdbase 635/tcp # rlz dbase rlzdbase 635/udp mount # nfs mount service, rlz dbase ldaps 636/tcp # ldap protocol over tls/ssl (was sldap) ldaps 636/udp # ldap protocol over tls/ssl (was sldap) lanserver 637/tcp # lanserver lanserver 637/udp # lanserver mcns-sec 638/tcp # mcns-sec mcns-sec 638/udp # mcns-sec msdp 639/tcp # msdp msdp 639/udp # msdp entrust-sps 640/tcp # entrust-sps entrust-sps 640/udp pcnfs # entrust-sps, pc-nfs dos authentication repcmd 641/tcp # repcmd repcmd 641/udp # repcmd esro-emsdp 642/tcp # esro-emsdp v1.3 esro-emsdp 642/udp # esro-emsdp v1.3 sanity 643/tcp # sanity sanity 643/udp # sanity dwr 644/tcp # dwr dwr 644/udp # dwr pssc 645/tcp # pssc pssc 645/udp # pssc ldp 646/tcp # ldp ldp 646/udp # ldp dhcp-failover 647/tcp # dhcp failover dhcp-failover 647/udp # dhcp failover rrp 648/tcp # registry registrar protocol (rrp) rrp 648/udp # registry registrar protocol (rrp) aminet 649/tcp # aminet aminet 649/udp # aminet obex 650/tcp # obex obex 650/udp bwnfs # bw-nfs dos authentication, obex ieee-mms 651/tcp # ieee mms ieee-mms 651/udp # ieee mms udlr-dtcp 652/tcp # udlr_dtcp udlr-dtcp 652/udp # udlr_dtcp mdqs 666/tcp doom # doom id software mdqs 666/udp doom # doom id software disclose 667/tcp # campaign contribution disclosures - sdr technologies disclose 667/udp # campaign contribution disclosures - sdr technologies mecomm 668/tcp # mecomm mecomm 668/udp # mecomm meregister 669/tcp # meregister meregister 669/udp # meregister vacdsm-sws 670/tcp # vacdsm-sws vacdsm-sws 670/udp # vacdsm-sws vacdsm-app 671/tcp # vacdsm-app vacdsm-app 671/udp # vacdsm-app vpps-qua 672/tcp # vpps-qua vpps-qua 672/udp # vpps-qua cimplex 673/tcp # cimplex cimplex 673/udp # cimplex acap 674/tcp # acap acap 674/udp # acap dctp 675/tcp # dctp dctp 675/udp # dctp vpps-via 676/tcp # vpps via vpps-via 676/udp # vpps via vpp 677/tcp # virtual presence protocol vpp 677/udp # virtual presence protocol ggf-ncp 678/tcp # gnu gereration foundation ncp ggf-ncp 678/udp # gnu generation foundation ncp mrm 679/tcp # mrm mrm 679/udp # mrm entrust-aaas 680/tcp # entrust-aaas entrust-aaas 680/udp # entrust-aaas entrust-aams 681/tcp # entrust-aams entrust-aams 681/udp # entrust-aams xfr 682/tcp # xfr xfr 682/udp # xfr corba-iiop 683/tcp # corba iiop corba-iiop 683/udp # corba iiop corba-iiop-ssl 684/tcp # corba iiop ssl corba-iiop-ssl 684/udp # corba iiop ssl mdc-portmapper 685/tcp # mdc port mapper mdc-portmapper 685/udp # mdc port mapper hcp-wismar 686/tcp # hardware control protocol wismar hcp-wismar 686/udp # hardware control protocol wismar asipregistry 687/tcp # asipregistry asipregistry 687/udp # asipregistry elcsd 704/tcp # errlog copy/server daemon elcsd 704/udp # errlog copy/server daemon agentx 705/tcp # agentx agentx 705/udp # agentx borland-dsj 707/tcp # borland dsj borland-dsj 707/udp # borland dsj entrust-kmsh 709/tcp entrustmanager # entrustmanager - nortel des auth network see 389/tcp, entrustmanager, entrust key management service handler entrust-kmsh 709/udp entrustmanager # entrustmanager - nortel des auth network see 389/tcp, entrustmanager, entrust key management service handler entrust-ash 710/tcp # entrust administration service handler entrust-ash 710/udp # entrust administration service handler cisco-tdp 711/tcp # cisco tdp cisco-tdp 711/udp # cisco tdp netviewdm1 729/tcp # ibm netview dm/6000 server/client netviewdm1 729/udp # ibm netview dm/6000 server/client netviewdm2 730/tcp # ibm netview dm/6000 send/tcp netviewdm2 730/udp # ibm netview dm/6000 send/tcp netviewdm3 731/tcp # ibm netview dm/6000 receive/tcp netviewdm3 731/udp # ibm netview dm/6000 receive/tcp netcp 740/tcp # netscout control protocol netcp 740/udp # netscout control protocol netgw 741/tcp # netgw netgw 741/udp # netgw netrcs 742/tcp # network based rev. cont. sys. netrcs 742/udp # network based rev. cont. sys. flexlm 744/tcp # flexible license manager flexlm 744/udp # flexible license manager fujitsu-dev 747/tcp # fujitsu device control fujitsu-dev 747/udp # fujitsu device control ris-cm 748/tcp # russell info sci calendar manager ris-cm 748/udp # russell info sci calendar manager kerberos-adm 749/tcp # kerberos administration, kerberos `kadmin' (v5), kerberos 5 admin/changepw kerberos-adm 749/udp # kerberos administration, kerberos 5 admin/changepw rfile 750/tcp kerberos4 kerberos-iv kdc kerberos # kerberos (v4), kdc kerberos (v4), kerberos (server) tcp, kerberos key server, kerberos authentication--tdp loadav 750/udp kerberos4 kerberos-iv kdc kerberos # kerberos authentication--udp, kerberos (v4), kdc kerberos (v4), kerberos version iv, kerberos key server, kerberos (server) udp pump 751/tcp kerberos_master kerberos-master # kerberos `kadmin' (v4), kerberos admin server tcp, kerberos authentication pump 751/udp kerberos_master kerberos-master # kerberos `kadmin' (v4), kerberos authentication, kerberos admin server udp qrh 752/tcp qrh 752/udp rrh 753/tcp rrh 753/udp tell 754/tcp krb5_prop krb_prop # kerberos/v5 server propagation, send, kerberos slave propagation tell 754/udp # send nlogin 758/tcp nlogin 758/udp con 759/tcp con 759/udp ns 760/tcp kreg krbupdate # kerberos registration, bsd kerberos registration, kerberos (v4) registration, kreg kerberos (v4) registration ns 760/udp rxe 761/tcp kpasswd kpwd # kerberos "passwd", kpwd kerberos (v4) "passwd", kerberos (v4) "passwd", bsd kerberos `passwd' rxe 761/udp quotad 762/tcp quotad 762/udp cycleserv 763/tcp cycleserv 763/udp omserv 764/tcp omserv 764/udp webster 765/tcp # network dictionary webster 765/udp phonebook 767/tcp # phone phonebook 767/udp # phone vid 769/tcp vid 769/udp cadlock 770/tcp cadlock 770/udp rtip 771/tcp rtip 771/udp cycleserv2 772/tcp cycleserv2 772/udp submit 773/tcp notify 773/udp rpasswd 774/tcp acmaint_dbd 774/udp entomb 775/tcp acmaint_transd 775/udp wpages 776/tcp wpages 776/udp multiling-http 777/tcp # multiling http multiling-http 777/udp # multiling http wpgs 780/tcp wpgs 780/udp hp-collector 781/tcp # hp performance data collector hp-collector 781/udp # hp performance data collector hp-managed-node 782/tcp # hp performance data managed node hp-managed-node 782/udp # hp performance data managed node hp-alarm-mgr 783/tcp # hp performance data alarm manager hp-alarm-mgr 783/udp # hp performance data alarm manager concert 786/tcp # concert concert 786/udp # concert qsc 787/tcp # qsc qsc 787/udp # qsc mdbs_daemon 800/tcp mdbs_daemon 800/udp device 801/tcp device 801/udp fcp-udp 810/tcp # fcp fcp-udp 810/udp # fcp datagram itm-mcell-s 828/tcp # itm-mcell-s itm-mcell-s 828/udp # itm-mcell-s pkix-3-ca-ra 829/tcp # pkix-3 ca/ra pkix-3-ca-ra 829/udp # pkix-3 ca/ra supfilesrv 871/tcp # sup server, for sup rsync 873/tcp # rsync server, rsync rsync 873/udp # rsync iclcnet-locate 886/tcp # icl conetion locate server iclcnet-locate 886/udp # icl conetion locate server iclcnet_svinfo 887/tcp # icl conetion server info iclcnet_svinfo 887/udp # icl conetion server info accessbuilder 888/tcp cddb cddbp # accessbuilder, audio cd database, cd database protocol, or audio cd database accessbuilder 888/udp # accessbuilder omginitialrefs 900/tcp # omg initial refs omginitialrefs 900/udp # omg initial refs swat 901/tcp # add swat service used via inetd xact-backup 911/tcp # xact-backup xact-backup 911/udp # xact-backup ftps-data 989/tcp # ftp protocol, data, over tls/ssl ftps-data 989/udp # ftp protocol, data, over tls/ssl ftps 990/tcp # ftp protocol, control, over tls/ssl ftps 990/udp # ftp protocol, control, over tls/ssl nas 991/tcp # netnews administration system nas 991/udp # netnews administration system telnets 992/tcp # telnet protocol over tls/ssl telnets 992/udp # telnet protocol over tls/ssl imaps 993/tcp simap # imap over ssl, imap4 protocol over tls/ssl imaps 993/udp # imap4 protocol over tls/ssl ircs 994/tcp # irc protocol over tls/ssl ircs 994/udp # irc protocol over tls/ssl pop3s 995/tcp # pop3 protocol over tls/ssl (was spop3) pop3s 995/udp # pop3 protocol over tls/ssl (was spop3) vsinet 996/tcp xtreelic # vsinet, xtree license server vsinet 996/udp # vsinet maitrd 997/tcp maitrd 997/udp busboy 998/tcp puparp 998/udp garcon 999/tcp puprouter applix 999/udp puprouter # applix ac cadlock 1000/tcp ock 1000/udp ufsd 1008/tcp ufsd # ufsd # ufs-aware server, ufs-aware server ufsd 1008/udp ufsd surf 1010/tcp # surf surf 1010/udp # surf blackjack 1025/tcp listen # network blackjack, listener rfs remote_file_sharing blackjack 1025/udp # network blackjack nterm 1026/tcp # remote_login network_terminal iad1 1030/tcp # bbn iad iad1 1030/udp # bbn iad iad2 1031/tcp # bbn iad iad2 1031/udp # bbn iad iad3 1032/tcp # bbn iad iad3 1032/udp # bbn iad neod1 1047/tcp # sun's neo object request broker neod1 1047/udp # sun's neo object request broker neod2 1048/tcp # sun's neo object request broker neod2 1048/udp # sun's neo object request broker nim 1058/tcp # nim nim 1058/udp # nim nimreg 1059/tcp # nimreg nimreg 1059/udp # nimreg instl_boots 1067/tcp # installation bootstrap proto. serv. instl_boots 1067/udp # installation bootstrap proto. serv. instl_bootc 1068/tcp # installation bootstrap proto. cli. instl_bootc 1068/udp # installation bootstrap proto. cli. socks 1080/tcp # socks socks 1080/udp # socks ansoft-lm-1 1083/tcp # anasoft license manager ansoft-lm-1 1083/udp # anasoft license manager ansoft-lm-2 1084/tcp # anasoft license manager ansoft-lm-2 1084/udp # anasoft license manager sunclustermgr 1097/tcp # sun cluster manager sunclustermgr 1097/udp # sun cluster manager rmiactivation 1098/tcp # rmi activation rmiactivation 1098/udp # rmi activation rmiregistry 1099/tcp # rmi registry rmiregistry 1099/udp # rmi registry xaudio 1103/tcp # xaserver # x audio server kpop 1109/tcp # pop with kerberos nfsd-status 1110/tcp # cluster status info nfsd-keepalive 1110/udp # client status info lmsocialserver 1111/tcp # lm social server lmsocialserver 1111/udp # lm social server msql 1112/tcp # mini-sql server murray 1123/tcp # murray murray 1123/udp # murray supfiledbg 1127/tcp # sup debugging, for sup nfa 1155/tcp # network file access nfa 1155/udp # network file access health-polling 1161/tcp # health polling health-polling 1161/udp # health polling health-trap 1162/tcp # health trap health-trap 1162/udp # health trap phone 1167/udp # conference calling skkserv 1178/tcp # skk (kanji input) mc-client 1180/tcp # millicent client proxy mc-client 1180/udp # millicent client proxy lupa 1212/tcp # lupa lupa 1212/udp # lupa nerv 1222/tcp # sni r&d network nerv 1222/udp # sni r&d network search-agent 1234/tcp # infoseek search agent search-agent 1234/udp # infoseek search agent nmsd 1239/tcp # nmsd nmsd 1239/udp # nmsd msg 1241/tcp # remote message server hermes 1248/tcp hermes 1248/udp h323hostcallsc 1300/tcp # h323 host call secure h323hostcallsc 1300/udp # h323 host call secure bmc_patroldb 1313/tcp # bmc_patroldb bmc-patroldb 1313/udp # bmc_patroldb pdps 1314/tcp # photoscript distributed printing system pdps 1314/udp # photoscript distributed printing system pip 1321/tcp # pip pip 1321/udp # pip digital-notary 1335/tcp # digital notary protocol digital-notary 1335/udp # digital notary protocol vpjp 1345/tcp # vpjp vpjp 1345/udp # vpjp alta-ana-lm 1346/tcp # alta analytics license manager alta-ana-lm 1346/udp # alta analytics license manager bbn-mmc 1347/tcp # multi media conferencing bbn-mmc 1347/udp # multi media conferencing bbn-mmx 1348/tcp # multi media conferencing bbn-mmx 1348/udp # multi media conferencing sbook 1349/tcp # registration network protocol sbook 1349/udp # registration network protocol editbench 1350/tcp # registration network protocol editbench 1350/udp # registration network protocol equationbuilder 1351/tcp # digital tool works (mit) equationbuilder 1351/udp # digital tool works (mit) lotusnote 1352/tcp # lotus note lotusnote 1352/udp # lotus note relief 1353/tcp # relief consulting relief 1353/udp # relief consulting rightbrain 1354/tcp # rightbrain software rightbrain 1354/udp # rightbrain software intuitive-edge 1355/tcp # intuitive edge intuitive-edge 1355/udp # intuitive edge cuillamartin 1356/tcp # cuillamartin company cuillamartin 1356/udp # cuillamartin company pegboard 1357/tcp # electronic pegboard pegboard 1357/udp # electronic pegboard connlcli 1358/tcp # connlcli connlcli 1358/udp # connlcli ftsrv 1359/tcp # ftsrv ftsrv 1359/udp # ftsrv mimer 1360/tcp # mimer mimer 1360/udp # mimer linx 1361/tcp # linx linx 1361/udp # linx timeflies 1362/tcp # timeflies timeflies 1362/udp # timeflies ndm-requester 1363/tcp # network datamover requester ndm-requester 1363/udp # network datamover requester ndm-server 1364/tcp # network datamover server ndm-server 1364/udp # network datamover server adapt-sna 1365/tcp # network software associates adapt-sna 1365/udp # network software associates netware-csp 1366/tcp # novell netware comm service platform netware-csp 1366/udp # novell netware comm service platform dcs 1367/tcp # dcs dcs 1367/udp # dcs screencast 1368/tcp # screencast screencast 1368/udp # screencast gv-us 1369/tcp # globalview to unix shell gv-us 1369/udp # globalview to unix shell us-gv 1370/tcp # unix shell to globalview us-gv 1370/udp # unix shell to globalview fc-cli 1371/tcp # fujitsu config protocol fc-cli 1371/udp # fujitsu config protocol fc-ser 1372/tcp # fujitsu config protocol fc-ser 1372/udp # fujitsu config protocol chromagrafx 1373/tcp # chromagrafx chromagrafx 1373/udp # chromagrafx molly 1374/tcp # epi software systems molly 1374/udp # epi software systems bytex 1375/tcp # bytex bytex 1375/udp # bytex ibm-pps 1376/tcp # ibm person to person software ibm-pps 1376/udp # ibm person to person software cichlid 1377/tcp # cichlid license manager cichlid 1377/udp # cichlid license manager elan 1378/tcp # elan license manager elan 1378/udp # elan license manager dbreporter 1379/tcp # integrity solutions dbreporter 1379/udp # integrity solutions telesis-licman 1380/tcp # telesis network license manager telesis-licman 1380/udp # telesis network license manager apple-licman 1381/tcp # apple network license manager apple-licman 1381/udp # apple network license manager udt_os 1382/tcp udt_os 1382/udp gwha 1383/tcp # gw hannaway network license manager gwha 1383/udp # gw hannaway network license manager os-licman 1384/tcp # objective solutions license manager os-licman 1384/udp # objective solutions license manager atex_elmd 1385/tcp # atex publishing license manager atex_elmd 1385/udp # atex publishing license manager checksum 1386/tcp # checksum license manager checksum 1386/udp # checksum license manager cadsi-lm 1387/tcp # computer aided design software inc lm cadsi-lm 1387/udp # computer aided design software inc lm objective-dbc 1388/tcp # objective solutions database cache objective-dbc 1388/udp # objective solutions database cache iclpv-dm 1389/tcp # document manager iclpv-dm 1389/udp # document manager iclpv-sc 1390/tcp # storage controller iclpv-sc 1390/udp # storage controller iclpv-sas 1391/tcp # storage access server iclpv-sas 1391/udp # storage access server iclpv-pm 1392/tcp # print manager iclpv-pm 1392/udp # print manager iclpv-nls 1393/tcp # network log server iclpv-nls 1393/udp # network log server iclpv-nlc 1394/tcp # network log client iclpv-nlc 1394/udp # network log client iclpv-wsm 1395/tcp # pc workstation manager software iclpv-wsm 1395/udp # pc workstation manager software dvl-activemail 1396/tcp # dvl active mail dvl-activemail 1396/udp # dvl active mail audio-activmail 1397/tcp # audio active mail audio-activmail 1397/udp # audio active mail video-activmail 1398/tcp # video active mail video-activmail 1398/udp # video active mail cadkey-licman 1399/tcp # cadkey license manager cadkey-licman 1399/udp # cadkey license manager cadkey-tablet 1400/tcp # cadkey tablet daemon cadkey-tablet 1400/udp # cadkey tablet daemon goldleaf-licman 1401/tcp # goldleaf license manager goldleaf-licman 1401/udp # goldleaf license manager prm-sm-np 1402/tcp # prospero resource manager prm-sm-np 1402/udp # prospero resource manager prm-nm-np 1403/tcp # prospero resource manager prm-nm-np 1403/udp # prospero resource manager igi-lm 1404/tcp # infinite graphics license manager igi-lm 1404/udp # infinite graphics license manager ibm-res 1405/tcp # ibm remote execution starter ibm-res 1405/udp # ibm remote execution starter netlabs-lm 1406/tcp # netlabs license manager netlabs-lm 1406/udp # netlabs license manager dbsa-lm 1407/tcp # dbsa license manager dbsa-lm 1407/udp # dbsa license manager sophia-lm 1408/tcp # sophia license manager sophia-lm 1408/udp # sophia license manager here-lm 1409/tcp # here license manager here-lm 1409/udp # here license manager hiq 1410/tcp # hiq license manager hiq 1410/udp # hiq license manager af 1411/tcp # audiofile af 1411/udp # audiofile innosys 1412/tcp # innosys innosys 1412/udp # innosys innosys-acl 1413/tcp # innosys-acl innosys-acl 1413/udp # innosys-acl ibm-mqseries 1414/tcp # ibm mqseries ibm-mqseries 1414/udp # ibm mqseries dbstar 1415/tcp # dbstar dbstar 1415/udp # dbstar novell-lu6.2 1416/tcp # novell lu6.2 novell-lu6.2 1416/udp # novell lu6.2 timbuktu-srv1 1417/tcp # timbuktu service 1 port timbuktu-srv1 1417/udp # timbuktu service 1 port timbuktu-srv2 1418/tcp # timbuktu service 2 port timbuktu-srv2 1418/udp # timbuktu service 2 port timbuktu-srv3 1419/tcp # timbuktu service 3 port timbuktu-srv3 1419/udp # timbuktu service 3 port timbuktu-srv4 1420/tcp # timbuktu service 4 port timbuktu-srv4 1420/udp # timbuktu service 4 port gandalf-lm 1421/tcp # gandalf license manager gandalf-lm 1421/udp # gandalf license manager autodesk-lm 1422/tcp # autodesk license manager autodesk-lm 1422/udp # autodesk license manager essbase 1423/tcp # essbase arbor software essbase 1423/udp # essbase arbor software hybrid 1424/tcp # hybrid encryption protocol hybrid 1424/udp # hybrid encryption protocol zion-lm 1425/tcp # zion software license manager zion-lm 1425/udp # zion software license manager sais 1426/tcp sas-1 # satellite-data acquisition system 1 sais 1426/udp sas-1 # satellite-data acquisition system 1 mloadd 1427/tcp # mloadd monitoring tool mloadd 1427/udp # mloadd monitoring tool informatik-lm 1428/tcp # informatik license manager informatik-lm 1428/udp # informatik license manager nms 1429/tcp # hypercom nms nms 1429/udp # hypercom nms tpdu 1430/tcp # hypercom tpdu tpdu 1430/udp # hypercom tpdu rgtp 1431/tcp # reverse gossip transport rgtp 1431/udp # reverse gossip transport blueberry-lm 1432/tcp # blueberry software license manager blueberry-lm 1432/udp # blueberry software license manager ms-sql-s 1433/tcp # microsoft-sql-server ms-sql-s 1433/udp # microsoft-sql-server ms-sql-m 1434/tcp # microsoft-sql-monitor ms-sql-m 1434/udp # microsoft-sql-monitor ibm-cics 1435/tcp # ibm cics ibm-cics 1435/udp # ibm cics saism 1436/tcp sas-2 # satellite-data acquisition system 2 saism 1436/udp sas-2 # satellite-data acquisition system 2 tabula 1437/tcp # tabula tabula 1437/udp # tabula eicon-server 1438/tcp # eicon security agent/server eicon-server 1438/udp # eicon security agent/server eicon-x25 1439/tcp # eicon x25/sna gateway eicon-x25 1439/udp # eicon x25/sna gateway eicon-slp 1440/tcp # eicon service location protocol eicon-slp 1440/udp # eicon service location protocol cadis-1 1441/tcp # cadis license management cadis-1 1441/udp # cadis license management cadis-2 1442/tcp # cadis license management cadis-2 1442/udp # cadis license management ies-lm 1443/tcp # integrated engineering software ies-lm 1443/udp # integrated engineering software marcam-lm 1444/tcp # marcam license management, marcam license management marcam-lm 1444/udp # marcam license management, marcam license management proxima-lm 1445/tcp # proxima license manager proxima-lm 1445/udp # proxima license manager ora-lm 1446/tcp # optical research associates license manager ora-lm 1446/udp # optical research associates license manager apri-lm 1447/tcp # applied parallel research lm apri-lm 1447/udp # applied parallel research lm oc-lm 1448/tcp # openconnect license manager oc-lm 1448/udp # openconnect license manager peport 1449/tcp # peport peport 1449/udp # peport dwf 1450/tcp # tandem distributed workbench facility dwf 1450/udp # tandem distributed workbench facility infoman 1451/tcp # ibm information management infoman 1451/udp # ibm information management gtegsc-lm 1452/tcp # gte government systems license man gtegsc-lm 1452/udp # gte government systems license man genie-lm 1453/tcp # genie license manager genie-lm 1453/udp # genie license manager interhdl_elmd 1454/tcp # interhdl license manager interhdl_elmd 1454/udp # interhdl license manager esl-lm 1455/tcp # esl license manager esl-lm 1455/udp # esl license manager dca 1456/tcp # dca dca 1456/udp # dca valisys-lm 1457/tcp # valisys license manager valisys-lm 1457/udp # valisys license manager nrcabq-lm 1458/tcp # nichols research corp. nrcabq-lm 1458/udp # nichols research corp. proshare1 1459/tcp # proshare notebook application proshare1 1459/udp # proshare notebook application proshare2 1460/tcp # proshare notebook application proshare2 1460/udp # proshare notebook application ibm_wrless_lan 1461/tcp # ibm wireless lan ibm_wrless_lan 1461/udp # ibm wireless lan world-lm 1462/tcp # world license manager world-lm 1462/udp # world license manager nucleus 1463/tcp # nucleus nucleus 1463/udp # nucleus msl_lmd 1464/tcp # msl license manager msl_lmd 1464/udp # msl license manager pipes 1465/tcp # pipes platform pipes 1465/udp # pipes platform mfarlin@peerlogic.com oceansoft-lm 1466/tcp # ocean software license manager oceansoft-lm 1466/udp # ocean software license manager csdmbase 1467/tcp # csdmbase csdmbase 1467/udp # csdmbase csdm 1468/tcp # csdm csdm 1468/udp # csdm aal-lm 1469/tcp # active analysis limited license manager aal-lm 1469/udp # active analysis limited license manager uaiact 1470/tcp # universal analytics uaiact 1470/udp # universal analytics csdmbase 1471/tcp # csdmbase csdmbase 1471/udp # csdmbase csdm 1472/tcp # csdm csdm 1472/udp # csdm openmath 1473/tcp # openmath openmath 1473/udp # openmath telefinder 1474/tcp # telefinder telefinder 1474/udp # telefinder taligent-lm 1475/tcp # taligent license manager taligent-lm 1475/udp # taligent license manager clvm-cfg 1476/tcp # clvm-cfg clvm-cfg 1476/udp # clvm-cfg ms-sna-server 1477/tcp # ms-sna-server ms-sna-server 1477/udp # ms-sna-server ms-sna-base 1478/tcp # ms-sna-base ms-sna-base 1478/udp # ms-sna-base dberegister 1479/tcp # dberegister dberegister 1479/udp # dberegister pacerforum 1480/tcp # pacerforum pacerforum 1480/udp # pacerforum airs 1481/tcp # airs airs 1481/udp # airs miteksys-lm 1482/tcp # miteksys license manager miteksys-lm 1482/udp # miteksys license manager afs 1483/tcp # afs license manager afs 1483/udp # afs license manager confluent 1484/tcp # confluent license manager confluent 1484/udp # confluent license manager lansource 1485/tcp # lansource lansource 1485/udp # lansource nms_topo_serv 1486/tcp # nms_topo_serv nms_topo_serv 1486/udp # nms_topo_serv localinfosrvr 1487/tcp # localinfosrvr localinfosrvr 1487/udp # localinfosrvr docstor 1488/tcp # docstor docstor 1488/udp # docstor dmdocbroker 1489/tcp # dmdocbroker dmdocbroker 1489/udp # dmdocbroker insitu-conf 1490/tcp # insitu-conf insitu-conf 1490/udp # insitu-conf anynetgateway 1491/tcp # anynetgateway anynetgateway 1491/udp # anynetgateway stone-design-1 1492/tcp # stone-design-1 stone-design-1 1492/udp # stone-design-1 netmap_lm 1493/tcp # netmap_lm netmap_lm 1493/udp # netmap_lm ica 1494/tcp # ica ica 1494/udp # ica cvc 1495/tcp # cvc cvc 1495/udp # cvc liberty-lm 1496/tcp # liberty-lm liberty-lm 1496/udp # liberty-lm rfx-lm 1497/tcp # rfx-lm rfx-lm 1497/udp # rfx-lm sybase-sqlany 1498/tcp watcom-sql # sybase sql any sybase-sqlany 1498/udp watcom-sql # sybase sql any fhc 1499/tcp # federico heinz consultora fhc 1499/udp # federico heinz consultora vlsi-lm 1500/tcp # vlsi license manager vlsi-lm 1500/udp # vlsi license manager saiscm 1501/tcp sas-3 # satellite-data acquisition system 3 saiscm 1501/udp sas-3 # satellite-data acquisition system 3 shivadiscovery 1502/tcp # shiva shivadiscovery 1502/udp # shiva imtc-mcs 1503/tcp # databeam imtc-mcs 1503/udp # databeam evb-elm 1504/tcp # evb software engineering license manager evb-elm 1504/udp # evb software engineering license manager funkproxy 1505/tcp # funk software, inc. funkproxy 1505/udp # funk software, inc. utcd 1506/tcp # universal time daemon (utcd) utcd 1506/udp # universal time daemon (utcd) symplex 1507/tcp # symplex symplex 1507/udp # symplex diagmond 1508/tcp # diagmond diagmond 1508/udp # diagmond robcad-lm 1509/tcp # robcad, ltd. license manager robcad-lm 1509/udp # robcad, ltd. license manager mvx-lm 1510/tcp # midland valley exploration ltd. lic. man. mvx-lm 1510/udp # midland valley exploration ltd. lic. man. 3l-l1 1511/tcp # 3l-l1 3l-l1 1511/udp # 3l-l1 wins 1512/tcp # microsoft's windows internet name service wins 1512/udp # microsoft's windows internet name service fujitsu-dtc 1513/tcp # fujitsu systems business of america, inc fujitsu-dtc 1513/udp # fujitsu systems business of america, inc fujitsu-dtcns 1514/tcp # fujitsu systems business of america, inc fujitsu-dtcns 1514/udp # fujitsu systems business of america, inc ifor-protocol 1515/tcp # ifor-protocol ifor-protocol 1515/udp # ifor-protocol vpad 1516/tcp # virtual places audio data vpad 1516/udp # virtual places audio data vpac 1517/tcp # virtual places audio control vpac 1517/udp # virtual places audio control vpvd 1518/tcp # virtual places video data vpvd 1518/udp # virtual places video data vpvc 1519/tcp # virtual places video control vpvc 1519/udp # virtual places video control atm-zip-office 1520/tcp # atm zip office atm-zip-office 1520/udp # atm zip office ncube-lm 1521/tcp # ncube license manager ncube-lm 1521/udp # ncube license manager ricardo-lm 1522/tcp rna-lm # ricardo north america license manager ricardo-lm 1522/udp rna-lm # ricardo north america license manager cichild-lm 1523/tcp # cichild cichild-lm 1523/udp # cichild ingreslock 1524/tcp # ingres ingreslock 1524/udp # ingres orasrv 1525/tcp prospero-np # oracle or prospero directory service non-priv, prospero directory service non-priv, prospero non-privileged, oracle orasrv 1525/udp prospero-np # prospero directory service non-priv, oracle pdap-np 1526/tcp # prospero data access prot non-priv pdap-np 1526/udp # prospero data access prot non-priv tlisrv 1527/tcp # oracle tlisrv 1527/udp # oracle mciautoreg 1528/tcp # micautoreg mciautoreg 1528/udp # micautoreg coauthor 1529/tcp gnatsd support prmsd # cygnus bug tracker, prmsd gnatsd # cygnus bug tracker, oracle coauthor 1529/udp # oracle rap-service 1530/tcp # rap-service rap-service 1530/udp # rap-service rap-listen 1531/tcp # rap-listen rap-listen 1531/udp # rap-listen miroconnect 1532/tcp # miroconnect miroconnect 1532/udp # miroconnect virtual-places 1533/tcp # virtual places software virtual-places 1533/udp # virtual places software micromuse-lm 1534/tcp # micromuse-lm micromuse-lm 1534/udp # micromuse-lm ampr-info 1535/tcp # ampr-info ampr-info 1535/udp # ampr-info ampr-inter 1536/tcp # ampr-inter ampr-inter 1536/udp # ampr-inter sdsc-lm 1537/tcp # isi-lm sdsc-lm 1537/udp # isi-lm 3ds-lm 1538/tcp # 3ds-lm 3ds-lm 1538/udp # 3ds-lm intellistor-lm 1539/tcp # intellistor license manager intellistor-lm 1539/udp # intellistor license manager rds 1540/tcp # rds rds 1540/udp # rds rds2 1541/tcp # rds2 rds2 1541/udp # rds2 gridgen-elmd 1542/tcp # gridgen-elmd gridgen-elmd 1542/udp # gridgen-elmd simba-cs 1543/tcp # simba-cs simba-cs 1543/udp # simba-cs aspeclmd 1544/tcp # aspeclmd aspeclmd 1544/udp # aspeclmd vistium-share 1545/tcp # vistium-share vistium-share 1545/udp # vistium-share abbaccuray 1546/tcp # abbaccuray abbaccuray 1546/udp # abbaccuray laplink 1547/tcp # laplink laplink 1547/udp # laplink axon-lm 1548/tcp # axon license manager axon-lm 1548/udp # axon license manager shivahose 1549/tcp # shiva hose shivasound 1549/udp # shiva sound 3m-image-lm 1550/tcp # image storage license manager 3m company 3m-image-lm 1550/udp # image storage license manager 3m company hecmtl-db 1551/tcp # hecmtl-db hecmtl-db 1551/udp # hecmtl-db pciarray 1552/tcp # pciarray pciarray 1552/udp # pciarray sna-cs 1553/tcp # sna-cs sna-cs 1553/udp # sna-cs caci-lm 1554/tcp # caci products company license manager caci-lm 1554/udp # caci products company license manager livelan 1555/tcp # livelan livelan 1555/udp # livelan ashwin 1556/tcp # ashwin ci tecnologies ashwin 1556/udp # ashwin ci tecnologies arbortext-lm 1557/tcp # arbortext license manager arbortext-lm 1557/udp # arbortext license manager xingmpeg 1558/tcp # xingmpeg xingmpeg 1558/udp # xingmpeg web2host 1559/tcp # web2host web2host 1559/udp # web2host asci-val 1560/tcp # asci-val asci-val 1560/udp # asci-val facilityview 1561/tcp # facilityview facilityview 1561/udp # facilityview pconnectmgr 1562/tcp # pconnectmgr pconnectmgr 1562/udp # pconnectmgr cadabra-lm 1563/tcp # cadabra license manager cadabra-lm 1563/udp # cadabra license manager pay-per-view 1564/tcp # pay-per-view pay-per-view 1564/udp # pay-per-view winddlb 1565/tcp # windd winddlb 1565/udp # windd corelvideo 1566/tcp # corelvideo corelvideo 1566/udp # corelvideo jlicelmd 1567/tcp # jlicelmd jlicelmd 1567/udp # jlicelmd tsspmap 1568/tcp # tsspmap tsspmap 1568/udp # tsspmap ets 1569/tcp # ets ets 1569/udp # ets orbixd 1570/tcp # orbixd orbixd 1570/udp # orbixd rdb-dbs-disp 1571/tcp # oracle remote data base rdb-dbs-disp 1571/udp # oracle remote data base chip-lm 1572/tcp # chipcom license manager chip-lm 1572/udp # chipcom license manager itscomm-ns 1573/tcp # itscomm-ns itscomm-ns 1573/udp # itscomm-ns mvel-lm 1574/tcp # mvel-lm mvel-lm 1574/udp # mvel-lm oraclenames 1575/tcp # oraclenames oraclenames 1575/udp # oraclenames moldflow-lm 1576/tcp # moldflow-lm moldflow-lm 1576/udp # moldflow-lm hypercube-lm 1577/tcp # hypercube-lm hypercube-lm 1577/udp # hypercube-lm jacobus-lm 1578/tcp # jacobus license manager jacobus-lm 1578/udp # jacobus license manager ioc-sea-lm 1579/tcp # ioc-sea-lm ioc-sea-lm 1579/udp # ioc-sea-lm tn-tl-r1 1580/tcp # tn-tl-r1 tn-tl-r2 1580/udp # tn-tl-r2 mil-2045-47001 1581/tcp # mil-2045-47001 mil-2045-47001 1581/udp # mil-2045-47001 msims 1582/tcp # msims msims 1582/udp # msims simbaexpress 1583/tcp # simbaexpress simbaexpress 1583/udp # simbaexpress tn-tl-fd2 1584/tcp # tn-tl-fd2 tn-tl-fd2 1584/udp # tn-tl-fd2 intv 1585/tcp # intv intv 1585/udp # intv ibm-abtact 1586/tcp # ibm-abtact ibm-abtact 1586/udp # ibm-abtact pra_elmd 1587/tcp # pra_elmd pra_elmd 1587/udp # pra_elmd triquest-lm 1588/tcp # triquest-lm triquest-lm 1588/udp # triquest-lm vqp 1589/tcp # vqp vqp 1589/udp # vqp gemini-lm 1590/tcp # gemini-lm gemini-lm 1590/udp # gemini-lm ncpm-pm 1591/tcp # ncpm-pm ncpm-pm 1591/udp # ncpm-pm commonspace 1592/tcp # commonspace commonspace 1592/udp # commonspace mainsoft-lm 1593/tcp # mainsoft-lm mainsoft-lm 1593/udp # mainsoft-lm sixtrak 1594/tcp # sixtrak sixtrak 1594/udp # sixtrak radio 1595/tcp # radio radio 1595/udp # radio radio-sm 1596/tcp # radio-sm radio-bc 1596/udp # radio-bc orbplus-iiop 1597/tcp # orbplus-iiop orbplus-iiop 1597/udp # orbplus-iiop picknfs 1598/tcp # picknfs picknfs 1598/udp # picknfs simbaservices 1599/tcp # simbaservices simbaservices 1599/udp # simbaservices issd 1600/tcp issd 1600/udp aas 1601/tcp # aas aas 1601/udp # aas inspect 1602/tcp # inspect inspect 1602/udp # inspect picodbc 1603/tcp # pickodbc picodbc 1603/udp # pickodbc icabrowser 1604/tcp # icabrowser icabrowser 1604/udp # icabrowser slp 1605/tcp # salutation manager (salutation protocol) slp 1605/udp # salutation manager (salutation protocol) slm-api 1606/tcp # salutation manager (slm-api) slm-api 1606/udp # salutation manager (slm-api) stt 1607/tcp # stt stt 1607/udp # stt smart-lm 1608/tcp # smart corp. license manager smart-lm 1608/udp # smart corp. license manager isysg-lm 1609/tcp # isysg-lm isysg-lm 1609/udp # isysg-lm taurus-wh 1610/tcp # taurus-wh taurus-wh 1610/udp # taurus-wh ill 1611/tcp # inter library loan ill 1611/udp # inter library loan netbill-trans 1612/tcp # netbill transaction server netbill-trans 1612/udp # netbill transaction server netbill-keyrep 1613/tcp # netbill key repository netbill-keyrep 1613/udp # netbill key repository netbill-cred 1614/tcp # netbill credential server netbill-cred 1614/udp # netbill credential server netbill-auth 1615/tcp # netbill authorization server netbill-auth 1615/udp # netbill authorization server netbill-prod 1616/tcp # netbill product server netbill-prod 1616/udp # netbill product server nimrod-agent 1617/tcp # nimrod inter-agent communication nimrod-agent 1617/udp # nimrod inter-agent communication skytelnet 1618/tcp # skytelnet skytelnet 1618/udp # skytelnet xs-openstorage 1619/tcp # xs-openstorage xs-openstorage 1619/udp # xs-openstorage faxportwinport 1620/tcp # faxportwinport faxportwinport 1620/udp # faxportwinport softdataphone 1621/tcp # softdataphone softdataphone 1621/udp # softdataphone ontime 1622/tcp # ontime ontime 1622/udp # ontime jaleosnd 1623/tcp # jaleosnd jaleosnd 1623/udp # jaleosnd udp-sr-port 1624/tcp # udp-sr-port udp-sr-port 1624/udp # udp-sr-port svs-omagent 1625/tcp # svs-omagent svs-omagent 1625/udp # svs-omagent shockwave 1626/tcp # shockwave shockwave 1626/udp # shockwave t128-gateway 1627/tcp # t.128 gateway t128-gateway 1627/udp # t.128 gateway longtalk-norm 1628/tcp # longtalk normal longtalk-norm 1628/udp # longtalk normal longtalk-urgnt 1629/tcp # longtalk urgent longtalk-urgnt 1629/udp # longtalk urgent oraclenet8cman 1630/tcp # oracle net8 cman oraclenet8cman 1630/udp # oracle net8 cman visitview 1631/tcp # visit view visitview 1631/udp # visit view pammratc 1632/tcp # pammratc pammratc 1632/udp # pammratc pammrpc 1633/tcp # pammrpc pammrpc 1633/udp # pammrpc loaprobe 1634/tcp # log on america probe loaprobe 1634/udp # log on america probe edb-server1 1635/tcp # edb server 1 edb-server1 1635/udp # edb server 1 cncp 1636/tcp # cablenet control protocol cncp 1636/udp # cablenet control protocol cnap 1637/tcp # cablenet admin protocol cnap 1637/udp # cablenet admin protocol cnip 1638/tcp # cablenet info protocol cnip 1638/udp # cablenet info protocol cert-initiator 1639/tcp # cert-initiator cert-initiator 1639/udp # cert-initiator cert-responder 1640/tcp # cert-responder cert-responder 1640/udp # cert-responder invision 1641/tcp # invision invision 1641/udp # invision isis-am 1642/tcp # isis-am isis-am 1642/udp # isis-am isis-ambc 1643/tcp # isis-ambc isis-ambc 1643/udp # isis-ambc saiseh 1644/tcp # satellite-data acquisition system 4 datametrics 1645/tcp # datametrics datametrics 1645/udp radius # radius authentication, datametrics sa-msg-port 1646/tcp # sa-msg-port sa-msg-port 1646/udp radacct # sa-msg-port, radius accounting rsap 1647/tcp # rsap rsap 1647/udp # rsap concurrent-lm 1648/tcp # concurrent-lm concurrent-lm 1648/udp # concurrent-lm kermit 1649/tcp # kermit kermit 1649/udp # kermit nkd 1650/tcp # nkd nkd 1650/udp # nkd shiva_confsrvr 1651/tcp # shiva_confsrvr shiva_confsrvr 1651/udp # shiva_confsrvr xnmp 1652/tcp # xnmp xnmp 1652/udp # xnmp alphatech-lm 1653/tcp # alphatech-lm alphatech-lm 1653/udp # alphatech-lm stargatealerts 1654/tcp # stargatealerts stargatealerts 1654/udp # stargatealerts dec-mbadmin 1655/tcp # dec-mbadmin dec-mbadmin 1655/udp # dec-mbadmin dec-mbadmin-h 1656/tcp # dec-mbadmin-h dec-mbadmin-h 1656/udp # dec-mbadmin-h fujitsu-mmpdc 1657/tcp # fujitsu-mmpdc fujitsu-mmpdc 1657/udp # fujitsu-mmpdc sixnetudr 1658/tcp # sixnetudr sixnetudr 1658/udp # sixnetudr sg-lm 1659/tcp # silicon grail license manager sg-lm 1659/udp # silicon grail license manager skip-mc-gikreq 1660/tcp # skip-mc-gikreq skip-mc-gikreq 1660/udp # skip-mc-gikreq netview-aix-1 1661/tcp # netview-aix-1 netview-aix-1 1661/udp # netview-aix-1 netview-aix-2 1662/tcp # netview-aix-2 netview-aix-2 1662/udp # netview-aix-2 netview-aix-3 1663/tcp # netview-aix-3 netview-aix-3 1663/udp # netview-aix-3 netview-aix-4 1664/tcp # netview-aix-4 netview-aix-4 1664/udp # netview-aix-4 netview-aix-5 1665/tcp # netview-aix-5 netview-aix-5 1665/udp # netview-aix-5 netview-aix-6 1666/tcp # netview-aix-6 netview-aix-6 1666/udp # netview-aix-6 netview-aix-7 1667/tcp # netview-aix-7 netview-aix-7 1667/udp # netview-aix-7 netview-aix-8 1668/tcp # netview-aix-8 netview-aix-8 1668/udp # netview-aix-8 netview-aix-9 1669/tcp # netview-aix-9 netview-aix-9 1669/udp # netview-aix-9 netview-aix-10 1670/tcp # netview-aix-10 netview-aix-10 1670/udp # netview-aix-10 netview-aix-11 1671/tcp # netview-aix-11 netview-aix-11 1671/udp # netview-aix-11 netview-aix-12 1672/tcp # netview-aix-12 netview-aix-12 1672/udp # netview-aix-12 proshare-mc-1 1673/tcp # intel proshare multicast proshare-mc-1 1673/udp # intel proshare multicast proshare-mc-2 1674/tcp # intel proshare multicast proshare-mc-2 1674/udp # intel proshare multicast pdp 1675/tcp # pacific data products pdp 1675/udp # pacific data products netcomm1 1676/tcp # netcomm1 netcomm2 1676/udp # netcomm2 groupwise 1677/tcp # groupwise groupwise 1677/udp # groupwise prolink 1678/tcp # prolink prolink 1678/udp # prolink darcorp-lm 1679/tcp # darcorp-lm darcorp-lm 1679/udp # darcorp-lm microcom-sbp 1680/tcp # microcom-sbp microcom-sbp 1680/udp # microcom-sbp sd-elmd 1681/tcp # sd-elmd sd-elmd 1681/udp # sd-elmd lanyon-lantern 1682/tcp # lanyon-lantern lanyon-lantern 1682/udp # lanyon-lantern ncpm-hip 1683/tcp # ncpm-hip ncpm-hip 1683/udp # ncpm-hip snaresecure 1684/tcp # snaresecure snaresecure 1684/udp # snaresecure n2nremote 1685/tcp # n2nremote n2nremote 1685/udp # n2nremote cvmon 1686/tcp # cvmon cvmon 1686/udp # cvmon nsjtp-ctrl 1687/tcp # nsjtp-ctrl nsjtp-ctrl 1687/udp # nsjtp-ctrl nsjtp-data 1688/tcp # nsjtp-data nsjtp-data 1688/udp # nsjtp-data firefox 1689/tcp # firefox firefox 1689/udp # firefox ng-umds 1690/tcp # ng-umds ng-umds 1690/udp # ng-umds empire-empuma 1691/tcp # empire-empuma empire-empuma 1691/udp # empire-empuma sstsys-lm 1692/tcp # sstsys-lm sstsys-lm 1692/udp # sstsys-lm rrirtr 1693/tcp # rrirtr rrirtr 1693/udp # rrirtr rrimwm 1694/tcp # rrimwm rrimwm 1694/udp # rrimwm rrilwm 1695/tcp # rrilwm rrilwm 1695/udp # rrilwm rrifmm 1696/tcp # rrifmm rrifmm 1696/udp # rrifmm rrisat 1697/tcp # rrisat rrisat 1697/udp # rrisat rsvp-encap-1 1698/tcp # rsvp-encapsulation-1 rsvp-encap-1 1698/udp # rsvp-encapsulation-1 rsvp-encap-2 1699/tcp # rsvp-encapsulation-2 rsvp-encap-2 1699/udp # rsvp-encapsulation-2 mps-raft 1700/tcp # mps-raft mps-raft 1700/udp # mps-raft l2f 1701/tcp l2tp # l2tp, l2f l2f 1701/udp l2tp # l2tp, l2f deskshare 1702/tcp # deskshare deskshare 1702/udp # deskshare hb-engine 1703/tcp # hb-engine hb-engine 1703/udp # hb-engine bcs-broker 1704/tcp # bcs-broker bcs-broker 1704/udp # bcs-broker slingshot 1705/tcp # slingshot slingshot 1705/udp # slingshot jetform 1706/tcp # jetform jetform 1706/udp # jetform vdmplay 1707/tcp # vdmplay vdmplay 1707/udp # vdmplay gat-lmd 1708/tcp # gat-lmd gat-lmd 1708/udp # gat-lmd centra 1709/tcp # centra centra 1709/udp # centra impera 1710/tcp # impera impera 1710/udp # impera pptconference 1711/tcp # pptconference pptconference 1711/udp # pptconference registrar 1712/tcp # resource monitoring service registrar 1712/udp # resource monitoring service conferencetalk 1713/tcp # conferencetalk conferencetalk 1713/udp # conferencetalk sesi-lm 1714/tcp # sesi-lm sesi-lm 1714/udp # sesi-lm houdini-lm 1715/tcp # houdini-lm houdini-lm 1715/udp # houdini-lm xmsg 1716/tcp # xmsg xmsg 1716/udp # xmsg fj-hdnet 1717/tcp # fj-hdnet fj-hdnet 1717/udp # fj-hdnet h323gatedisc 1718/tcp # h323gatedisc h323gatedisc 1718/udp # h323gatedisc h323gatestat 1719/tcp # h323gatestat h323gatestat 1719/udp # h323gatestat h323hostcall 1720/tcp # h323hostcall h323hostcall 1720/udp # h323hostcall caicci 1721/tcp # caicci caicci 1721/udp # caicci hks-lm 1722/tcp # hks license manager hks-lm 1722/udp # hks license manager pptp 1723/tcp # point-to-point tunnelling protocol, pptp pptp 1723/udp # pptp csbphonemaster 1724/tcp # csbphonemaster csbphonemaster 1724/udp # csbphonemaster iden-ralp 1725/tcp # iden-ralp iden-ralp 1725/udp # iden-ralp iberiagames 1726/tcp # iberiagames iberiagames 1726/udp # iberiagames winddx 1727/tcp # winddx winddx 1727/udp # winddx telindus 1728/tcp # telindus telindus 1728/udp # telindus citynl 1729/tcp # citynl license management citynl 1729/udp # citynl license management roketz 1730/tcp # roketz roketz 1730/udp # roketz msiccp 1731/tcp # msiccp msiccp 1731/udp # msiccp proxim 1732/tcp # proxim proxim 1732/udp # proxim siipat 1733/tcp # sims - siipat protocol for alarm transmission siipat 1733/udp # sims - siipat protocol for alarm transmission cambertx-lm 1734/tcp # camber corporation license management cambertx-lm 1734/udp # camber corporation license management privatechat 1735/tcp # privatechat privatechat 1735/udp # privatechat street-stream 1736/tcp # street-stream street-stream 1736/udp # street-stream ultimad 1737/tcp # ultimad ultimad 1737/udp # ultimad gamegen1 1738/tcp # gamegen1 gamegen1 1738/udp # gamegen1 webaccess 1739/tcp # webaccess webaccess 1739/udp # webaccess encore 1740/tcp # encore encore 1740/udp # encore cisco-net-mgmt 1741/tcp # cisco-net-mgmt cisco-net-mgmt 1741/udp # cisco-net-mgmt 3Com-nsd 1742/tcp # 3com-nsd 3Com-nsd 1742/udp # 3com-nsd cinegrfx-lm 1743/tcp # cinema graphics license manager cinegrfx-lm 1743/udp # cinema graphics license manager ncpm-ft 1744/tcp # ncpm-ft ncpm-ft 1744/udp # ncpm-ft remote-winsock 1745/tcp # remote-winsock remote-winsock 1745/udp # remote-winsock ftrapid-1 1746/tcp # ftrapid-1 ftrapid-1 1746/udp # ftrapid-1 ftrapid-2 1747/tcp # ftrapid-2 ftrapid-2 1747/udp # ftrapid-2 oracle-em1 1748/tcp # oracle-em1 oracle-em1 1748/udp # oracle-em1 aspen-services 1749/tcp # aspen-services aspen-services 1749/udp # aspen-services sslp 1750/tcp # simple socket library's portmaster sslp 1750/udp # simple socket library's portmaster swiftnet 1751/tcp # swiftnet swiftnet 1751/udp # swiftnet lofr-lm 1752/tcp # leap of faith research license manager lofr-lm 1752/udp # leap of faith research license manager translogic-lm 1753/tcp # translogic license manager translogic-lm 1753/udp # translogic license manager oracle-em2 1754/tcp # oracle-em2 oracle-em2 1754/udp # oracle-em2 ms-streaming 1755/tcp # ms-streaming ms-streaming 1755/udp # ms-streaming capfast-lmd 1756/tcp # capfast-lmd capfast-lmd 1756/udp # capfast-lmd cnhrp 1757/tcp # cnhrp cnhrp 1757/udp # cnhrp tftp-mcast 1758/tcp # tftp-mcast tftp-mcast 1758/udp # tftp-mcast spss-lm 1759/tcp # spss license manager spss-lm 1759/udp # spss license manager www-ldap-gw 1760/tcp # www-ldap-gw www-ldap-gw 1760/udp # www-ldap-gw cft-0 1761/tcp # cft-0 cft-0 1761/udp # cft-0 cft-1 1762/tcp # cft-1 cft-1 1762/udp # cft-1 cft-2 1763/tcp # cft-2 cft-2 1763/udp # cft-2 cft-3 1764/tcp # cft-3 cft-3 1764/udp # cft-3 cft-4 1765/tcp # cft-4 cft-4 1765/udp # cft-4 cft-5 1766/tcp # cft-5 cft-5 1766/udp # cft-5 cft-6 1767/tcp # cft-6 cft-6 1767/udp # cft-6 cft-7 1768/tcp # cft-7 cft-7 1768/udp # cft-7 bmc-net-adm 1769/tcp # bmc-net-adm bmc-net-adm 1769/udp # bmc-net-adm bmc-net-svc 1770/tcp # bmc-net-svc bmc-net-svc 1770/udp # bmc-net-svc vaultbase 1771/tcp # vaultbase vaultbase 1771/udp # vaultbase essweb-gw 1772/tcp # essweb gateway essweb-gw 1772/udp # essweb gateway kmscontrol 1773/tcp # kmscontrol kmscontrol 1773/udp # kmscontrol global-dtserv 1774/tcp # global-dtserv global-dtserv 1774/udp # global-dtserv femis 1776/tcp # federal emergency management information system femis 1776/udp # federal emergency management information system powerguardian 1777/tcp # powerguardian powerguardian 1777/udp # powerguardian prodigy-intrnet 1778/tcp # prodigy-internet prodigy-intrnet 1778/udp # prodigy-internet pharmasoft 1779/tcp # pharmasoft pharmasoft 1779/udp # pharmasoft dpkeyserv 1780/tcp # dpkeyserv dpkeyserv 1780/udp # dpkeyserv answersoft-lm 1781/tcp # answersoft-lm answersoft-lm 1781/udp # answersoft-lm hp-hcip 1782/tcp # hp-hcip hp-hcip 1782/udp # hp-hcip fjris 1783/tcp # fujitsu remote install service fjris 1783/udp # fujitsu remote install service finle-lm 1784/tcp # finle license manager finle-lm 1784/udp # finle license manager windlm 1785/tcp # wind river systems license manager windlm 1785/udp # wind river systems license manager funk-logger 1786/tcp # funk-logger funk-logger 1786/udp # funk-logger funk-license 1787/tcp # funk-license funk-license 1787/udp # funk-license psmond 1788/tcp # psmond psmond 1788/udp # psmond hello 1789/tcp # hello hello 1789/udp # hello nmsp 1790/tcp # narrative media streaming protocol nmsp 1790/udp # narrative media streaming protocol ea1 1791/tcp # ea1 ea1 1791/udp # ea1 ibm-dt-2 1792/tcp # ibm-dt-2 ibm-dt-2 1792/udp # ibm-dt-2 rsc-robot 1793/tcp # rsc-robot rsc-robot 1793/udp # rsc-robot cera-bcm 1794/tcp # cera-bcm cera-bcm 1794/udp # cera-bcm dpi-proxy 1795/tcp # dpi-proxy dpi-proxy 1795/udp # dpi-proxy vocaltec-admin 1796/tcp # vocaltec server administration vocaltec-admin 1796/udp # vocaltec server administration uma 1797/tcp # uma uma 1797/udp # uma etp 1798/tcp # event transfer protocol etp 1798/udp # event transfer protocol netrisk 1799/tcp # netrisk netrisk 1799/udp # netrisk ansys-lm 1800/tcp # ansys-license manager ansys-lm 1800/udp # ansys-license manager msmq 1801/tcp # microsoft message que msmq 1801/udp # microsoft message que concomp1 1802/tcp # concomp1 concomp1 1802/udp # concomp1 hp-hcip-gwy 1803/tcp # hp-hcip-gwy hp-hcip-gwy 1803/udp # hp-hcip-gwy enl 1804/tcp # enl enl 1804/udp # enl enl-name 1805/tcp # enl-name enl-name 1805/udp # enl-name musiconline 1806/tcp # musiconline musiconline 1806/udp # musiconline fhsp 1807/tcp # fujitsu hot standby protocol fhsp 1807/udp # fujitsu hot standby protocol oracle-vp2 1808/tcp # oracle-vp2 oracle-vp2 1808/udp # oracle-vp2 oracle-vp1 1809/tcp # oracle-vp1 oracle-vp1 1809/udp # oracle-vp1 jerand-lm 1810/tcp # jerand license manager jerand-lm 1810/udp # jerand license manager scientia-sdb 1811/tcp # scientia-sdb scientia-sdb 1811/udp # scientia-sdb radius 1812/tcp # radius radius 1812/udp # radius, radius authentication protocol (rfc 2138) radius-acct 1813/tcp # radius accounting radius-acct 1813/udp radacct # radius accounting protocol (rfc 2139), radius accounting tdp-suite 1814/tcp # tdp suite tdp-suite 1814/udp # tdp suite mmpft 1815/tcp # mmpft mmpft 1815/udp # mmpft harp 1816/tcp # harp harp 1816/udp # harp rkb-oscs 1817/tcp # rkb-oscs rkb-oscs 1817/udp # rkb-oscs etftp 1818/tcp # enhanced trivial file transfer protocol etftp 1818/udp # enhanced trivial file transfer protocol plato-lm 1819/tcp # plato license manager plato-lm 1819/udp # plato license manager mcagent 1820/tcp # mcagent mcagent 1820/udp # mcagent donnyworld 1821/tcp # donnyworld donnyworld 1821/udp # donnyworld es-elmd 1822/tcp # es-elmd es-elmd 1822/udp # es-elmd unisys-lm 1823/tcp # unisys natural language license manager unisys-lm 1823/udp # unisys natural language license manager metrics-pas 1824/tcp # metrics-pas metrics-pas 1824/udp # metrics-pas direcpc-video 1825/tcp # direcpc video direcpc-video 1825/udp # direcpc video ardt 1826/tcp # ardt ardt 1826/udp # ardt asi 1827/tcp # asi asi 1827/udp # asi itm-mcell-u 1828/tcp # itm-mcell-u itm-mcell-u 1828/udp # itm-mcell-u optika-emedia 1829/tcp # optika emedia optika-emedia 1829/udp # optika emedia net8-cman 1830/tcp # oracle net8 cman admin net8-cman 1830/udp # oracle net8 cman admin myrtle 1831/tcp # myrtle myrtle 1831/udp # myrtle tht-treasure 1832/tcp # thoughttreasure tht-treasure 1832/udp # thoughttreasure udpradio 1833/tcp # udpradio udpradio 1833/udp # udpradio ardusuni 1834/tcp # ardus unicast ardusuni 1834/udp # ardus unicast ardusmul 1835/tcp # ardus multicast ardusmul 1835/udp # ardus multicast ste-smsc 1836/tcp # ste-smsc ste-smsc 1836/udp # ste-smsc csoft1 1837/tcp # csoft1 csoft1 1837/udp # csoft1 talnet 1838/tcp # talnet talnet 1838/udp # talnet netopia-vo1 1839/tcp # netopia-vo1 netopia-vo1 1839/udp # netopia-vo1 netopia-vo2 1840/tcp # netopia-vo2 netopia-vo2 1840/udp # netopia-vo2 netopia-vo3 1841/tcp # netopia-vo3 netopia-vo3 1841/udp # netopia-vo3 netopia-vo4 1842/tcp # netopia-vo4 netopia-vo4 1842/udp # netopia-vo4 netopia-vo5 1843/tcp # netopia-vo5 netopia-vo5 1843/udp # netopia-vo5 gsi 1850/tcp # gsi gsi 1850/udp # gsi ctcd 1851/tcp # ctcd ctcd 1851/udp # ctcd sunscalar-svc 1860/tcp # sunscalar services sunscalar-svc 1860/udp # sunscalar services lecroy-vicp 1861/tcp # lecroy vicp lecroy-vicp 1861/udp # lecroy vicp techra-server 1862/tcp # techra-server techra-server 1862/udp # techra-server msnp 1863/tcp # msnp msnp 1863/udp # msnp paradym-31port 1864/tcp # paradym 31 port paradym-31port 1864/udp # paradym 31 port entp 1865/tcp # entp entp 1865/udp # entp sunscalar-dns 1870/tcp # sunscalar dns service sunscalar-dns 1870/udp # sunscalar dns service ibm-mqseries2 1881/tcp # ibm mqseries ibm-mqseries2 1881/udp # ibm mqseries vista-4gl 1895/tcp # vista 4gl vista-4gl 1895/udp # vista 4gl mc2studios 1899/tcp # mc2studios mc2studios 1899/udp # mc2studios fjicl-tep-a 1901/tcp # fujitsu icl terminal emulator program a fjicl-tep-a 1901/udp # fujitsu icl terminal emulator program a fjicl-tep-b 1902/tcp # fujitsu icl terminal emulator program b fjicl-tep-b 1902/udp # fujitsu icl terminal emulator program b linkname 1903/tcp # local link name resolution linkname 1903/udp # local link name resolution fjicl-tep-c 1904/tcp # fujitsu icl terminal emulator program c fjicl-tep-c 1904/udp # fujitsu icl terminal emulator program c sugp 1905/tcp # secure up.link gateway protocol sugp 1905/udp # secure up.link gateway protocol tpmd 1906/tcp # tportmapperreq tpmd 1906/udp # tportmapperreq intrastar 1907/tcp # intrastar intrastar 1907/udp # intrastar dawn 1908/tcp # dawn dawn 1908/udp # dawn global-wlink 1909/tcp # global world link global-wlink 1909/udp # global world link ultrabac 1910/tcp # ultrabac ultrabac 1910/udp # ultrabac mtp 1911/tcp # starlight networks multimedia transport protocol mtp 1911/udp # starlight networks multimedia transport protocol rhp-iibp 1912/tcp # rhp-iibp rhp-iibp 1912/udp # rhp-iibp armadp 1913/tcp # armadp armadp 1913/udp # armadp elm-momentum 1914/tcp # elm-momentum elm-momentum 1914/udp # elm-momentum facelink 1915/tcp # facelink facelink 1915/udp # facelink persona 1916/tcp # persoft persona persona 1916/udp # persoft persona noagent 1917/tcp # noagent noagent 1917/udp # noagent can-nds 1918/tcp # candle directory service - nds can-nds 1918/udp # candle directory service - nds can-dch 1919/tcp # candle directory service - dch can-dch 1919/udp # candle directory service - dch can-ferret 1920/tcp # candle directory service - ferret can-ferret 1920/udp # candle directory service - ferret noadmin 1921/tcp # noadmin noadmin 1921/udp # noadmin tapestry 1922/tcp # tapestry tapestry 1922/udp # tapestry spice 1923/tcp # spice spice 1923/udp # spice xiip 1924/tcp # xiip xiip 1924/udp # xiip close-combat 1944/tcp # close-combat close-combat 1944/udp # close-combat dialogic-elmd 1945/tcp # dialogic-elmd dialogic-elmd 1945/udp # dialogic-elmd tekpls 1946/tcp # tekpls tekpls 1946/udp # tekpls hlserver 1947/tcp # hlserver hlserver 1947/udp # hlserver eye2eye 1948/tcp # eye2eye eye2eye 1948/udp # eye2eye ismaeasdaqlive 1949/tcp # isma easdaq live ismaeasdaqlive 1949/udp # isma easdaq live ismaeasdaqtest 1950/tcp # isma easdaq test ismaeasdaqtest 1950/udp # isma easdaq test bcs-lmserver 1951/tcp # bcs-lmserver bcs-lmserver 1951/udp # bcs-lmserver mpnjsc 1952/tcp # mpnjsc mpnjsc 1952/udp # mpnjsc rapidbase 1953/tcp # rapid base rapidbase 1953/udp # rapid base intersys-cache 1972/tcp # cache intersys-cache 1972/udp # cache dlsrap 1973/tcp # data link switching remote access protocol dlsrap 1973/udp # data link switching remote access protocol bb 1984/tcp # bb bb 1984/udp # bb hsrp 1985/tcp # hot standby router protocol hsrp 1985/udp # hot standby router protocol licensedaemon 1986/tcp # cisco license management licensedaemon 1986/udp # cisco license management tr-rsrb-p1 1987/tcp # cisco rsrb priority 1 port tr-rsrb-p1 1987/udp # cisco rsrb priority 1 port tr-rsrb-p2 1988/tcp # cisco rsrb priority 2 port tr-rsrb-p2 1988/udp # cisco rsrb priority 2 port tr-rsrb-p3 1989/tcp mshnet # mhsnet system, cisco rsrb priority 3 port tr-rsrb-p3 1989/udp mshnet # mhsnet system, cisco rsrb priority 3 port stun-p1 1990/tcp # cisco stun priority 1 port stun-p1 1990/udp # cisco stun priority 1 port stun-p2 1991/tcp # cisco stun priority 2 port stun-p2 1991/udp # cisco stun priority 2 port stun-p3 1992/tcp ipsendmsg # ipsendmsg, cisco stun priority 3 port stun-p3 1992/udp ipsendmsg # ipsendmsg, cisco stun priority 3 port snmp-tcp-port 1993/tcp # cisco snmp tcp port snmp-tcp-port 1993/udp # cisco snmp tcp port stun-port 1994/tcp # cisco serial tunnel port stun-port 1994/udp # cisco serial tunnel port perf-port 1995/tcp # cisco perf port perf-port 1995/udp # cisco perf port tr-rsrb-port 1996/tcp # cisco remote srb port tr-rsrb-port 1996/udp # cisco remote srb port gdp-port 1997/tcp # cisco gateway discovery protocol gdp-port 1997/udp # cisco gateway discovery protocol x25-svc-port 1998/tcp # cisco x.25 service (xot) x25-svc-port 1998/udp # cisco x.25 service (xot) tcp-id-port 1999/tcp # cisco identification port tcp-id-port 1999/udp # cisco identification port callbook 2000/tcp callbook 2000/udp dc 2001/tcp wizard 2001/udp # curry globe 2002/tcp globe 2002/udp cfingerd 2003/tcp # gnu finger mailbox 2004/tcp emce 2004/udp # ccws mm conf berknet 2005/tcp deslogin # encrypted symmetric telnet/login oracle 2005/udp invokator 2006/tcp raid-cc 2006/udp # raid dectalk 2007/tcp raid-am 2007/udp conf 2008/tcp terminaldb 2008/udp news 2009/tcp whosockami 2009/udp search 2010/tcp pipe_server 2010/udp raid-cc 2011/tcp # raid servserv 2011/udp ttyinfo 2012/tcp raid-ac 2012/udp raid-am 2013/tcp raid-cd 2013/udp troff 2014/tcp raid-sf 2014/udp cypress 2015/tcp raid-cs 2015/udp bootserver 2016/tcp bootserver 2016/udp cypress-stat 2017/tcp bootclient 2017/udp terminaldb 2018/tcp rellpack 2018/udp whosockami 2019/tcp about 2019/udp xinupageserver 2020/tcp xinupageserver 2020/udp servexec 2021/tcp xinuexpansion1 2021/udp down 2022/tcp xinuexpansion2 2022/udp xinuexpansion3 2023/tcp xinuexpansion3 2023/udp xinuexpansion4 2024/tcp xinuexpansion4 2024/udp ellpack 2025/tcp xribs 2025/udp scrabble 2026/tcp scrabble 2026/udp shadowserver 2027/tcp shadowserver 2027/udp submitserver 2028/tcp submitserver 2028/udp device2 2030/tcp device2 2030/udp blackboard 2032/tcp blackboard 2032/udp glogger 2033/tcp glogger 2033/udp scoremgr 2034/tcp scoremgr 2034/udp imsldoc 2035/tcp imsldoc 2035/udp objectmanager 2038/tcp objectmanager 2038/udp lam 2040/tcp lam 2040/udp interbase 2041/tcp interbase 2041/udp isis 2042/tcp # isis isis 2042/udp # isis isis-bcast 2043/tcp # isis-bcast isis-bcast 2043/udp # isis-bcast rimsl 2044/tcp rimsl 2044/udp cdfunc 2045/tcp cdfunc 2045/udp sdfunc 2046/tcp sdfunc 2046/udp dls 2047/tcp dls 2047/udp dls-monitor 2048/tcp dls-monitor 2048/udp shilp 2049/tcp nfsd nfs # networked file system, nfs server daemon, nfs server daemon (cots), network file system - sun microsystems, sun nfs, nfs server shilp 2049/udp nfsd nfs # networked file system, nfs server daemon (clts), nfs server daemon, network file system - sun microsystems, sun nfs, nfs server dlsrpn 2065/tcp # data link switch read port number dlsrpn 2065/udp # data link switch read port number dlswpn 2067/tcp # data link switch write port number dlswpn 2067/udp # data link switch write port number lrp 2090/tcp # load report protocol lrp 2090/udp # load report protocol prp 2091/tcp # prp prp 2091/udp # prp descent3 2092/tcp # descent 3 descent3 2092/udp # descent 3 nbx-cc 2093/tcp # nbx cc nbx-cc 2093/udp # nbx cc nbx-au 2094/tcp # nbx au nbx-au 2094/udp # nbx au nbx-ser 2095/tcp # nbx ser nbx-ser 2095/udp # nbx ser nbx-dir 2096/tcp # nbx dir nbx-dir 2096/udp # nbx dir amiganetfs 2100/tcp # amiganetfs amiganetfs 2100/udp # amiganetfs rtcm-sc104 2101/tcp # rtcm-sc104 rtcm-sc104 2101/udp # rtcm-sc104 zephyr-srv 2102/tcp # zephyr server zephyr-srv 2102/udp # zephyr server zephyr-clt 2103/tcp # zephyr serv-hm connection zephyr-clt 2103/udp # zephyr serv-hm connection zephyr-hm 2104/tcp # zephyr hostmanager zephyr-hm 2104/udp # zephyr hostmanager minipay 2105/tcp eklogin # kerberos (v4) encrypted rlogin, kerberos encrypted `rlogin', kerberos encrypted rlogin, minipay minipay 2105/udp eklogin # kerberos (v4) encrypted rlogin, minipay ekshell 2106/tcp ekshell2 # kerberos (v4) encrypted rshell, what u of colorado @ boulder uses? ekshell 2106/udp # kerberos (v4) encrypted rshell rkinit 2108/tcp # kerberos remote kinit, kerberos (v4) remote initialization rkinit 2108/udp # kerberos (v4) remote initialization kx 2111/tcp # x over kerberos kip 2112/tcp # ip over kerberos kauth 2120/tcp # remote kauth mc-gt-srv 2180/tcp # millicent vendor gateway server mc-gt-srv 2180/udp # millicent vendor gateway server ici 2200/tcp # ici ici 2200/udp # ici ats 2201/tcp # advanced training system program ats 2201/udp # advanced training system program imtc-map 2202/tcp # int. multimedia teleconferencing cosortium imtc-map 2202/udp # int. multimedia teleconferencing cosortium kali 2213/tcp # kali kali 2213/udp # kali ganymede 2220/tcp # ganymede ganymede 2220/udp # ganymede unreg-ab1 2221/tcp # allen-bradley unregistered port unreg-ab1 2221/udp # allen-bradley unregistered port unreg-ab2 2222/tcp # allen-bradley unregistered port unreg-ab2 2222/udp # allen-bradley unregistered port inreg-ab3 2223/tcp # allen-bradley unregistered port inreg-ab3 2223/udp # allen-bradley unregistered port ivs-video 2232/tcp # ivs video default ivs-video 2232/udp # ivs video default infocrypt 2233/tcp # infocrypt infocrypt 2233/udp # infocrypt directplay 2234/tcp # directplay directplay 2234/udp # directplay sercomm-wlink 2235/tcp # sercomm-wlink sercomm-wlink 2235/udp # sercomm-wlink nani 2236/tcp # nani nani 2236/udp # nani optech-port1-lm 2237/tcp # optech port1 license manager optech-port1-lm 2237/udp # optech port1 license manager aviva-sna 2238/tcp # aviva sna server aviva-sna 2238/udp # aviva sna server imagequery 2239/tcp # image query imagequery 2239/udp # image query recipe 2240/tcp # recipe recipe 2240/udp # recipe ivsd 2241/tcp # ivs daemon ivsd 2241/udp # ivs daemon foliocorp 2242/tcp # folio remote server foliocorp 2242/udp # folio remote server xmquery 2279/tcp # xmquery xmquery 2279/udp # xmquery lnvpoller 2280/tcp # lnvpoller lnvpoller 2280/udp # lnvpoller lnvconsole 2281/tcp # lnvconsole lnvconsole 2281/udp # lnvconsole lnvalarm 2282/tcp # lnvalarm lnvalarm 2282/udp # lnvalarm lnvstatus 2283/tcp # lnvstatus lnvstatus 2283/udp # lnvstatus lnvmaps 2284/tcp # lnvmaps lnvmaps 2284/udp # lnvmaps lnvmailmon 2285/tcp # lnvmailmon lnvmailmon 2285/udp # lnvmailmon nas-metering 2286/tcp # nas-metering nas-metering 2286/udp # nas-metering dna 2287/tcp # dna dna 2287/udp # dna netml 2288/tcp # netml netml 2288/udp # netml konshus-lm 2294/tcp # konshus license manager (flex) konshus-lm 2294/udp # konshus license manager (flex) advant-lm 2295/tcp # advant license manager advant-lm 2295/udp # advant license manager theta-lm 2296/tcp # theta license manager (rainbow) theta-lm 2296/udp # theta license manager (rainbow) d2k-datamover1 2297/tcp # d2k datamover 1 d2k-datamover1 2297/udp # d2k datamover 1 d2k-datamover2 2298/tcp # d2k datamover 2 d2k-datamover2 2298/udp # d2k datamover 2 pc-telecommute 2299/tcp # pc telecommute pc-telecommute 2299/udp # pc telecommute cvmmon 2300/tcp # cvmmon cvmmon 2300/udp # cvmmon cpq-wbem 2301/tcp # compaq http cpq-wbem 2301/udp # compaq http binderysupport 2302/tcp # bindery support binderysupport 2302/udp # bindery support proxy-gateway 2303/tcp # proxy gateway proxy-gateway 2303/udp # proxy gateway attachmate-uts 2304/tcp # attachmate uts attachmate-uts 2304/udp # attachmate uts mt-scaleserver 2305/tcp # mt scaleserver mt-scaleserver 2305/udp # mt scaleserver tappi-boxnet 2306/tcp # tappi boxnet tappi-boxnet 2306/udp # tappi boxnet pehelp 2307/tcp # pehelp pehelp 2307/udp # pehelp sdhelp 2308/tcp # sdhelp sdhelp 2308/udp # sdhelp sdserver 2309/tcp # sd server sdserver 2309/udp # sd server sdclient 2310/tcp # sd client sdclient 2310/udp # sd client messageservice 2311/tcp # message service messageservice 2311/udp # message service iapp 2313/tcp # iapp (inter access point protocol) iapp 2313/udp # iapp (inter access point protocol) cr-websystems 2314/tcp # cr websystems cr-websystems 2314/udp # cr websystems precise-sft 2315/tcp # precise sft. precise-sft 2315/udp # precise sft. sent-lm 2316/tcp # sent license manager sent-lm 2316/udp # sent license manager attachmate-g32 2317/tcp # attachmate g32 attachmate-g32 2317/udp # attachmate g32 cadencecontrol 2318/tcp # cadence control cadencecontrol 2318/udp # cadence control infolibria 2319/tcp # infolibria infolibria 2319/udp # infolibria siebel-ns 2320/tcp # siebel ns siebel-ns 2320/udp # siebel ns rdlap 2321/tcp # rdlap over udp rdlap 2321/udp # rdlap ofsd 2322/tcp # ofsd ofsd 2322/udp # ofsd 3d-nfsd 2323/tcp # 3d-nfsd 3d-nfsd 2323/udp # 3d-nfsd cosmocall 2324/tcp # cosmocall cosmocall 2324/udp # cosmocall designspace-lm 2325/tcp # design space license management designspace-lm 2325/udp # design space license management idcp 2326/tcp # idcp idcp 2326/udp # idcp xingcsm 2327/tcp # xingcsm xingcsm 2327/udp # xingcsm netrix-sftm 2328/tcp # netrix sftm netrix-sftm 2328/udp # netrix sftm nvd 2329/tcp # nvd nvd 2329/udp # nvd tscchat 2330/tcp # tscchat tscchat 2330/udp # tscchat agentview 2331/tcp # agentview agentview 2331/udp # agentview rcc-host 2332/tcp # rcc host rcc-host 2332/udp # rcc host snapp 2333/tcp # snapp snapp 2333/udp # snapp ace-client 2334/tcp # ace client auth ace-client 2334/udp # ace client auth ace-proxy 2335/tcp # ace proxy ace-proxy 2335/udp # ace proxy appleugcontrol 2336/tcp # apple ug control appleugcontrol 2336/udp # apple ug control ideesrv 2337/tcp # ideesrv ideesrv 2337/udp # ideesrv norton-lambert 2338/tcp # norton lambert norton-lambert 2338/udp # norton lambert 3com-webview 2339/tcp # 3com webview 3com-webview 2339/udp # 3com webview wrs_registry 2340/tcp # wrs registry wrs_registry 2340/udp # wrs registry xiostatus 2341/tcp # xio status xiostatus 2341/udp # xio status manage-exec 2342/tcp # seagate manage exec manage-exec 2342/udp # seagate manage exec nati-logos 2343/tcp # nati logos nati-logos 2343/udp # nati logos fcmsys 2344/tcp # fcmsys fcmsys 2344/udp # fcmsys dbm 2345/tcp # dbm dbm 2345/udp # dbm redstorm_join 2346/tcp # game connection port redstorm_join 2346/udp # game connection port redstorm_find 2347/tcp # game announcement and location redstorm_find 2347/udp # game announcement and location redstorm_info 2348/tcp # information to query for game status redstorm_info 2348/udp # information to query for game status redstorm_diag 2349/tcp # diagnostics port redstorm_diag 2349/udp # disgnostics port psbserver 2350/tcp # psbserver psbserver 2350/udp # psbserver psrserver 2351/tcp # psrserver psrserver 2351/udp # psrserver pslserver 2352/tcp # pslserver pslserver 2352/udp # pslserver pspserver 2353/tcp # pspserver pspserver 2353/udp # pspserver psprserver 2354/tcp # psprserver psprserver 2354/udp # psprserver psdbserver 2355/tcp # psdbserver psdbserver 2355/udp # psdbserver gxtelmd 2356/tcp # gxt license managemant gxtelmd 2356/udp # gxt license managemant unihub-server 2357/tcp # unihub server unihub-server 2357/udp # unihub server futrix 2358/tcp # futrix futrix 2358/udp # futrix flukeserver 2359/tcp # flukeserver flukeserver 2359/udp # flukeserver nexstorindltd 2360/tcp # nexstorindltd nexstorindltd 2360/udp # nexstorindltd ovsessionmgr 2389/tcp # openview session mgr ovsessionmgr 2389/udp # openview session mgr rsmtp 2390/tcp # rsmtp rsmtp 2390/udp # rsmtp 3com-net-mgmt 2391/tcp # 3com net management 3com-net-mgmt 2391/udp # 3com net management tacticalauth 2392/tcp # tactical auth tacticalauth 2392/udp # tactical auth ms-olap1 2393/tcp # ms olap 1 ms-olap1 2393/udp # ms olap 1 ms-olap2 2394/tcp # ms olap 2 ms-olap2 2394/udp # ma olap 2 lan900_remote 2395/tcp # lan900 remote lan900_remote 2395/udp # lan900 remote wusage 2396/tcp # wusage wusage 2396/udp # wusage ncl 2397/tcp # ncl ncl 2397/udp # ncl orbiter 2398/tcp # orbiter orbiter 2398/udp # orbiter fmpro-fdal 2399/tcp # filemaker, inc. - data access layer fmpro-fdal 2399/udp # filemaker, inc. - data access layer opequus-server 2400/tcp # opequus server opequus-server 2400/udp # opequus server cvspserver 2401/tcp # cvspserver, cvs network server cvspserver 2401/udp # cvspserver, cvs network server taskmaster2000 2402/tcp # taskmaster 2000 server taskmaster2000 2402/udp # taskmaster 2000 server taskmaster2000 2403/tcp # taskmaster 2000 web taskmaster2000 2403/udp # taskmaster 2000 web iec870-5-104 2404/tcp # iec870-5-104 iec870-5-104 2404/udp # iec870-5-104 trc-netpoll 2405/tcp # trc netpoll trc-netpoll 2405/udp # trc netpoll jediserver 2406/tcp # jediserver jediserver 2406/udp # jediserver orion 2407/tcp # orion orion 2407/udp # orion optimanet 2408/tcp # optimanet optimanet 2408/udp # optimanet sns-protocol 2409/tcp # sns protocol sns-protocol 2409/udp # sns protocol vrts-registry 2410/tcp # vrts registry vrts-registry 2410/udp # vrts registry netwave-ap-mgmt 2411/tcp # netwave ap management netwave-ap-mgmt 2411/udp # netwave ap management cdn 2412/tcp # cdn cdn 2412/udp # cdn orion-rmi-reg 2413/tcp # orion-rmi-reg orion-rmi-reg 2413/udp # orion-rmi-reg interlingua 2414/tcp # interlingua interlingua 2414/udp # interlingua comtest 2415/tcp # comtest comtest 2415/udp # comtest rmtserver 2416/tcp # rmt server rmtserver 2416/udp # rmt server composit-server 2417/tcp # composit server composit-server 2417/udp # composit server cas 2418/tcp # cas cas 2418/udp # cas attachmate-s2s 2419/tcp # attachmate s2s attachmate-s2s 2419/udp # attachmate s2s dslremote-mgmt 2420/tcp # dsl remote management dslremote-mgmt 2420/udp # dsl remote management g-talk 2421/tcp # g-talk g-talk 2421/udp # g-talk crmsbits 2422/tcp # crmsbits crmsbits 2422/udp # crmsbits rnrp 2423/tcp # rnrp rnrp 2423/udp # rnrp kofax-svr 2424/tcp # kofax-svr kofax-svr 2424/udp # kofax-svr fjitsuappmgr 2425/tcp # fujitsu app manager fjitsuappmgr 2425/udp # fujitsu app manager applianttcp 2426/tcp # appliant tcp appliantudp 2426/udp # appliant udp stgcp 2427/tcp # simple telephony gateway control protocol stgcp 2427/udp # simple telephony gateway control protocol ott 2428/tcp # one way trip time ott 2428/udp # one way trip time ft-role 2429/tcp # ft-role ft-role 2429/udp # ft-role venus 2430/tcp # venus venus 2430/udp # venus venus-se 2431/tcp # venus-se venus-se 2431/udp # venus-se codasrv 2432/tcp # codasrv codasrv 2432/udp # codasrv codasrv-se 2433/tcp # codasrv-se codasrv-se 2433/udp # codasrv-se pxc-epmap 2434/tcp # pxc-epmap pxc-epmap 2434/udp # pxc-epmap optilogic 2435/tcp # optilogic optilogic 2435/udp # optilogic topx 2436/tcp # top/x topx 2436/udp # top/x unicontrol 2437/tcp # unicontrol unicontrol 2437/udp # unicontrol msp 2438/tcp # msp msp 2438/udp # msp sybasedbsynch 2439/tcp # sybasedbsynch sybasedbsynch 2439/udp # sybasedbsynch spearway 2440/tcp # spearway lockers spearway 2440/udp # spearway lockser pvsw-inet 2441/tcp # pvsw-inet pvsw-inet 2441/udp # pvsw-inet netangel 2442/tcp # netangel netangel 2442/udp # netangel powerclientcsf 2443/tcp # powerclient central storage facility powerclientcsf 2443/udp # powerclient central storage facility btpp2sectrans 2444/tcp # bt pp2 sectrans btpp2sectrans 2444/udp # bt pp2 sectrans dtn1 2445/tcp # dtn1 dtn1 2445/udp # dtn1 bues_service 2446/tcp # bues_service bues_service 2446/udp # bues_service ovwdb 2447/tcp # openview nnm daemon ovwdb 2447/udp # openview nnm daemon hpppssvr 2448/tcp # hpppsvr hpppssvr 2448/udp # hpppsvr ratl 2449/tcp # ratl ratl 2449/udp # ratl netadmin 2450/tcp # netadmin netadmin 2450/udp # netadmin netchat 2451/tcp # netchat netchat 2451/udp # netchat snifferclient 2452/tcp # snifferclient snifferclient 2452/udp # snifferclient madge-om 2453/tcp # madge-om madge-om 2453/udp # madge-om indx-dds 2454/tcp # indx-dds indx-dds 2454/udp # indx-dds wago-io-system 2455/tcp # wago-io-system wago-io-system 2455/udp # wago-io-system altav-remmgt 2456/tcp # altav-remmgt altav-remmgt 2456/udp # altav-remmgt rapido-ip 2457/tcp # rapido_ip rapido-ip 2457/udp # rapido_ip griffin 2458/tcp # griffin griffin 2458/udp # griffin community 2459/tcp # community community 2459/udp # community ms-theater 2460/tcp # ms-theater ms-theater 2460/udp # ms-theater qadmifoper 2461/tcp # qadmifoper qadmifoper 2461/udp # qadmifoper qadmifevent 2462/tcp # qadmifevent qadmifevent 2462/udp # qadmifevent symbios-raid 2463/tcp # symbios raid symbios-raid 2463/udp # symbios raid direcpc-si 2464/tcp # direcpc si direcpc-si 2464/udp # direcpc si lbm 2465/tcp # load balance management lbm 2465/udp # load balance management lbf 2466/tcp # load balance forwarding lbf 2466/udp # load balance forwarding high-criteria 2467/tcp # high criteria high-criteria 2467/udp # high criteria qip_msgd 2468/tcp # qip_msgd qip_msgd 2468/udp # qip_msgd mti-tcs-comm 2469/tcp # mti-tcs-comm mti-tcs-comm 2469/udp # mti-tcs-comm taskman_port 2470/tcp # taskman port taskman_port 2470/udp # taskman port seaodbc 2471/tcp # seaodbc seaodbc 2471/udp # seaodbc c3 2472/tcp # c3 c3 2472/udp # c3 aker-cdp 2473/tcp # aker-cdp aker-cdp 2473/udp # aker-cdp vitalanalysis 2474/tcp # vital analysis vitalanalysis 2474/udp # vital analysis ace-server 2475/tcp # ace server ace-server 2475/udp # ace server ace-svr-prop 2476/tcp # ace server propagation ace-svr-prop 2476/udp # ace server propagation ssm-cvs 2477/tcp # secursight certificate valifation service ssm-cvs 2477/udp # secursight certificate valifation service ssm-cssps 2478/tcp # secursight authentication server (sll) ssm-cssps 2478/udp # secursight authentication server (ssl) ssm-els 2479/tcp # secursight event logging server (ssl) ssm-els 2479/udp # secursight event logging server (ssl) lingwood 2480/tcp # lingwood's detail lingwood 2480/udp # lingwood's detail giop 2481/tcp # oracle giop giop 2481/udp # oracle giop giop-ssl 2482/tcp # oracle giop ssl giop-ssl 2482/udp # oracle giop ssl ttc 2483/tcp # oracle ttc ttc 2483/udp # oracel ttc ttc-ssl 2484/tcp # oracle ttc ssl ttc-ssl 2484/udp # oracle ttc ssl netobjects1 2485/tcp # net objects1 netobjects1 2485/udp # net objects1 netobjects2 2486/tcp # net objects2 netobjects2 2486/udp # net objects2 pns 2487/tcp # policy notice service pns 2487/udp # policy notice service moy-corp 2488/tcp # moy corporation moy-corp 2488/udp # moy corporation tsilb 2489/tcp # tsilb tsilb 2489/udp # tsilb qip_qdhcp 2490/tcp # qip_qdhcp qip_qdhcp 2490/udp # qip_qdhcp conclave-cpp 2491/tcp # conclave cpp conclave-cpp 2491/udp # conclave cpp groove 2492/tcp # groove groove 2492/udp # groove talarian-mqs 2493/tcp # talarian mqs talarian-mqs 2493/udp # talarian mqs bmc-ar 2494/tcp # bmc ar bmc-ar 2494/udp # bmc ar fast-rem-serv 2495/tcp # fast remote services fast-rem-serv 2495/udp # fast remote services dirgis 2496/tcp # dirgis dirgis 2496/udp # dirgis quaddb 2497/tcp # quad db quaddb 2497/udp # quad db odn-castraq 2498/tcp # odn-castraq odn-castraq 2498/udp # odn-castraq unicontrol 2499/tcp # unicontrol unicontrol 2499/udp # unicontrol rtsserv 2500/tcp # resource tracking system server rtsserv 2500/udp # resource tracking system server rtsclient 2501/tcp # resource tracking system client rtsclient 2501/udp # resource tracking system client kentrox-prot 2502/tcp # kentrox protocol kentrox-prot 2502/udp # kentrox protocol nms-dpnss 2503/tcp # nms-dpnss nms-dpnss 2503/udp # nms-dpnss wlbs 2504/tcp # wlbs wlbs 2504/udp # wlbs torque-traffic 2505/tcp # torque-traffic torque-traffic 2505/udp # torque-traffic jbroker 2506/tcp # jbroker jbroker 2506/udp # jbroker spock 2507/tcp # spock spock 2507/udp # spock datastore 2508/tcp # datastore datastore 2508/udp # datastore fjmpss 2509/tcp # fjmpss fjmpss 2509/udp # fjmpss fjappmgrbulk 2510/tcp # fjappmgrbulk fjappmgrbulk 2510/udp # fjappmgrbulk metastorm 2511/tcp # metastorm metastorm 2511/udp # metastorm citrixima 2512/tcp # citrix ima citrixima 2512/udp # citrix ima citrixadmin 2513/tcp # citrix admin citrixadmin 2513/udp # citrix admin facsys-ntp 2514/tcp # facsys ntp facsys-ntp 2514/udp # facsys ntp facsys-router 2515/tcp # facsys router facsys-router 2515/udp # facsys router maincontrol 2516/tcp # main control maincontrol 2516/udp # main control call-sig-trans 2517/tcp # call signalling transport call-sig-trans 2517/udp # call signalling transport willy 2518/tcp # willy willy 2518/udp # willy globmsgsvc 2519/tcp # globmsgsvc globmsgsvc 2519/udp # globmsgsvc pvsw 2520/tcp # pvsw pvsw 2520/udp # pvsw adaptecmgr 2521/tcp # adaptec manager adaptecmgr 2521/udp # adaptec manager windb 2522/tcp # windb windb 2522/udp # windb qke-llc-v3 2523/tcp # qke llc v.3 qke-llc-v3 2523/udp # qke llc v.3 optiwave-lm 2524/tcp # optiwave license management optiwave-lm 2524/udp # optiwave license management ms-v-worlds 2525/tcp # ms v-worlds ms-v-worlds 2525/udp # ms v-worlds ema-sent-lm 2526/tcp # ema license manager ema-sent-lm 2526/udp # ema license manager iqserver 2527/tcp # iq server iqserver 2527/udp # iq server ncr_ccl 2528/tcp # ncr ccl ncr_ccl 2528/udp # ncr ccl utsftp 2529/tcp # uts ftp utsftp 2529/udp # uts ftp vrcommerce 2530/tcp # vr commerce vrcommerce 2530/udp # vr commerce ito-e-gui 2531/tcp # ito-e gui ito-e-gui 2531/udp # ito-e gui ovtopmd 2532/tcp # ovtopmd ovtopmd 2532/udp # ovtopmd snifferserver 2533/tcp # snifferserver snifferserver 2533/udp # snifferserver combox-web-acc 2534/tcp # combox web access combox-web-acc 2534/udp # combox web access mdhcp 2535/tcp # mdhcp mdhcp 2535/udp # mdhcp btpp2audctr1 2536/tcp # btpp2audctr1 btpp2audctr1 2536/udp # btpp2audctr1 upgrade 2537/tcp # upgrade protocol upgrade 2537/udp # upgrade protocol vnwk-prapi 2538/tcp # vnwk-prapi vnwk-prapi 2538/udp # vnwk-prapi vsiadmin 2539/tcp # vsi admin vsiadmin 2539/udp # vsi admin lonworks 2540/tcp # lonworks lonworks 2540/udp # lonworks lonworks2 2541/tcp # lonworks2 lonworks2 2541/udp # lonworks2 davinci 2542/tcp # davinci davinci 2542/udp # davinci reftek 2543/tcp # reftek reftek 2543/udp # reftek novell-zen 2544/tcp # novell zen sis-emt 2545/tcp # sis-emt sis-emt 2545/udp # sis-emt vytalvaultbrtp 2546/tcp # vytalvaultbrtp vytalvaultbrtp 2546/udp # vytalvaultbrtp vytalvaultvsmp 2547/tcp # vytalvaultvsmp vytalvaultvsmp 2547/udp # vytalvaultvsmp vytalvaultpipe 2548/tcp # vytalvaultpipe vytalvaultpipe 2548/udp # vytalvaultpipe ipass 2549/tcp # ipass ipass 2549/udp # ipass ads 2550/tcp # ads ads 2550/udp # ads isg-uda-server 2551/tcp # isg uda server isg-uda-server 2551/udp # isg uda server call-logging 2552/tcp # call logging call-logging 2552/udp # call logging efidiningport 2553/tcp # efidiningport efidiningport 2553/udp # efidiningport vcnet-link-v10 2554/tcp # vcnet-link v10 vcnet-link-v10 2554/udp # vcnet-link v10 compaq-wcp 2555/tcp # compaq wcp compaq-wcp 2555/udp # compaq wcp nicetec-nmsvc 2556/tcp # nicetec-nmsvc nicetec-nmsvc 2556/udp # nicetec-nmsvc nicetec-mgmt 2557/tcp # nicetec-mgmt nicetec-mgmt 2557/udp # nicetec-mgmt pclemultimedia 2558/tcp # pcle multi media pclemultimedia 2558/udp # pcle multi media lstp 2559/tcp # lstp lstp 2559/udp # lstp labrat 2560/tcp # labrat labrat 2560/udp # labrat mosaixcc 2561/tcp # mosaixcc mosaixcc 2561/udp # mosaixcc delibo 2562/tcp # delibo delibo 2562/udp # delibo cti-redwood 2563/tcp # cti redwood cti-redwood 2563/udp # cti redwood hp-3000-telnet 2564/tcp # hp 3000 ns/vt block mode telnet coord-svr 2565/tcp # coordinator server coord-svr 2565/udp # coordinator server pcs-pcw 2566/tcp # pcs-pcw pcs-pcw 2566/udp # pcs-pcw clp 2567/tcp # cisco line protocol clp 2567/udp # cisco line protocol spamtrap 2568/tcp # spam trap spamtrap 2568/udp # spam trap sonuscallsig 2569/tcp # sonus call signal sonuscallsig 2569/udp # sonus call signal hs-port 2570/tcp # hs port hs-port 2570/udp # hs port cecsvc 2571/tcp # cecsvc cecsvc 2571/udp # cecsvc ibp 2572/tcp # ibp ibp 2572/udp # ibp trustestablish 2573/tcp # trust establish trustestablish 2573/udp # trust establish blockade-bpsp 2574/tcp # blockade bpsp blockade-bpsp 2574/udp # blockade bpsp hl7 2575/tcp # hl7 hl7 2575/udp # hl7 tclprodebugger 2576/tcp # tcl pro debugger tclprodebugger 2576/udp # tcl pro debugger scipticslsrvr 2577/tcp # scriptics lsrvr scipticslsrvr 2577/udp # scriptics lsrvr rvs-isdn-dcp 2578/tcp # rvs isdn dcp rvs-isdn-dcp 2578/udp # rvs isdn dcp mpfoncl 2579/tcp # mpfoncl mpfoncl 2579/udp # mpfoncl tributary 2580/tcp # tributay, tributary argis-te 2581/tcp # argis te argis-te 2581/udp # argis te argis-ds 2582/tcp # argis ds argis-ds 2582/udp # argis ds mon 2583/tcp # mon mon 2583/udp # mon netrek 2592/tcp # netrek netrek 2592/udp # netrek mns-mail 2593/tcp # mns mail notice service mns-mail 2593/udp # mns mail notice service dts 2594/tcp # data base server dts 2594/udp # data base server zebrasrv 2600/tcp # zebra service zebra 2601/tcp # zebra vty ripd 2602/tcp # ripd vty ripngd 2603/tcp # ripngd vty ospfd 2604/tcp # ospfd vty bgpd 2605/tcp # bgpd vty webster 2627/tcp # network dictionary webster 2627/udp dict 2628/tcp # dict dict 2628/udp # dict sitaraserver 2629/tcp # sitara server sitaraserver 2629/udp # sitara server sitaramgmt 2630/tcp # sitara management sitaramgmt 2630/udp # sitara management sitaradir 2631/tcp # sitara dir sitaradir 2631/udp # sitara dir irdg-post 2632/tcp # irdg post irdg-post 2632/udp # irdg post interintelli 2633/tcp # interintelli interintelli 2633/udp # interintelli pk-electronics 2634/tcp # pk electronics pk-electronics 2634/udp # pk electronics backburner 2635/tcp # back burner backburner 2635/udp # back burner solve 2636/tcp # solve solve 2636/udp # solve imdocsvc 2637/tcp # import document service imdocsvc 2637/udp # import document service sybaseanywhere 2638/tcp # sybase anywhere sybaseanywhere 2638/udp # sybase anywhere aminet 2639/tcp # aminet aminet 2639/udp # aminet sai_sentlm 2640/tcp # sabbagh associates licence manager sai_sentlm 2640/udp # sabbagh associates licence manager hdl-srv 2641/tcp # hdl server hdl-srv 2641/udp # hdl server tragic 2642/tcp # tragic tragic 2642/udp # tragic gte-samp 2643/tcp # gte-samp gte-samp 2643/udp # gte-samp travsoft-ipx-t 2644/tcp # travsoft ipx tunnel travsoft-ipx-t 2644/udp # travsoft ipx tunnel novell-ipx-cmd 2645/tcp # novell ipx cmd novell-ipx-cmd 2645/udp # novell ipx cmd and-lm 2646/tcp # and licence manager and-lm 2646/udp # and license manager syncserver 2647/tcp # syncserver syncserver 2647/udp # syncserver upsnotifyprot 2648/tcp # upsnotifyprot upsnotifyprot 2648/udp # upsnotifyprot vpsipport 2649/tcp # vpsipport vpsipport 2649/udp # vpsipport eristwoguns 2650/tcp # eristwoguns eristwoguns 2650/udp # eristwoguns ebinsite 2651/tcp # ebinsite ebinsite 2651/udp # ebinsite interpathpanel 2652/tcp # interpathpanel interpathpanel 2652/udp # interpathpanel sonus 2653/tcp # sonus sonus 2653/udp # sonus corel_vncadmin 2654/tcp # corel vnc admin corel_vncadmin 2654/udp # corel vnc admin unglue 2655/tcp # unix nt glue unglue 2655/udp # unix nt glue kana 2656/tcp # kana kana 2656/udp # kana sns-dispatcher 2657/tcp # sns dispatcher sns-dispatcher 2657/udp # sns dispatcher sns-admin 2658/tcp # sns admin sns-admin 2658/udp # sns admin sns-query 2659/tcp # sns query sns-query 2659/udp # sns query gcmonitor 2660/tcp # gc monitor gcmonitor 2660/udp # gc monitor olhost 2661/tcp # olhost olhost 2661/udp # olhost bintec-capi 2662/tcp # bintec-capi bintec-capi 2662/udp # bintec-capi bintec-tapi 2663/tcp # bintec-tapi bintec-tapi 2663/udp # bintec-tapi command-mq-gm 2664/tcp # command mq gm command-mq-gm 2664/udp # command mq gm command-mq-pm 2665/tcp # command mq pm command-mq-pm 2665/udp # command mq pm extensis 2666/tcp # extensis extensis 2666/udp # extensis alarm-clock-s 2667/tcp # alarm clock server alarm-clock-s 2667/udp # alarm clock server alarm-clock-c 2668/tcp # alarm clock client alarm-clock-c 2668/udp # alarm clock client toad 2669/tcp # toad toad 2669/udp # toad tve-announce 2670/tcp # tve announce tve-announce 2670/udp # tve announce newlixreg 2671/tcp # newlixreg newlixreg 2671/udp # newlixreg nhserver 2672/tcp # nhserver nhserver 2672/udp # nhserver firstcall42 2673/tcp # first call 42 firstcall42 2673/udp # first call 42 ewnn 2674/tcp # ewnn ewnn 2674/udp # ewnn ttc-etap 2675/tcp # ttc etap ttc-etap 2675/udp # ttc etap simslink 2676/tcp # simslink simslink 2676/udp # simslink gadgetgate1way 2677/tcp # gadget gate 1 way gadgetgate1way 2677/udp # gadget gate 1 way gadgetgate2way 2678/tcp # gadget gate 2 way gadgetgate2way 2678/udp # gadget gate 2 way syncserverssl 2679/tcp # sync server ssl syncserverssl 2679/udp # sync server ssl pxc-sapxom 2680/tcp # pxc-sapxom pxc-sapxom 2680/udp # pxc-sapxom mpnjsomb 2681/tcp # mpnjsomb mpnjsomb 2681/udp # mpnjsomb srsp 2682/tcp # srsp srsp 2682/udp # srsp ncdloadbalance 2683/tcp # ncdloadbalance ncdloadbalance 2683/udp # ncdloadbalance mpnjsosv 2684/tcp # mpnjsosv mpnjsosv 2684/udp # mpnjsosv mpnjsocl 2685/tcp # mpnjsocl mpnjsocl 2685/udp # mpnjsocl mpnjsomg 2686/tcp # mpnjsomg mpnjsomg 2686/udp # mpnjsomg pq-lic-mgmt 2687/tcp # pq-lic-mgmt pq-lic-mgmt 2687/udp # pq-lic-mgmt tqdata 2700/tcp # tqdata tqdata 2700/udp # tqdata listen 2766/tcp # system v listener port www-dev 2784/tcp # world wide web - development www-dev 2784/udp # world wide web - development aic-np 2785/tcp # aic-np aic-np 2785/udp # aic-np aic-oncrpc 2786/tcp # aic-oncrpc - destiny mcd database aic-oncrpc 2786/udp # aic-oncrpc - destiny mcd database piccolo 2787/tcp # piccolo - cornerstone software piccolo 2787/udp # piccolo - cornerstone software fryeserv 2788/tcp # netware loadable module - seagate software fryeserv 2788/udp # netware loadable module - seagate software media-agent 2789/tcp # media agent media-agent 2789/udp # media agent itm-lm 2828/tcp # itm license manager itm-lm 2828/udp # itm license manager mao 2908/tcp # mao mao 2908/udp # mao funk-dialout 2909/tcp # funk dialout funk-dialout 2909/udp # funk dialout tdaccess 2910/tcp # tdaccess tdaccess 2910/udp # tdaccess blockade 2911/tcp # blockade blockade 2911/udp # blockade epicon 2912/tcp # epicon epicon 2912/udp # epicon boosterware 2913/tcp # booster ware boosterware 2913/udp # booster ware gamelobby 2914/tcp # game lobby gamelobby 2914/udp # game lobby tksocket 2915/tcp # tk socket tksocket 2915/udp # tk socket elvin_server 2916/tcp # elvin server elvin_server 2916/ucp # elvin server elvin_client 2917/tcp # elvin client elvin_client 2917/udp # elvin client kastenchasepad 2918/tcp # kasten chase pad kastenchasepad 2918/udp # kasten chase pad netclip 2971/tcp # net clip netclip 2971/udp # net clip pmsm-webrctl 2972/tcp # pmsm webrctl pmsm-webrctl 2972/udp # pmsm webrctl svnetworks 2973/tcp # sv networks svnetworks 2973/udp # sv networks signal 2974/tcp # signal signal 2974/udp # signal fjmpcm 2975/tcp # fujitsu configuration management service fjmpcm 2975/udp # fujitsu configuration management service realsecure 2998/tcp # real secure realsecure 2998/udp # real secure remoteware-un 2999/tcp # remoteware unassigned remoteware-un 2999/udp # remoteware unassigned hbci 3000/tcp ppp remoteware-cl # user-level ppp daemon, remoteware client, hbci hbci 3000/udp remoteware-cl # remoteware client, hbci redwood-broker 3001/tcp # redwood broker redwood-broker 3001/udp # redwood broker exlm-agent 3002/tcp remoteware-srv # remoteware server, exlm agent exlm-agent 3002/udp remoteware-srv # remoteware server, exlm agent cgms 3003/tcp # cgms cgms 3003/udp # cgms csoftragent 3004/tcp # csoft agent csoftragent 3004/udp # csoft agent geniuslm 3005/tcp deslogin # genius license manager, encrypted symmetric telnet/login geniuslm 3005/udp # genius license manager ii-admin 3006/tcp deslogind # instant internet admin ii-admin 3006/udp # instant internet admin lotusmtap 3007/tcp # lotus mail tracking agent protocol lotusmtap 3007/udp # lotus mail tracking agent protocol midnight-tech 3008/tcp # midnight technologies midnight-tech 3008/udp # midnight technologies pxc-ntfy 3009/tcp # pxc-ntfy pxc-ntfy 3009/udp # pxc-ntfy gw 3010/tcp # telerate workstation ping-pong 3010/udp # telerate workstation trusted-web 3011/tcp # trusted web trusted-web 3011/udp # trusted web twsdss 3012/tcp # trusted web client twsdss 3012/udp # trusted web client gilatskysurfer 3013/tcp # gilat sky surfer gilatskysurfer 3013/udp # gilat sky surfer broker_service 3014/tcp # broker service broker_service 3014/udp # broker service nati-dstp 3015/tcp # nati dstp nati-dstp 3015/udp # nati dstp notify_srvr 3016/tcp # notify server notify_srvr 3016/udp # notify server event_listener 3017/tcp # event listener event_listener 3017/udp # event listener srvc_registry 3018/tcp # service registry srvc_registry 3018/udp # service registry resource_mgr 3019/tcp # resource manager resource_mgr 3019/udp # resource manager cifs 3020/tcp # cifs cifs 3020/udp # cifs agriserver 3021/tcp # agri server agriserver 3021/udp # agri server csregagent 3022/tcp # csregagent csregagent 3022/udp # csregagent magicnotes 3023/tcp # magicnotes magicnotes 3023/udp # magicnotes nds_sso 3024/tcp # nds_sso nds_sso 3024/udp # nds_sso arepa-raft 3025/tcp # arepa raft arepa-raft 3025/udp # arepa raft agri-gateway 3026/tcp # agri gateway agri-gateway 3026/udp # agri gateway LiebDevMgmt_C 3027/tcp # liebdevmgmt_c LiebDevMgmt_C 3027/udp # liebdevmgmt_c LiebDevMgmt_DM 3028/tcp # liebdevmgmt_dm LiebDevMgmt_DM 3028/udp # liebdevmgmt_dm LiebDevMgmt_A 3029/tcp # liebdevmgmt_a LiebDevMgmt_A 3029/udp # liebdevmgmt_a arepa-cas 3030/tcp # arepa cas arepa-cas 3030/udp # arepa cas hlserver 3047/tcp # fast security hl server hlserver 3047/udp # fast security hl server pctrader 3048/tcp # sierra net pc trader pctrader 3048/udp # sierra net pc trader nsws 3049/tcp NSWS cfs # cryptographic file system (nfs) (proposed), nsws nsws 3049/udp NSWS cfs # nsws, cryptographic file system (nfs) gds_db 3050/tcp # gds_db gds_db 3050/udp # gds_db interserver 3060/tcp # interserver interserver 3060/udp # interserver stm_pproc 3080/tcp # stm_pproc stm_pproc 3080/udp # stm_pproc sj3 3086/tcp # sj3 (kanji input) cardbox 3105/tcp # cardbox cardbox 3105/udp # cardbox cardbox-http 3106/tcp # cardbox http cardbox-http 3106/udp # cardbox http squid-http 3128/tcp icpv2 3130/tcp # icpv2 icpv2 3130/udp squid-ipc # icpv2 netbookmark 3131/tcp # net book mark netbookmark 3131/udp # net book mark vmodem 3141/tcp # vmodem vmodem 3141/udp # vmodem rdc-wh-eos 3142/tcp # rdc wh eos rdc-wh-eos 3142/udp # rdc wh eos seaview 3143/tcp # sea view seaview 3143/udp # sea view tarantella 3144/tcp # tarantella tarantella 3144/udp # tarantella csi-lfap 3145/tcp # csi-lfap csi-lfap 3145/udp # csi-lfap rfio 3147/tcp # rfio rfio 3147/udp # rfio nm-game-admin 3148/tcp # netmike game administrator nm-game-admin 3148/udp # netmike game administrator nm-game-server 3149/tcp # netmike game server nm-game-server 3149/udp # netmike game server nm-asses-admin 3150/tcp # netmike assessor administrator nm-asses-admin 3150/udp # netmike assessor administrator nm-assessor 3151/tcp # netmike assessor nm-assessor 3151/udp # netmike assessor mc-brk-srv 3180/tcp # millicent broker server mc-brk-srv 3180/udp # millicent broker server ccmail 3264/tcp # cc:mail/lotus ccmail 3264/udp # cc:mail/lotus altav-tunnel 3265/tcp # altav tunnel altav-tunnel 3265/udp # altav tunnel ns-cfg-server 3266/tcp # ns cfg server ns-cfg-server 3266/udp # ns cfg server ibm-dial-out 3267/tcp # ibm dial out ibm-dial-out 3267/udp # ibm dial out msft-gc 3268/tcp # microsoft global catalog msft-gc 3268/udp # microsoft global catalog msft-gc-ssl 3269/tcp # microsoft global catalog with ldap/ssl msft-gc-ssl 3269/udp # microsoft global catalog with ldap/ssl verismart 3270/tcp # verismart verismart 3270/udp # verismart csoft-prev 3271/tcp # csoft prev port csoft-prev 3271/udp # csoft prev port user-manager 3272/tcp # fujitsu user manager user-manager 3272/udp # fujitsu user manager sxmp 3273/tcp # simple extensible multiplexed protocol sxmp 3273/udp # simple extensible multiplexed protocol ordinox-server 3274/tcp # ordinox server ordinox-server 3274/udp # ordinox server samd 3275/tcp # samd samd 3275/udp # samd maxim-asics 3276/tcp # maxim asics maxim-asics 3276/udp # maxim asics awg-proxy 3277/tcp # awg proxy awg-proxy 3277/udp # awg proxy lkcmserver 3278/tcp # lkcm server lkcmserver 3278/udp # lkcm server admind 3279/tcp # admind admind 3279/udp # admind vs-server 3280/tcp # vs server vs-server 3280/udp # vs server sysopt 3281/tcp # sysopt sysopt 3281/udp # sysopt datusorb 3282/tcp # datusorb datusorb 3282/udp # datusorb net-assistant 3283/tcp # net assistant net-assistant 3283/udp # net assistant 4talk 3284/tcp # 4talk 4talk 3284/udp # 4talk plato 3285/tcp # plato plato 3285/udp # plato e-net 3286/tcp # e-net e-net 3286/udp # e-net directvdata 3287/tcp # directvdata directvdata 3287/udp # directvdata cops 3288/tcp # cops cops 3288/udp # cops enpc 3289/tcp # enpc enpc 3289/udp # enpc caps-lm 3290/tcp # caps logistics toolkit - lm caps-lm 3290/udp # caps logistics toolkit - lm sah-lm 3291/tcp # s a holditch & associates - lm sah-lm 3291/udp # s a holditch & associates - lm cart-o-rama 3292/tcp # cart o rama cart-o-rama 3292/udp # cart o rama fg-fps 3293/tcp # fg-fps fg-fps 3293/udp # fg-fps fg-gip 3294/tcp # fg-gip fg-gip 3294/udp # fg-gip dyniplookup 3295/tcp # dynamic ip lookup dyniplookup 3295/udp # dynamic ip lookup rib-slm 3296/tcp # rib license manager rib-slm 3296/udp # rib license manager cytel-lm 3297/tcp # cytel license manager cytel-lm 3297/udp # cytel license manager transview 3298/tcp # transview transview 3298/udp # transview pdrncs 3299/tcp # pdrncs pdrncs 3299/udp # pdrncs bmcpatrolagent 3300/tcp # bmc patrol agent bmcpatrolagent 3300/udp # bmc patrol agent bmcpatrolrnvu 3301/tcp # bmc patrol rendezvous bmcpatrolrnvu 3301/udp # bmc patrol rendezvous mcs-fastmail 3302/tcp # mcs fastmail mcs-fastmail 3302/udp # mcs fastmail opsession-clnt 3303/tcp # op session client opsession-clnt 3303/udp # op session client opsession-srvr 3304/tcp # op session server opsession-srvr 3304/udp # op session server odette-ftp 3305/tcp # odette-ftp odette-ftp 3305/udp # odette-ftp mysql 3306/tcp # mysql mysql 3306/udp # mysql opsession-prxy 3307/tcp # op session proxy opsession-prxy 3307/udp # op session proxy tns-server 3308/tcp # tns server tns-server 3308/udp # tns server tns-adv 3309/tcp # tns adv tns-adv 3309/udp # tnd adv dyna-access 3310/tcp # dyna access dyna-access 3310/udp # dyna access mcns-tel-ret 3311/tcp # mcns tel ret mcns-tel-ret 3311/udp # mcns tel ret appman-server 3312/tcp # application management server appman-server 3312/udp # application management server uorb 3313/tcp # unify object broker uorb 3313/udp # unify object broker uohost 3314/tcp # unify object host uohost 3314/udp # unify object host cdid 3315/tcp # cdid cdid 3315/udp # cdid aicc-cmi 3316/tcp # aicc/cmi aicc-cmi 3316/udp # aicc/cmi vsaiport 3317/tcp # vsai port vsaiport 3317/udp # vsai port ssrip 3318/tcp # swith to swith routing information protocol ssrip 3318/udp # swith to swith routing information protocol sdt-lmd 3319/tcp # sdt license manager sdt-lmd 3319/udp # sdt license manager officelink2000 3320/tcp # office link 2000 officelink2000 3320/udp # office link 2000 vnsstr 3321/tcp # vnsstr vnsstr 3321/udp # vnsstr active-net 3322/ # active networks active-net 3323/ # active networks active-net 3324/ # active networks active-net 3325/ # active networks sftu 3326/tcp # sftu sftu 3326/udp # sftu bbars 3327/tcp # bbars bbars 3327/udp # bbars egptlm 3328/tcp # eaglepoint license manager egptlm 3328/udp # eaglepoint license manager hp-device-disc 3329/tcp # hp device disc hp-device-disc 3329/udp # hp device disc mcs-calypsoicf 3330/tcp # mcs calypso icf mcs-calypsoicf 3330/udp # mcs calypso icf mcs-messaging 3331/tcp # mcs messaging mcs-messaging 3331/udp # mcs messaging mcs-mailsvr 3332/tcp # mcs mail server mcs-mailsvr 3332/udp # mcs mail server dec-notes 3333/tcp # dec notes dec-notes 3333/udp # dec notes directv-web 3334/tcp # direct tv webcasting directv-web 3334/udp # direct tv webcasting directv-soft 3335/tcp # direct tv software updates directv-soft 3335/udp # direct tv software updates directv-tick 3336/tcp # direct tv tickers directv-tick 3336/udp # direct tv tickers directv-catlg 3337/tcp # direct tv data catalog directv-catlg 3337/udp # direct tv data catalog anet-b 3338/tcp # omf data b anet-b 3338/udp # omf data b anet-l 3339/tcp # omf data l anet-l 3339/udp # omf data l anet-m 3340/tcp # omf data m anet-m 3340/udp # omf data m anet-h 3341/tcp # omf data h anet-h 3341/udp # omf data h webtie 3342/tcp # webtie webtie 3342/udp # webtie ms-cluster-net 3343/tcp # ms cluster net ms-cluster-net 3343/udp # ms cluster net bnt-manager 3344/tcp # bnt manager bnt-manager 3344/udp # bnt manager influence 3345/tcp # influence influence 3345/udp # influence trnsprntproxy 3346/tcp # trnsprnt proxy trnsprntproxy 3346/udp # trnsprnt proxy phoenix-rpc 3347/tcp # phoenix rpc phoenix-rpc 3347/udp # phoenix rpc pangolin-laser 3348/tcp # pangolin laser pangolin-laser 3348/udp # pangolin laser chevinservices 3349/tcp # chevin services chevinservices 3349/udp # chevin services findviatv 3350/tcp # findviatv findviatv 3350/udp # findviatv btrieve 3351/tcp # btrieve btrieve 3351/udp # btrieve ssql 3352/tcp # ssql ssql 3352/udp # ssql fatpipe 3353/tcp # fatpipe fatpipe 3353/udp # fatpipe suitjd 3354/tcp # suitjd suitjd 3354/udp # suitjd ordinox-dbase 3355/tcp # ordinox dbase ordinox-dbase 3355/udp # ordinox dbase upnotifyps 3356/tcp # upnotifyps upnotifyps 3356/udp # upnotifyps adtech-test 3357/tcp # adtech test ip adtech-test 3357/udp # adtech test ip mpsysrmsvr 3358/tcp # mp sys rmsvr mpsysrmsvr 3358/udp # mp sys rmsvr wg-netforce 3359/tcp # wg netforce wg-netforce 3359/udp # wg netforce kv-server 3360/tcp # kv server kv-server 3360/udp # kv server kv-agent 3361/tcp # kv agent kv-agent 3361/udp # kv agent dj-ilm 3362/tcp # dj ilm dj-ilm 3362/udp # dj ilm nati-vi-server 3363/tcp # nati vi server nati-vi-server 3363/udp # nati vi server creativeserver 3364/tcp # creative server creativeserver 3364/udp # creative server contentserver 3365/tcp # content server contentserver 3365/udp # content server creativepartnr 3366/tcp # creative partner creativepartnr 3366/udp # creative partner satvid-datalnk 3367/ # satellite video data link satvid-datalnk 3368/ # satellite video data link satvid-datalnk 3369/ # satellite video data link satvid-datalnk 3370/ # satellite video data link satvid-datalnk 3371/ # satellite video data link tip2 3372/tcp # tip 2 tip2 3372/udp # tip 2 lavenir-lm 3373/tcp # lavenir license manager lavenir-lm 3373/udp # lavenir license manager cluster-disc 3374/tcp # cluster disc cluster-disc 3374/udp # cluster disc vsnm-agent 3375/tcp # vsnm agent vsnm-agent 3375/udp # vsnm agent cdborker 3376/tcp # cd broker cdbroker 3376/udp # cd broker cogsys-lm 3377/tcp # cogsys network license manager cogsys-lm 3377/udp # cogsys network license manager wsicopy 3378/tcp # wsicopy wsicopy 3378/udp # wsicopy socorfs 3379/tcp # socorfs socorfs 3379/udp # socorfs sns-channels 3380/tcp # sns channels sns-channels 3380/udp # sns channels geneous 3381/tcp # geneous geneous 3381/udp # geneous fujitsu-neat 3382/tcp # fujitsu network enhanced antitheft function fujitsu-neat 3382/udp # fujitsu network enhanced antitheft function esp-lm 3383/tcp # enterprise software products license manager esp-lm 3383/udp # enterprise software products license manager hp-clic 3384/tcp # cluster management services hp-clic 3384/udp # hardware management qnxnetman 3385/tcp # qnxnetman qnxnetman 3385/udp # qnxnetman gprs-data 3386/tcp # gprs data gprs-sig 3386/udp # gprs sig backroomnet 3387/tcp # back room net backroomnet 3387/udp # back room net cbserver 3388/tcp # cb server cbserver 3388/udp # cb server ms-wbt-server 3389/tcp # ms wbt server ms-wbt-server 3389/udp # ms wbt server dsc 3390/tcp # distributed service coordinator dsc 3390/udp # distributed service coordinator savant 3391/tcp # savant savant 3391/udp # savant efi-lm 3392/tcp # efi license management efi-lm 3392/udp # efi license management d2k-tapestry1 3393/tcp # d2k tapestry client to server d2k-tapestry1 3393/udp # d2k tapestry client to server d2k-tapestry2 3394/tcp # d2k tapestry server to server d2k-tapestry2 3394/udp # d2k tapestry server to server dyna-lm 3395/tcp # dyna license manager (elam) dyna-lm 3395/udp # dyna license manager (elam) printer_agent 3396/tcp # printer agent printer_agent 3396/udp # printer agent cloanto-lm 3397/tcp # cloanto license manager cloanto-lm 3397/udp # cloanto license manager mercantile 3398/tcp # mercantile mercantile 3398/udp # mercantile bmap 3421/tcp # bull apprise portmapper bmap 3421/udp # bull apprise portmapper mira 3454/tcp # apple remote access protocol prsvp 3455/tcp # rsvp port prsvp 3455/udp rsvp-encap # rsvp port, rsvp encapsulated in udp vat 3456/tcp # vat default data vat 3456/udp # vat default data vat-control 3457/tcp # vat default control vat-control 3457/udp # vat default control d3winosfi 3458/tcp # d3winosfi d3winosfi 3458/udp # dswinosfi integral 3459/tcp # integral integral 3459/udp # integral edm-manager 3460/tcp # edm manger edm-manager 3460/udp # edm manger edm-stager 3461/tcp # edm stager edm-stager 3461/udp # edm stager edm-std-notify 3462/tcp track # edm std notify, software distribution edm-std-notify 3462/udp # edm std notify edm-adm-notify 3463/tcp # edm adm notify edm-adm-notify 3463/udp # edm adm notify edm-mgr-sync 3464/tcp # edm mgr sync edm-mgr-sync 3464/udp # edm mgr sync edm-mgr-cntrl 3465/tcp # edm mgr cntrl edm-mgr-cntrl 3465/udp # edm mgr cntrl workflow 3466/tcp # workflow workflow 3466/udp # workflow rcst 3467/tcp # rcst rcst 3467/udp # rcst ttcmremotectrl 3468/tcp # ttcm remote controll ttcmremotectrl 3468/udp # ttcm remote controll pluribus 3469/tcp # pluribus pluribus 3469/udp # pluribus jt400 3470/tcp # jt400 jt400 3470/udp # jt400 jt400-ssl 3471/tcp # jt400-ssl jt400-ssl 3471/udp # jt400-ssl watcomdebug 3563/tcp # watcom debug watcomdebug 3563/udp # watcom debug harlequinorb 3672/tcp # harlequinorb harlequinorb 3672/udp # harlequinorb udt_os 3900/tcp # unidata udt os udt_os 3900/udp # unidata udt os mapper-nodemgr 3984/tcp # mapper network node manager mapper-nodemgr 3984/udp # mapper network node manager mapper-mapethd 3985/tcp # mapper tcp/ip server mapper-mapethd 3985/udp # mapper tcp/ip server mapper-ws_ethd 3986/tcp # mapper workstation server mapper-ws_ethd 3986/udp # mapper workstation server centerline 3987/tcp # centerline centerline 3987/udp # centerline terabase 4000/tcp # terabase terabase 4000/udp # terabase newoak 4001/tcp # newoak newoak 4001/udp # newoak netcheque 4008/tcp # netcheque accounting netcheque 4008/udp # netcheque accounting chimera-hwm 4009/tcp # chimera hwm chimera-hwm 4009/udp # chimera hwm samsung-unidex 4010/tcp # samsung unidex samsung-unidex 4010/udp # samsung unidex altserviceboot 4011/tcp # alternate service boot altserviceboot 4011/udp # alternate service boot pda-gate 4012/tcp # pda gate pda-gate 4012/udp # pda gate acl-manager 4013/tcp # acl manager acl-manager 4013/udp # acl manager taiclock 4014/tcp # taiclock taiclock 4014/udp # taiclock talarian-mcast1 4015/tcp # talarian mcast talarian-mcast1 4015/udp # talarian mcast talarian-mcast2 4016/tcp # talarian mcast talarian-mcast2 4016/udp # talarian mcast talarian-mcast3 4017/tcp # talarian mcast talarian-mcast3 4017/udp # talarian mcast talarian-mcast4 4018/tcp # talarian mcast talarian-mcast4 4018/udp # talarian mcast talarian-mcast5 4019/tcp # talarian mcast talarian-mcast5 4019/udp # talarian mcast lockd 4045/tcp lockd 4045/udp # nfs lock daemon/manager bre 4096/tcp # bre (bridge relay element) bre 4096/udp # bre (bridge relay element) patrolview 4097/tcp # patrol view patrolview 4097/udp # patrol view drmsfsd 4098/tcp # drmsfsd drmsfsd 4098/udp # drmsfsd dpcp 4099/tcp # dpcp dpcp 4099/udp # dpcp nuts_dem 4132/tcp # nuts daemon nuts_dem 4132/udp # nuts daemon nuts_bootp 4133/tcp # nuts bootp server nuts_bootp 4133/udp # nuts bootp server nifty-hmi 4134/tcp # nifty-serve hmi protocol nifty-hmi 4134/udp # nifty-serve hmi protocol oirtgsvc 4141/tcp # workflow server oirtgsvc 4141/udp # workflow server oidocsvc 4142/tcp # document server oidocsvc 4142/udp # document server oidsr 4143/tcp # document replication oidsr 4143/udp # document replication wincim 4144/tcp # pc windows compuserve.com protocol jini-discovery 4160/tcp # jini discovery jini-discovery 4160/udp # jini discovery vrml-multi-use 4200/ # vrml multi user systems vrml-multi-use 4201/ # vrml multi user systems vrml-multi-use 4202/ # vrml multi user systems vrml-multi-use 4203/ # vrml multi user systems vrml-multi-use 4204/ # vrml multi user systems vrml-multi-use 4205/ # vrml multi user systems vrml-multi-use 4206/ # vrml multi user systems vrml-multi-use 4207/ # vrml multi user systems vrml-multi-use 4208/ # vrml multi user systems vrml-multi-use 4209/ # vrml multi user systems vrml-multi-use 4210/ # vrml multi user systems vrml-multi-use 4211/ # vrml multi user systems vrml-multi-use 4212/ # vrml multi user systems vrml-multi-use 4213/ # vrml multi user systems vrml-multi-use 4214/ # vrml multi user systems vrml-multi-use 4215/ # vrml multi user systems vrml-multi-use 4216/ # vrml multi user systems vrml-multi-use 4217/ # vrml multi user systems vrml-multi-use 4218/ # vrml multi user systems vrml-multi-use 4219/ # vrml multi user systems vrml-multi-use 4220/ # vrml multi user systems vrml-multi-use 4221/ # vrml multi user systems vrml-multi-use 4222/ # vrml multi user systems vrml-multi-use 4223/ # vrml multi user systems vrml-multi-use 4224/ # vrml multi user systems vrml-multi-use 4225/ # vrml multi user systems vrml-multi-use 4226/ # vrml multi user systems vrml-multi-use 4227/ # vrml multi user systems vrml-multi-use 4228/ # vrml multi user systems vrml-multi-use 4229/ # vrml multi user systems vrml-multi-use 4230/ # vrml multi user systems vrml-multi-use 4231/ # vrml multi user systems vrml-multi-use 4232/ # vrml multi user systems vrml-multi-use 4233/ # vrml multi user systems vrml-multi-use 4234/ # vrml multi user systems vrml-multi-use 4235/ # vrml multi user systems vrml-multi-use 4236/ # vrml multi user systems vrml-multi-use 4237/ # vrml multi user systems vrml-multi-use 4238/ # vrml multi user systems vrml-multi-use 4239/ # vrml multi user systems vrml-multi-use 4240/ # vrml multi user systems vrml-multi-use 4241/ # vrml multi user systems vrml-multi-use 4242/ # vrml multi user systems vrml-multi-use 4243/ # vrml multi user systems vrml-multi-use 4244/ # vrml multi user systems vrml-multi-use 4245/ # vrml multi user systems vrml-multi-use 4246/ # vrml multi user systems vrml-multi-use 4247/ # vrml multi user systems vrml-multi-use 4248/ # vrml multi user systems vrml-multi-use 4249/ # vrml multi user systems vrml-multi-use 4250/ # vrml multi user systems vrml-multi-use 4251/ # vrml multi user systems vrml-multi-use 4252/ # vrml multi user systems vrml-multi-use 4253/ # vrml multi user systems vrml-multi-use 4254/ # vrml multi user systems vrml-multi-use 4255/ # vrml multi user systems vrml-multi-use 4256/ # vrml multi user systems vrml-multi-use 4257/ # vrml multi user systems vrml-multi-use 4258/ # vrml multi user systems vrml-multi-use 4259/ # vrml multi user systems vrml-multi-use 4260/ # vrml multi user systems vrml-multi-use 4261/ # vrml multi user systems vrml-multi-use 4262/ # vrml multi user systems vrml-multi-use 4263/ # vrml multi user systems vrml-multi-use 4264/ # vrml multi user systems vrml-multi-use 4265/ # vrml multi user systems vrml-multi-use 4266/ # vrml multi user systems vrml-multi-use 4267/ # vrml multi user systems vrml-multi-use 4268/ # vrml multi user systems vrml-multi-use 4269/ # vrml multi user systems vrml-multi-use 4270/ # vrml multi user systems vrml-multi-use 4271/ # vrml multi user systems vrml-multi-use 4272/ # vrml multi user systems vrml-multi-use 4273/ # vrml multi user systems vrml-multi-use 4274/ # vrml multi user systems vrml-multi-use 4275/ # vrml multi user systems vrml-multi-use 4276/ # vrml multi user systems vrml-multi-use 4277/ # vrml multi user systems vrml-multi-use 4278/ # vrml multi user systems vrml-multi-use 4279/ # vrml multi user systems vrml-multi-use 4280/ # vrml multi user systems vrml-multi-use 4281/ # vrml multi user systems vrml-multi-use 4282/ # vrml multi user systems vrml-multi-use 4283/ # vrml multi user systems vrml-multi-use 4284/ # vrml multi user systems vrml-multi-use 4285/ # vrml multi user systems vrml-multi-use 4286/ # vrml multi user systems vrml-multi-use 4287/ # vrml multi user systems vrml-multi-use 4288/ # vrml multi user systems vrml-multi-use 4289/ # vrml multi user systems vrml-multi-use 4290/ # vrml multi user systems vrml-multi-use 4291/ # vrml multi user systems vrml-multi-use 4292/ # vrml multi user systems vrml-multi-use 4293/ # vrml multi user systems vrml-multi-use 4294/ # vrml multi user systems vrml-multi-use 4295/ # vrml multi user systems vrml-multi-use 4296/ # vrml multi user systems vrml-multi-use 4297/ # vrml multi user systems vrml-multi-use 4298/ # vrml multi user systems vrml-multi-use 4299/ # vrml multi user systems corelccam 4300/tcp # corel ccam corelccam 4300/udp # corel ccam rwhois 4321/tcp # remote who is rwhois 4321/udp # remote who is msql 4333/tcp # mini-sql server unicall 4343/tcp # unicall unicall 4343/udp # unicall vinainstall 4344/tcp # vinainstall vinainstall 4344/udp # vinainstall m4-network-as 4345/tcp # macro 4 network as m4-network-as 4345/udp # macro 4 network as elanlm 4346/tcp # elan lm elanlm 4346/udp # elan lm lansurveyor 4347/tcp # lan surveyor lansurveyor 4347/udp # lan surveyor itose 4348/tcp # itose itose 4348/udp # itose fsportmap 4349/tcp # file system port map fsportmap 4349/udp # file system port map net-device 4350/tcp # net device net-device 4350/udp # net device plcy-net-svcs 4351/tcp # plcy net services plcy-net-svcs 4351/udp # plcy net services f5-iquery 4353/tcp # f5 iquery f5-iquery 4353/udp # f5 iquery saris 4442/tcp # saris saris 4442/udp # saris pharos 4443/tcp # pharos pharos 4443/udp # pharos krb524 4444/tcp nv-video # nv video default, krb524, kerberos 5 to 4 ticket xlator krb524 4444/udp nv-video # nv video default, krb524 upnotifyp 4445/tcp # upnotifyp upnotifyp 4445/udp # upnotifyp n1-fwp 4446/tcp # n1-fwp n1-fwp 4446/udp # n1-fwp n1-rmgmt 4447/tcp # n1-rmgmt n1-rmgmt 4447/udp # n1-rmgmt asc-slmd 4448/tcp # asc licence manager asc-slmd 4448/udp # asc licence manager privatewire 4449/tcp # privatewire privatewire 4449/udp # privatewire camp 4450/tcp # camp camp 4450/udp # camp ctisystemmsg 4451/tcp # cti system msg ctisystemmsg 4451/udp # cti system msg ctiprogramload 4452/tcp # cti program load ctiprogramload 4452/udp # cti program load nssalertmgr 4453/tcp # nss alert manager nssalertmgr 4453/udp # nss alert manager nssagentmgr 4454/tcp # nss agent manager nssagentmgr 4454/udp # nss agent manager prchat-user 4455/tcp # pr chat user prchat-user 4455/udp # pr chat user prchat-server 4456/tcp # pr chat server prchat-server 4456/udp # pr chat server prRegister 4457/tcp # pr register prRegister 4457/udp # pr register sae-urn 4500/tcp # sae-urn sae-urn 4500/udp # sae-urn urn-x-cdchoice 4501/tcp # urn-x-cdchoice urn-x-cdchoice 4501/udp # urn-x-cdchoice worldscores 4545/tcp # worldscores worldscores 4545/udp # worldscores sf-lm 4546/tcp # sf license manager (sentinel) sf-lm 4546/udp # sf license manager (sentinel) lanner-lm 4547/tcp # lanner license manager lanner-lm 4547/udp # lanner license manager fax 4557/tcp # flexfax fax transmission service, fax transmission service hylafax 4559/tcp # hylafax client-server protocol rfa 4672/tcp # remote file access server rfa 4672/udp # remote file access server iims 4800/tcp # icona instant messenging system iims 4800/udp # icona instant messenging system iwec 4801/tcp # icona web embedded chat iwec 4801/udp # icona web embedded chat ilss 4802/tcp # icona license system server ilss 4802/udp # icona license system server htcp 4827/tcp # htcp htcp 4827/udp # htcp phrelay 4868/tcp # photon relay phrelay 4868/udp # photon relay phrelaydbg 4869/tcp # photon relay debug phrelaydbg 4869/udp # photon relay debug abbs 4885/tcp # abbs abbs 4885/udp # abbs commplex-main 5000/tcp fics # free internet chess server commplex-main 5000/udp commplex-link 5001/tcp commplex-link 5001/udp rfe 5002/tcp # radio free ethernet rfe 5002/udp # radio free ethernet, actually uses udp only fmpro-internal 5003/tcp # filemaker, inc. - proprietary transport fmpro-internal 5003/udp # filemaker, inc. - proprietary name binding avt-profile-1 5004/tcp # avt-profile-1 avt-profile-1 5004/udp # avt-profile-1 avt-profile-2 5005/tcp # avt-profile-2 avt-profile-2 5005/udp # avt-profile-2 telelpathstart 5010/tcp # telepathstart telelpathstart 5010/udp # telepathstart telelpathattack 5011/tcp # telepathattack telelpathattack 5011/udp # telepathattack zenginkyo-1 5020/tcp # zenginkyo-1 zenginkyo-1 5020/udp # zenginkyo-1 zenginkyo-2 5021/tcp # zenginkyo-2 zenginkyo-2 5021/udp # zenginkyo-2 mmcc 5050/tcp # multimedia conference control tool mmcc 5050/udp # multimedia conference control tool ita-agent 5051/tcp # ita agent ita-agent 5051/udp # ita agent ita-manager 5052/tcp # ita manager ita-manager 5052/udp # ita manager sip 5060/tcp # sip sip 5060/udp # sip rmonitor_secure 5145/tcp rmonitor_secure 5145/udp atmp 5150/tcp # ascend tunnel management protocol atmp 5150/udp # ascend tunnel management protocol esri_sde 5151/tcp # esri sde instance esri_sde 5151/udp # esri sde remote start sde-discovery 5152/tcp # esri sde instance discovery sde-discovery 5152/udp # esri sde instance discovery ife_icorp 5165/tcp # ife_1corp ife_icorp 5165/udp # ife_1corp aol 5190/tcp # america-online aol 5190/udp # america-online aol-1 5191/tcp # americaonline1 aol-1 5191/udp # americaonline1 aol-2 5192/tcp # americaonline2 aol-2 5192/udp # americaonline2 aol-3 5193/tcp # americaonline3 aol-3 5193/udp # americaonline3 targus-aib1 5200/tcp # targus aib 1 targus-aib1 5200/udp # targus aib 1 targus-aib2 5201/tcp # targus aib 2 targus-aib2 5201/udp # targus aib 2 sgi-dgl 5232/tcp # sgi distributed graphics padl2sim 5236/tcp padl2sim 5236/udp pk 5272/tcp # pk pk 5272/udp # pk hacl-hb 5300/tcp # ha cluster heartbeat, # ha cluster heartbeat hacl-hb 5300/udp # ha cluster heartbeat, # ha cluster heartbeat hacl-gs 5301/tcp # # ha cluster general services, ha cluster general services hacl-gs 5301/udp # # ha cluster general services, ha cluster general services hacl-cfg 5302/tcp # ha cluster configuration, # ha cluster configuration hacl-cfg 5302/udp # ha cluster configuration, # ha cluster configuration hacl-probe 5303/tcp # ha cluster probing, # ha cluster probing hacl-probe 5303/udp # ha cluster probing, # ha cluster probing hacl-local 5304/tcp # # ha cluster commands hacl-local 5304/udp hacl-test 5305/tcp # # ha cluster test hacl-test 5305/udp sun-mc-grp 5306/tcp # sun mc group sun-mc-grp 5306/udp # sun mc group sco-aip 5307/tcp # sco aip sco-aip 5307/udp # sco aip cfengine 5308/tcp # cfengine cfengine 5308/udp # cfengine jprinter 5309/tcp # j printer jprinter 5309/udp # j printer outlaws 5310/tcp # outlaws outlaws 5310/udp # outlaws tmlogin 5311/tcp # tm login tmlogin 5311/udp # tm login excerpt 5400/tcp # excerpt search excerpt 5400/udp # excerpt search excerpts 5401/tcp # excerpt search secure excerpts 5401/udp # excerpt search secure mftp 5402/tcp # mftp mftp 5402/udp # mftp hpoms-ci-lstn 5403/tcp # hpoms-ci-lstn hpoms-ci-lstn 5403/udp # hpoms-ci-lstn hpoms-dps-lstn 5404/tcp # hpoms-dps-lstn hpoms-dps-lstn 5404/udp # hpoms-dps-lstn netsupport 5405/tcp # netsupport netsupport 5405/udp # netsupport systemics-sox 5406/tcp # systemics sox systemics-sox 5406/udp # systemics sox foresyte-clear 5407/tcp # foresyte-clear foresyte-clear 5407/udp # foresyte-clear foresyte-sec 5408/tcp # foresyte-sec foresyte-sec 5408/udp # foresyte-sec salient-dtasrv 5409/tcp # salient data server salient-dtasrv 5409/udp # salient data server salient-usrmgr 5410/tcp # salient user manager salient-usrmgr 5410/udp # salient user manager actnet 5411/tcp # actnet actnet 5411/udp # actnet continuus 5412/tcp # continuus continuus 5412/udp # continuus wwiotalk 5413/tcp # wwiotalk wwiotalk 5413/udp # wwiotalk statusd 5414/tcp # statusd statusd 5414/udp # statusd ns-server 5415/tcp # ns server ns-server 5415/udp # ns server sns-gateway 5416/tcp # sns gateway sns-gateway 5416/udp # sns gateway sns-agent 5417/tcp # sns agent sns-agent 5417/udp # sns agent mcntp 5418/tcp # mcntp mcntp 5418/udp # mcntp dj-ice 5419/tcp # dj-ice dj-ice 5419/udp # dj-ice cylink-c 5420/tcp # cylink-c cylink-c 5420/udp # cylink-c postgres 5432/tcp # postgres database server fcp-addr-srvr1 5500/tcp # fcp-addr-srvr1 fcp-addr-srvr1 5500/udp # fcp-addr-srvr1 fcp-addr-srvr2 5501/tcp # fcp-addr-srvr2 fcp-addr-srvr2 5501/udp # fcp-addr-srvr2 fcp-srvr-inst1 5502/tcp # fcp-srvr-inst1 fcp-srvr-inst1 5502/udp # fcp-srvr-inst1 fcp-srvr-inst2 5503/tcp # fcp-srvr-inst2 fcp-srvr-inst2 5503/udp # fcp-srvr-inst2 fcp-cics-gw1 5504/tcp # fcp-cics-gw1 fcp-cics-gw1 5504/udp # fcp-cics-gw1 personal-agent 5555/tcp # personal agent personal-agent 5555/udp rplay # personal agent esinstall 5599/tcp # enterprise security remote install esinstall 5599/udp # enterprise security remote install esmmanager 5600/tcp # enterprise security manager esmmanager 5600/udp # enterprise security manager esmagent 5601/tcp # enterprise security agent esmagent 5601/udp # enterprise security agent a1-msc 5602/tcp # a1-msc a1-msc 5602/udp # a1-msc a1-bs 5603/tcp # a1-bs a1-bs 5603/udp # a1-bs a3-sdunode 5604/tcp # a3-sdunode a3-sdunode 5604/udp # a3-sdunode a4-sdunode 5605/tcp # a4-sdunode a4-sdunode 5605/udp # a4-sdunode pcanywheredata 5631/tcp # pcanywheredata pcanywheredata 5631/udp # pcanywheredata pcanywherestat 5632/tcp # pcanywherestat pcanywherestat 5632/udp # pcanywherestat rrac 5678/tcp # remote replication agent connection rrac 5678/udp # remote replication agent connection dccm 5679/tcp # direct cable connect manager dccm 5679/udp # direct cable connect manager canna 5680/tcp # canna (japanese input) proshareaudio 5713/tcp # proshare conf audio proshareaudio 5713/udp # proshare conf audio prosharevideo 5714/tcp # proshare conf video prosharevideo 5714/udp # proshare conf video prosharedata 5715/tcp # proshare conf data prosharedata 5715/udp # proshare conf data prosharerequest 5716/tcp # proshare conf request prosharerequest 5716/udp # proshare conf request prosharenotify 5717/tcp # proshare conf notify prosharenotify 5717/udp # proshare conf notify openmail 5729/tcp # openmail user agent layer openmail 5729/udp # openmail user agent layer unieng 5730/tcp # netscape suiteware unisnc 5731/tcp # netscape suiteware unidas 5732/tcp # netscape suiteware ida-discover1 5741/tcp # ida discover port 1 ida-discover1 5741/udp # ida discover port 1 ida-discover2 5742/tcp # ida discover port 2 ida-discover2 5742/udp # ida discover port 2 fcopy-server 5745/tcp # fcopy-server fcopy-server 5745/udp # fcopy-server fcopys-server 5746/tcp # fcopys-server fcopys-server 5746/udp # fcopys-server openmailg 5755/tcp # openmail desk gateway server openmailg 5755/udp # openmail desk gateway server x500ms 5757/tcp # openmail x.500 directory server x500ms 5757/udp # openmail x.500 directory server openmailns 5766/tcp # openmail newmail server openmailns 5766/udp # openmail newmail server s-openmail 5767/tcp # openmail suer agent layer (secure) s-openmail 5767/udp # openmail suer agent layer (secure) openmailpxy 5768/tcp # openmail cmts server openmailpxy 5768/udp # openmail cmts server vnc 5900/tcp # orl virtual network client ncd-pref-tcp 5977/tcp # ncd preferences tcp port ncd-diag-tcp 5978/tcp # ncd diagnostic tcp port ncd-conf-tcp 5979/tcp # ncd configuration tcp port ncd-pref 5997/tcp # ncd preferences telnet port ncd-diag 5998/tcp # ncd diagnostic telnet port ncd-conf 5999/tcp # ncd configuration telnet port x11 6000/tcp xterm X11 # x window system, x-windows server x11 6000/udp # x window system x11 6001/tcp xwin # x window system, x-windows server x11 6001/udp # x window system x11 6002/tcp xwin # x window system, x-windows server x11 6002/udp # x window system x11 6003/tcp xwin # x window system, x-windows server x11 6003/udp # x window system x11 6004/tcp xwin # x window system, x-windows server x11 6004/udp # x window system x11 6005/tcp xwin # x window system, x-windows server x11 6005/udp # x window system x11 6006/tcp xwin # x window system, x-windows server x11 6006/udp # x window system x11 6007/tcp xwin # x window system, x-windows server x11 6007/udp # x window system x11 6008/tcp # x window system x11 6008/udp # x window system x11 6009/tcp # x window system x11 6009/udp # x window system x11 6010/tcp # x window system x11 6010/udp # x window system x11 6011/tcp # x window system x11 6011/udp # x window system x11 6012/tcp # x window system x11 6012/udp # x window system x11 6013/tcp # x window system x11 6013/udp # x window system x11 6014/tcp # x window system x11 6014/udp # x window system x11 6015/tcp # x window system x11 6015/udp # x window system x11 6016/tcp # x window system x11 6016/udp # x window system x11 6017/tcp # x window system x11 6017/udp # x window system x11 6018/tcp # x window system x11 6018/udp # x window system x11 6019/tcp # x window system x11 6019/udp # x window system x11 6020/tcp # x window system x11 6020/udp # x window system x11 6021/tcp # x window system x11 6021/udp # x window system x11 6022/tcp # x window system x11 6022/udp # x window system x11 6023/tcp # x window system x11 6023/udp # x window system x11 6024/tcp # x window system x11 6024/udp # x window system x11 6025/tcp # x window system x11 6025/udp # x window system x11 6026/tcp # x window system x11 6026/udp # x window system x11 6027/tcp # x window system x11 6027/udp # x window system x11 6028/tcp # x window system x11 6028/udp # x window system x11 6029/tcp # x window system x11 6029/udp # x window system x11 6030/tcp # x window system x11 6030/udp # x window system x11 6031/tcp # x window system x11 6031/udp # x window system x11 6032/tcp # x window system x11 6032/udp # x window system x11 6033/tcp # x window system x11 6033/udp # x window system x11 6034/tcp # x window system x11 6034/udp # x window system x11 6035/tcp # x window system x11 6035/udp # x window system x11 6036/tcp # x window system x11 6036/udp # x window system x11 6037/tcp # x window system x11 6037/udp # x window system x11 6038/tcp # x window system x11 6038/udp # x window system x11 6039/tcp # x window system x11 6039/udp # x window system x11 6040/tcp # x window system x11 6040/udp # x window system x11 6041/tcp # x window system x11 6041/udp # x window system x11 6042/tcp # x window system x11 6042/udp # x window system x11 6043/tcp # x window system x11 6043/udp # x window system x11 6044/tcp # x window system x11 6044/udp # x window system x11 6045/tcp # x window system x11 6045/udp # x window system x11 6046/tcp # x window system x11 6046/udp # x window system x11 6047/tcp # x window system x11 6047/udp # x window system x11 6048/tcp # x window system x11 6048/udp # x window system x11 6049/tcp # x window system x11 6049/udp # x window system x11 6050/tcp # x window system x11 6050/udp # x window system x11 6051/tcp # x window system x11 6051/udp # x window system x11 6052/tcp # x window system x11 6052/udp # x window system x11 6053/tcp # x window system x11 6053/udp # x window system x11 6054/tcp # x window system x11 6054/udp # x window system x11 6055/tcp # x window system x11 6055/udp # x window system x11 6056/tcp # x window system x11 6056/udp # x window system x11 6057/tcp # x window system x11 6057/udp # x window system x11 6058/tcp # x window system x11 6058/udp # x window system x11 6059/tcp # x window system x11 6059/udp # x window system x11 6060/tcp # x window system x11 6060/udp # x window system x11 6061/tcp # x window system x11 6061/udp # x window system x11 6062/tcp # x window system x11 6062/udp # x window system x11 6063/tcp # x window system x11 6063/udp # x window system softcm 6110/tcp # hp softbench cm softcm 6110/udp # hp softbench cm spc 6111/tcp # hp softbench sub-process control spc 6111/udp # hp softbench sub-process control dtspcd 6112/tcp dtspc # dtspcd, cde subprocess control dtspcd 6112/udp # dtspcd backup-express 6123/tcp # backup express backup-express 6123/udp # backup express meta-corp 6141/tcp # meta corporation license manager meta-corp 6141/udp # meta corporation license manager aspentec-lm 6142/tcp # aspen technology license manager aspentec-lm 6142/udp # aspen technology license manager watershed-lm 6143/tcp # watershed license manager watershed-lm 6143/udp # watershed license manager statsci1-lm 6144/tcp # statsci license manager - 1 statsci1-lm 6144/udp # statsci license manager - 1 statsci2-lm 6145/tcp # statsci license manager - 2 statsci2-lm 6145/udp # statsci license manager - 2 lonewolf-lm 6146/tcp # lone wolf systems license manager lonewolf-lm 6146/udp # lone wolf systems license manager montage-lm 6147/tcp # montage license manager montage-lm 6147/udp # montage license manager ricardo-lm 6148/tcp # ricardo north america license manager ricardo-lm 6148/udp # ricardo north america license manager tal-pod 6149/tcp # tal-pod tal-pod 6149/udp # tal-pod crip 6253/tcp # crip crip 6253/udp # crip clariion-evr01 6389/tcp # clariion-evr01 clariion-evr01 6389/udp # clariion-evr01 skip-cert-recv 6455/tcp # skip certificate receive skip-cert-send 6456/tcp # skip certificate send lvision-lm 6471/tcp # lvision license manager lvision-lm 6471/udp # lvision license manager boks 6500/tcp # boks master boks 6500/udp # boks master boks_servc 6501/tcp # boks servc boks_servc 6501/udp # boks servc boks_servm 6502/tcp # boks servm boks_servm 6502/udp # boks servm boks_clntd 6503/tcp # boks clntd boks_clntd 6503/udp # boks clntd badm_priv 6505/tcp # boks admin private port badm_priv 6505/udp # boks admin private port badm_pub 6506/tcp # boks admin public port badm_pub 6506/udp # boks admin public port bdir_priv 6507/tcp # boks dir server, private port bdir_priv 6507/udp # boks dir server, private port bdir_pub 6508/tcp # boks dir server, public port bdir_pub 6508/udp # boks dir server, public port fg-sysupdate 6550/tcp # fg-sysupdate fg-sysupdate 6550/udp # fg-sysupdate xdsxdm 6558/tcp xdsxdm 6558/udp ircu 6665/tcp # ircu ircu 6665/udp # ircu ircu 6666/tcp irc-serv # ircu, internet relay chat server ircu 6666/udp # ircu ircu 6667/tcp ircd irc # often used irc port (also see 194), ircu, internet relay chat ircu 6667/udp # ircu ircu 6668/tcp irc # ircu, internet relay chat ircu 6668/udp # ircu ircu 6669/tcp # ircu ircu 6669/udp # ircu vocaltec-gold 6670/tcp # vocaltec global online directory vocaltec-gold 6670/udp # vocaltec global online directory vision_server 6672/tcp # vision_server vision_server 6672/udp # vision_server vision_elmd 6673/tcp # vision_elmd vision_elmd 6673/udp # vision_elmd kti-icad-srvr 6701/tcp # kti/icad nameserver kti-icad-srvr 6701/udp # kti/icad nameserver hnmp 6790/tcp # hnmp hnmp 6790/udp # hnmp ambit-lm 6831/tcp # ambit-lm ambit-lm 6831/udp # ambit-lm netmo-default 6841/tcp # netmo default netmo-default 6841/udp # netmo default netmo-http 6842/tcp # netmo http netmo-http 6842/udp # netmo http acmsoda 6969/tcp # acmsoda acmsoda 6969/udp # acmsoda iatp-highpri 6998/tcp # iatp-highpri iatp-highpri 6998/udp # iatp-highpri iatp-normalpri 6999/tcp # iatp-normalpri iatp-normalpri 6999/udp # iatp-normalpri afs3-fileserver 7000/tcp # file server itself, msdos, file server itself afs3-fileserver 7000/udp # afs fileserver, file server itself afs3-callback 7001/tcp # callbacks to cache managers afs3-callback 7001/udp # callbacks to cache managers, afs callback server afs3-prserver 7002/tcp # users & groups database afs3-prserver 7002/udp # afs protection server, users & groups database afs3-vlserver 7003/tcp # volume location database afs3-vlserver 7003/udp # afs volumelocation server, volume location database afs3-kaserver 7004/tcp # afs/kerberos authentication service afs3-kaserver 7004/udp # afs kerberos authenication server, afs/kerberos authentication service afs3-volser 7005/tcp # volume managment server afs3-volser 7005/udp # afs volume server, volume managment server afs3-errors 7006/tcp # error interpretation service afs3-errors 7006/udp # afs error server ?, error interpretation service afs3-bos 7007/tcp # basic overseer process afs3-bos 7007/udp # afs basic over-see server ?, basic overseer process afs3-update 7008/tcp # server-to-server updater afs3-update 7008/udp # server-to-server updater, ? afs3-rmtsys 7009/tcp # remote cache manager service afs3-rmtsys 7009/udp # remote cache manager service, ? ups-onlinet 7010/tcp # onlinet uninterruptable power supplies ups-onlinet 7010/udp # onlinet uninterruptable power supplies dpserve 7020/tcp # dp serve dpserve 7020/udp # dp serve dpserveadmin 7021/tcp # dp serve admin dpserveadmin 7021/udp # dp serve admin arcp 7070/tcp # arcp arcp 7070/udp # arcp lazy-ptop 7099/tcp # lazy-ptop lazy-ptop 7099/udp # lazy-ptop font-service 7100/tcp fs # x font service, font server font-service 7100/udp # x font service virprot-lm 7121/tcp # virtual prototypes license manager virprot-lm 7121/udp # virtual prototypes license manager clutild 7174/tcp # clutild clutild 7174/udp # clutild fodms 7200/tcp # fodms flip fodms 7200/udp # fodms flip dlip 7201/tcp # dlip dlip 7201/udp # dlip icb 7326/tcp # internet citizen's band winqedit 7395/tcp # winqedit winqedit 7395/udp # winqedit pmdmgr 7426/tcp # openview dm postmaster manager pmdmgr 7426/udp # openview dm postmaster manager oveadmgr 7427/tcp # openview dm event agent manager oveadmgr 7427/udp # openview dm event agent manager ovladmgr 7428/tcp # openview dm log agent manager ovladmgr 7428/udp # openview dm log agent manager opi-sock 7429/tcp # openview dm rqt communication opi-sock 7429/udp # openview dm rqt communication xmpv7 7430/tcp # openview dm xmpv7 api pipe xmpv7 7430/udp # openview dm xmpv7 api pipe pmd 7431/tcp # openview dm ovc/xmpv3 api pipe pmd 7431/udp # openview dm ovc/xmpv3 api pipe faximum 7437/tcp # faximum faximum 7437/udp # faximum telops-lmd 7491/tcp # telops-lmd telops-lmd 7491/udp # telops-lmd pafec-lm 7511/tcp # pafec-lm pafec-lm 7511/udp # pafec-lm nta-ds 7544/tcp # flowanalyzer displayserver nta-ds 7544/udp # flowanalyzer displayserver nta-us 7545/tcp # flowanalyzer utilityserver nta-us 7545/udp # flowanalyzer utilityserver vsi-omega 7566/tcp # vsi omega vsi-omega 7566/udp # vsi omega aries-kfinder 7570/tcp # aries kfinder aries-kfinder 7570/udp # aries kfinder sun-lm 7588/tcp # sun license manager sun-lm 7588/udp # sun license manager pmdfmgt 7633/tcp # pmdf management pmdfmgt 7633/udp # pmdf management cucme-1 7648/udp # cucme live video/audio server cucme-2 7649/udp # cucme live video/audio server cucme-3 7650/udp # cucme live video/audio server cucme-4 7651/udp # cucme live video/audio server cbt 7777/tcp # cbt cbt 7777/udp # cbt accu-lmgr 7781/tcp # accu-lmgr accu-lmgr 7781/udp # accu-lmgr t2-drm 7932/tcp # tier 2 data resource manager t2-drm 7932/udp # tier 2 data resource manager t2-brm 7933/tcp # tier 2 business rules manager t2-brm 7933/udp # tier 2 business rules manager quest-vista 7980/tcp # quest vista quest-vista 7980/udp # quest vista irdmi2 7999/tcp # irdmi2 irdmi2 7999/udp # irdmi2 irdmi 8000/tcp # irdmi irdmi 8000/udp # irdmi vcom-tunnel 8001/tcp # vcom tunnel vcom-tunnel 8001/udp # vcom tunnel http-alt 8008/tcp # http alternate http-alt 8008/udp # http alternate pro-ed 8032/tcp # proed pro-ed 8032/udp # proed mindprint 8033/tcp # mindprint mindprint 8033/udp # mindprint http-alt 8080/tcp # http alternate (see port 80) http-alt 8080/udp # http alternate (see port 80) trivnet1 8200/tcp # trivnet trivnet1 8200/udp # trivnet trivnet2 8201/tcp # trivnet trivnet2 8201/udp # trivnet lm-perfworks 8204/tcp # lm perfworks lm-perfworks 8204/udp # lm perfworks lm-instmgr 8205/tcp # lm instmgr lm-instmgr 8205/udp # lm instmgr lm-dta 8206/tcp # lm dta lm-dta 8206/udp # lm dta lm-sserver 8207/tcp # lm sserver lm-sserver 8207/udp # lm sserver server-find 8351/tcp # server find server-find 8351/udp # server find cruise-enum 8376/tcp # cruise enum cruise-enum 8376/udp # cruise enum cruise-swroute 8377/tcp # cruise swroute cruise-swroute 8377/udp # cruise swroute cruise-config 8378/tcp # cruise config cruise-config 8378/udp # cruise config cruise-diags 8379/tcp # cruise diags cruise-diags 8379/udp # cruise diags cruise-update 8380/tcp # cruise update cruise-update 8380/udp # cruise update cvd 8400/tcp # cvd cvd 8400/udp # cvd sabarsd 8401/tcp # sabarsd sabarsd 8401/udp # sabarsd abarsd 8402/tcp # abarsd abarsd 8402/udp # abarsd admind 8403/tcp # admind admind 8403/udp # admind npmp 8450/tcp # npmp npmp 8450/udp # npmp vp2p 8473/tcp # virtual point to point vp2p 8473/udp # virtual point to point rtsp-alt 8554/tcp # rtsp alternate (see port 554) rtsp-alt 8554/udp # rtsp alternate (see port 554) natd 8668/divert # network address translation ibus 8733/tcp # ibus ibus 8733/udp # ibus ultraseek-http 8765/tcp # ultraseek http ultraseek-http 8765/udp # ultraseek http cddbp-alt 8880/tcp # cddbp cddbp-alt 8880/udp # cddbp ddi-tcp-1 8888/tcp # newsedge server tcp (tcp 1) ddi-udp-1 8888/udp # newsedge server udp (udp 1) ddi-tcp-2 8889/tcp # desktop data tcp 1 ddi-udp-2 8889/udp # newsedge server broadcast ddi-tcp-3 8890/tcp # desktop data tcp 2 ddi-udp-3 8890/udp # newsedge client broadcast ddi-tcp-4 8891/tcp # desktop data tcp 3: ness application ddi-udp-4 8891/udp # desktop data udp 3: ness application ddi-tcp-5 8892/tcp # desktop data tcp 4: farm product ddi-udp-5 8892/udp # desktop data udp 4: farm product ddi-tcp-6 8893/tcp # desktop data tcp 5: newsedge/web application ddi-udp-6 8893/udp # desktop data udp 5: newsedge/web application ddi-tcp-7 8894/tcp # desktop data tcp 6: coal application ddi-udp-7 8894/udp # desktop data udp 6: coal application jmb-cds1 8900/tcp # jmb-cds 1 jmb-cds1 8900/udp # jmb-cds 1 jmb-cds2 8901/tcp # jmb-cds 2 jmb-cds2 8901/udp # jmb-cds 2 cslistener 9000/tcp # cslistener cslistener 9000/udp # cslistener kastenxpipe 9001/tcp # kastenx pipe kastenxpipe 9001/udp # kastenx pipe sctp 9006/tcp # sctp sctp 9006/udp # sctp websm 9090/tcp # websm websm 9090/udp # websm jetdirect 9100/tcp # hp jetdirect card wap-wsp 9200/tcp # wap connectionless session service wap-wsp 9200/udp # wap connectionless session service wap-wsp-wtp 9201/tcp # wap session service wap-wsp-wtp 9201/udp # wap session service wap-wsp-s 9202/tcp # wap secure connectionless session service wap-wsp-s 9202/udp # wap secure connectionless session service wap-wsp-wtp-s 9203/tcp # wap secure session service wap-wsp-wtp-s 9203/udp # wap secure session service wap-vcard 9204/tcp # wap vcard wap-vcard 9204/udp # wap vcard wap-vcal 9205/tcp # wap vcal wap-vcal 9205/udp # wap vcal wap-vcard-s 9206/tcp # wap vcard secure wap-vcard-s 9206/udp # wap vcard secure wap-vcal-s 9207/tcp # wap vcal secure wap-vcal-s 9207/udp # wap vcal secure ismserver 9500/tcp # ismserver ismserver 9500/udp # ismserver man 9535/tcp man 9535/udp msgsys 9594/tcp # message system msgsys 9594/udp # message system pds 9595/tcp # ping discovery service pds 9595/udp # ping discovery service sd 9876/tcp # session director sd 9876/udp # session director cyborg-systems 9888/tcp # cyborg systems cyborg-systems 9888/udp # cyborg systems monkeycom 9898/tcp # monkeycom monkeycom 9898/udp # monkeycom palace 9992/tcp # palace palace 9992/udp # palace palace 9993/tcp # palace palace 9993/udp # palace palace 9994/tcp # palace palace 9994/udp # palace palace 9995/tcp # palace palace 9995/udp # palace palace 9996/tcp # palace palace 9996/udp # palace palace 9997/tcp # palace palace 9997/udp # palace distinct32 9998/tcp # distinct32 distinct32 9998/udp # distinct32 distinct 9999/tcp # distinct distinct 9999/udp # distinct ndmp 10000/tcp # network data management protocol ndmp 10000/udp # network data management protocol stel 10005/tcp # secure telnet mvs-capacity 10007/tcp # mvs capacity mvs-capacity 10007/udp # mvs capacity amanda 10080/tcp # amanda amanda 10080/udp # amanda, amanda backup util, dump server control amandaidx 10082/tcp # amanda indexing amidxtape 10083/tcp # amanda tape indexing irisa 11000/tcp # irisa irisa 11000/udp # irisa metasys 11001/tcp # metasys metasys 11001/udp # metasys vce 11111/tcp # viral computing environment (vce) vce 11111/udp # viral computing environment (vce) atm-uhas 11367/tcp # atm uhas atm-uhas 11367/udp # atm uhas entextxid 12000/tcp # ibm enterprise extender sna xid exchange entextxid 12000/udp # ibm enterprise extender sna xid exchange entextnetwk 12001/tcp # ibm enterprise extender sna cos network priority entextnetwk 12001/udp # ibm enterprise extender sna cos network priority entexthigh 12002/tcp # ibm enterprise extender sna cos high priority entexthigh 12002/udp # ibm enterprise extender sna cos high priority entextmed 12003/tcp # ibm enterprise extender sna cos medium priority entextmed 12003/udp # ibm enterprise extender sna cos medium priority entextlow 12004/tcp # ibm enterprise extender sna cos low priority entextlow 12004/udp # ibm enterprise extender sna cos low priority NetBus 12345/tcp # netbus backdoor trojan NetBus 12346/tcp # netbus backdoor trojan tsaf 12753/tcp # tsaf port tsaf 12753/udp # tsaf port i-zipqd 13160/tcp # i-zipqd i-zipqd 13160/udp # i-zipqd bprd 13720/tcp # bprd protocol (veritas netbackup) bprd 13720/udp # bprd protocol (veritas netbackup) bpbrm 13721/tcp # bpbrm protocol (veritas netbackup) bpbrm 13721/udp # bpbrm protocol (veritas netbackup) bpcd 13782/tcp # veritas netbackup bpcd 13782/udp # veritas netbackup vopied 13783/tcp # vopied protocol vopied 13783/udp # vopied protocol dsmcc-config 13818/tcp # dsmcc config dsmcc-config 13818/udp # dsmcc config dsmcc-session 13819/tcp # dsmcc session messages dsmcc-session 13819/udp # dsmcc session messages dsmcc-passthru 13820/tcp # dsmcc pass-thru messages dsmcc-passthru 13820/udp # dsmcc pass-thru messages dsmcc-download 13821/tcp # dsmcc download protocol dsmcc-download 13821/udp # dsmcc download protocol dsmcc-ccp 13822/tcp # dsmcc channel change protocol dsmcc-ccp 13822/udp # dsmcc channel change protocol itu-sccp-ss7 14001/tcp # itu sccp (ss7) itu-sccp-ss7 14001/udp # itu sccp (ss7) netserialext1 16360/tcp # netserialext1 netserialext1 16360/udp # netserialext1 netserialext2 16361/tcp # netserialext2 netserialext2 16361/udp # netserialext2 netserialext3 16367/tcp # netserialext3 netserialext3 16367/udp # netserialext3 netserialext4 16368/tcp # netserialext4 netserialext4 16368/udp # netserialext4 isode-dua 17007/tcp isode-dua 17007/udp chipper 17219/tcp # chipper chipper 17219/udp # chipper biimenu 18000/tcp # beckman instruments, inc. biimenu 18000/udp # beckman instruments, inc. hp-sco 19410/tcp # hp-sco hp-sco 19410/udp # hp-sco hp-sca 19411/tcp # hp-sca hp-sca 19411/udp # hp-sca jcp 19541/tcp # jcp client jcp 19541/udp # jcp client dnp 20000/tcp # dnp dnp 20000/udp # dnp track 20670/tcp # track track 20670/udp # track webphone 21845/tcp # webphone webphone 21845/udp # webphone netspeak-is 21846/tcp # netspeak corp. directory services netspeak-is 21846/udp # netspeak corp. directory services netspeak-cs 21847/tcp # netspeak corp. connection services netspeak-cs 21847/udp # netspeak corp. connection services netspeak-acd 21848/tcp # netspeak corp. automatic call distribution netspeak-acd 21848/udp # netspeak corp. automatic call distribution netspeak-cps 21849/tcp # netspeak corp. credit processing system netspeak-cps 21849/udp # netspeak corp. credit processing system wnn6 22273/tcp wnn4 # wnn6 (japanese input), wnn6, wnn4 (japanese input) wnn6 22273/udp # wnn6 wnn4_Cn 22289/tcp wnn6_Cn # wnn6 (chinese input), wnn4 (chinese input) wnn4_Kr 22305/tcp wnn6_Kr # wnn4 (korean input), wnn6 (korean input) wnn4_Tw 22321/tcp wnn6_Tw # wnn4 (taiwanse input), wnn6 (taiwanse input) vocaltec-wconf 22555/tcp # vocaltec web conference vocaltec-phone 22555/udp # vocaltec internet phone aws-brf 22800/tcp # telerate information platform lan aws-brf 22800/udp # telerate information platform lan brf-gw 22951/tcp # telerate information platform wan brf-gw 22951/udp # telerate information platform wan med-ltp 24000/tcp # med-ltp med-ltp 24000/udp # med-ltp med-fsp-rx 24001/tcp # med-fsp-rx med-fsp-rx 24001/udp # med-fsp-rx med-fsp-tx 24002/tcp # med-fsp-tx med-fsp-tx 24002/udp # med-fsp-tx med-supp 24003/tcp # med-supp med-supp 24003/udp # med-supp med-ovw 24004/tcp # med-ovw med-ovw 24004/udp # med-ovw med-ci 24005/tcp # med-ci med-ci 24005/udp # med-ci med-net-svc 24006/tcp # med-net-svc med-net-svc 24006/udp # med-net-svc intel_rci 24386/tcp # intel rci intel_rci 24386/udp # intel rci icl-twobase1 25000/tcp # icl-twobase1 icl-twobase1 25000/udp # icl-twobase1 icl-twobase2 25001/tcp # icl-twobase2 icl-twobase2 25001/udp # icl-twobase2 icl-twobase3 25002/tcp # icl-twobase3 icl-twobase3 25002/udp # icl-twobase3 icl-twobase4 25003/tcp # icl-twobase4 icl-twobase4 25003/udp # icl-twobase4 icl-twobase5 25004/tcp # icl-twobase5 icl-twobase5 25004/udp # icl-twobase5 icl-twobase6 25005/tcp # icl-twobase6 icl-twobase6 25005/udp # icl-twobase6 icl-twobase7 25006/tcp # icl-twobase7 icl-twobase7 25006/udp # icl-twobase7 icl-twobase8 25007/tcp # icl-twobase8 icl-twobase8 25007/udp # icl-twobase8 icl-twobase9 25008/tcp # icl-twobase9 icl-twobase9 25008/udp # icl-twobase9 icl-twobase10 25009/tcp # icl-twobase10 icl-twobase10 25009/udp # icl-twobase10 vocaltec-hos 25793/tcp # vocaltec address server vocaltec-hos 25793/udp # vocaltec address server quake 26000/tcp # quake quake 26000/udp # quake wnn6-ds 26208/tcp wnn6_DS # wnn6 (dserver), wnn6-ds wnn6-ds 26208/udp # wnn6-ds hunt 26740/udp # multi-player/multi-host maze-wars flex-lm 27000/ # flex lm (1-10) flex-lm 27001/ # flex lm (1-10) flex-lm 27002/ # flex lm (1-10) flex-lm 27003/ # flex lm (1-10) flex-lm 27004/ # flex lm (1-10) flex-lm 27005/ # flex lm (1-10) flex-lm 27006/ # flex lm (1-10) flex-lm 27007/ # flex lm (1-10) flex-lm 27008/ # flex lm (1-10) flex-lm 27009/ # flex lm (1-10) tw-auth-key 27999/tcp # tw authentication/key distribution and tw-auth-key 27999/udp # attribute certificate services BackOrifice 31337/udp # cdc back orifice remote admin tool filenet-tms 32768/tcp # filenet tms filenet-tms 32768/udp # filenet tms filenet-rpc 32769/tcp # filenet rpc filenet-rpc 32769/udp # filenet rpc filenet-nch 32770/tcp # filenet nch filenet-nch 32770/udp # filenet nch traceroute 33434/tcp # traceroute use traceroute 33434/udp # traceroute use rockwell-encap 44818/tcp # rockwell encapsulation rockwell-encap 44818/udp # rockwell encapsulation eba 45678/tcp # eba prise eba 45678/udp # eba prise dbbrowse 47557/tcp # databeam corporation dbbrowse 47557/udp # databeam corporation directplaysrvr 47624/tcp # direct play server directplaysrvr 47624/udp # direct play server ap 47806/tcp # alc protocol ap 47806/udp # alc protocol bacnet 47808/tcp # building automation and control networks bacnet 47808/udp # building automation and control networks mason-1.0.0.orig/index.html0100644000765700007640000005635207467513131014456 0ustar martinedv Mason - the automated firewall builder for Linux

    If you're looking for the HTML::Mason Perl Module, try here.

    Current version - 1.0.0 *smile*

    (Unsolicited) Reviews

    "If you have not checked out Mason, I highly recommend it. Mason is a Linux based firewall, but none like you've ever used.

    In short, you put Mason into learning mode and run the services to the Internet you wish to support. Mason will then take these log entries and turn them into a set of packet filtering rules. Pretty cool eh? No ACK compliment rules to worry about, no "what was that service port again?" decisions to worry about, simply plug it in, let it learn and off you go. :)"

    - - Chris Brenton, cbrenton@sover.net

    "Tonight I tried out your Mason package and I got to tell you it is the best thing I have seen in a long time. I tried it on a test machine and it worked flawlessly. Usually things are fun for novelty reasons but this thing is awesome! Me and my colleagues are always setting up some type of firewall and I am going to blow them away with this one. Problem with firewalls is one always forgets a policy, port, etc... especially being a field computer person, with Mason it pretty much takes care of most of the work for you.

    All I can say is I cant tell you how cool this is.

    - - Richard Lo, richardlo@visto.com

    We just recently retooled our firewall as it was in bad shape. I want to put the word about the Mason firewall package which automatically writes ipchain rules for you. Without Mason, we would still be struggling with our firewall. I highly recommend using it to implement some rudimentary security on stand-alone RedHat Linux systems that are continuously connected to the web.

    - - real-life, paranoid, pressed for time, system administrator who prefers to remain anonymous, well, because (s)he's paranoid

    Well, I played with it for quite a while, and I liked the results. This version is very robust, and the learning curve is simply amazing, so it's really a recommended tool for newbies.

    - - Aviram Jenik, aviram@beyondsecurity.com, http://www.SecuriTeam.com

    It's been a major pain in the ass trying to configure my RedHat 6.0 firewall at home using ipfwadm and the other standard Linux tools. So it was with some doubt that I installed Mason on my RedHat 6.0 firewall, expecting nothing useful to come of it. I was rather shocked to find Mason quickly emitting lists of real-world, usable rules, and making them actually work with my fairly complex system requirements. (I want ftp, telnet, RealAudio, Quake, HalfLife, netnews, and I want it all to be perfectly secure! ;) ) I am completely sold on Mason. Congrats on making the first firewall tool in the true spirit of Linux; it should be part of every distribution.

    - - John Byrd, johnbyrd@pacbell.net

    Introduction

    Mason is a tool that interactively builds a firewall using Linux' ipfwadm or ipchains firewalling. You leave mason running on the firewall machine while you are making all the kinds of connections that you want the firewall to support (and want it to block). Mason gives you a list of firewall rules that exactly allow and block those connections.

    Mason was specifically designed to make it possible for anyone with the ability to generally find their way around a Linux system to build a reasonably good packet filtering firewall for any and every system under their control. It takes care of all the low level grunt work; all you need to do is follow the instructions and be able to run all the TCP/IP applications that need to be supported.

    The real work of the package is done by the mason script. Its job is to convert the log entries that the Linux kernel produces into ipfwadm or ipchains commands that you can use in your own firewall.

    In order to make it easy to use, I have included a rudimentary tool called mason-gui-text. It's a very simple shell that handles the setup and creation process for those that want to be led through the process. I would sincerely like to see it replaced with a nicer interface.

    News

    5/12/02

    We've been stable for a long time. Time for 1.0.0. :-)

    9/16/01

    Minor release to accomodate the fact that the "sam" package had to be renamed to "samlib".

    8/7/01

    Thanks to all who've reminded me that 0.13.9.3 doesn't get along well with newer glibc's. Someone decided to rename a signal and it causes no end of problems.

    A number of the functions Mason depends on are shared with other bash apps. I've put together a shared library of bash functions for these applications with a goal of formal verification for each function. Mason now requires the "sam" library to run; this library can be found at ftp://ftp.stearns.org/ as well. Simply install the sam rpm or tar first.

    Thanks to Steve Wray for the awk only replacement for an awk/grep/sed combination in older versions.

    Minor fixes.

    Baiju Thakkar deserves a large THANKS! for updating the web site. You'll see the new content once we work out a few more details.

    10/25/00

    I've gotten the iptables code in 0.13.9.3 to the point where it's generally working. A few notes:

    • Load all the iptables modules before starting.
    • Put your masq rule in by hand in /var/lib/mason/baserules. I have a sample there ready to be uncommented.
    • I will no longer support cross-creation of rules, I.e. creating an ipfwadm firewall on an iptables system. It used to be generally doable between ipfwadm and ipchains, but the differences between iptables and its predecessors make this too much work to be useful.

    By the way, the "live learning" process seems to be rather good. Give it a try, especially if you've had trouble with Mason crashing in the past. The live learning bypasses the backgrounding that used to be required, hopefully putting the crashes permanently to bed. I have my fingers crossed.

    The menus look a lot better now.

    11/21/99

    The exciting new project is the ability to decide what to do with a rule while the learning process is going on. Now, when a new rule shows up, you can instantly decide to commit it to baserules, discard it, change it, etc. mason-decide is not complete, but it's functional enough that I'm making it available for testing. If you like the old behavior of throwing all the rules into newrules for later editing, change: if /bin/false ; then in mason-gui-text to: if /bin/true ; then

    As a followup to the following, mason has some iptables functionality now. I have the base code functioning to the point that I can actually build an iptables firewall with it.

    Please note that it is most definitely not complete. If you're masquerading, you need to put the masquerading rule in baserules before you start mason-gui-test (baserules.sample has been updated to include iptables masquerading).

    mason-1999112101 is _only_ available at ftp://mason.stearns.org - this will soon be the master web and ftp site for the project.

    9/x/99

    My hat is off to Rusty, who has done it again. I've gotten netfilter running on 2.3.x and I'm really impressed. When I insert the ipfwadm module, Mason runs just fine. When I insert ipchains.o, hey, Mason runs just fine. I haven't tried all the features, but this is going to make debugging Mason much easier. And hey, it looks like its going to be in 2.4.x!

    In preparation for 0.13.1, the documentation has gotten a lot of work. I've merged a bunch of stuff into a main SGML file which can be viewed in .txt or .html format. I'm glad to say the documentation is finally usable again.

    3/9/99

    I have gotten a number of contributions from people - many thanks. I'll have a real contributions section later, but for the moment:

    3/8/99

    The Mason mailing lists are now live. There are three lists:

    Note that the old "geek-speak.net" addresses are no longer valid. The lists have been moved to ists.dartmouth.edu.
    ListDescriptionHow to subscribe
    mason-announce This list is an announcements-only list. It will generally be limited to new version announcements for the Mason firewall builder, but may also include announcements related to Mason from time to time. It is a low volume list and is moderated. send mail to majordomo@ists.dartmouth.edu with "subscribe mason-announce" in the body.
    mason-help This unmoderated list is for general discussion of all topics related to the Mason firewall builder. On-topic discussion includes bug reports, questions, feature requests, suggestions, and questions about operating Mason. General packet filtering, firewall, Linux, networking, kernel, ipfwadm, ipchains, netfilter, and iptables questions are considered on-topic as well. send mail to majordomo@ists.dartmouth.edu with "subscribe mason-help" in the body.
    mason-devel This is a discussion list for the people involved in the development of the Mason firewall builder and related projects. Issues about code, patches, packaging issues, distribution, and general communication between developers are considered on-topic. You should get in touch with Bill Stearns (wstearns@pobox.com) before subscribing and let him know what area of development interests you. send mail to majordomo@ists.dartmouth.edu with "subscribe mason-devel" in the body.

    Disclaimers

    I've included a copy of the disclaimers. Like all GNU programs:

    This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

    Unfortunately, because this program is so deeply involved in the security of the systems on which it is run, I need to add this disclaimer as well:

            This program offers an aid to creating firewall rules.  It offers
ABSOLUTELY NO intelligence in deciding what should be allowed or
disallowed.  It has ABSOLUTELY NO ability to understand your security
policy and implement it.  YOU are responsible for reviewing the rules and
massaging them to fit your needs.
        While the documentation in mason.txt attempts to provide some
general guidelines on how to use Mason, please remember:  the author has
no knowledge of what you want your firewall to do and has not tailored the
documentation or program to specially fit your needs.  If there is ever a
discrepancy between your needs and the program output or your needs and
the documentation, the program and/or documentation are _dead_ _wrong_.

    Downloading and installing

    Here are the various versions available for download, most recent at the top.

    • Mason-1.0.0 release (tar, noarch rpm, src rpm).

    • Mason-0.13.9.5 prerelease (tar, noarch rpm, src rpm).

    • Mason-0.13.9.4 prerelease (tar, noarch rpm, src rpm).

    • Mason-0.13.9.3 prerelease (tar, noarch rpm, src rpm).

    • Mason-0.14.1 developers releases - see the News above and ftp://mason.stearns.org/pub/mason.

    • Mason-0.13.0.92-1 debian release (deb. This is functionally the same as 0.13.0.92, but packaged as a .deb. Many thanks to Jeff Licquia.

    • Mason-0.13.0.92 stable release (tar, noarch rpm, src rpm).

      If you've had trouble with Mason crashing, please give this release a try. I think I've finally found the right way to tell Mason to exit, and I'm catching the rest of the otherwise harmless return codes. 0.13.0.92 is good enough that I'd suggest it over any previous version.

      I've started a regression test suite for Mason. While not terribly useful to most users, it does help with quality control; it's harder for me to introduce errors.

      Mason now gives a single warning if it sees non-tcp/udp/icmp protocols when working with ipfwadm.

    • Mason-0.13.0.90 developers release (tar, noarch rpm, src rpm).

      New to this release: A large number of backdoor ports that can be automatically blocked in masonrc, bug fixes for dynamic address support, complete restructuring of the documentation (now in .sgml, viewable in .txt and .html), minor fixes, bugfix for NOOUTGOING icmp subcode support, NOOUTGOING tcp protocols automatically test for the SYN flag, first fragments of iptables support (as of 9/26/99, this is not functional).

    • Mason-0.13.0 final release (tar, noarch rpm, src rpm).

      New to this release: automatically makes masq rules for reserved addresses, icmp subcodes, support for ip tunneling and a number of other protocols, removal of the namecache (no longer needed), mason now stops logging packets quickly while it does the main processing, stop using ipcalc to calculate broadcast, don't touch /etc/hosts or /etc/services, more Debian integration and two man pages (Thanks, Jeff!), support for ipchains-save output format, support for --sport and --dport (Thanks, Rusty!), some documentation updates, the ability to add packet counts to each rule, sorting the most commonly used rules to the top, misc. bug fixes and performance improvements, fixes to the Cisco output format, the ability to generalize the ack rules for tcp connections, cutting 25%-35% of the rules (Use at your own risk for the moment - this needs to be checked), an internal checkpointing ability to help in debugging, Mason can find the smallest subnet that encompasses the ips found on a dynamic interface and no_outgoing_ protocols.

      Support for ipchains -Lnxv input format was planned, but scrapped when I realized there was an easier way to get packet counts into Mason.

      Known bug: Mason occasionally exits during the course of normal operation. It complains on the way out that it has "crashed", when the exit was intentional. I'm still working with the trap logic to stop it from complaining when it shouldn't.

    • Mason-0.12.0 (tar, noarch rpm, src rpm). Mason now has an output option for Cisco IOS access-list rules. It still needs to run on a Linux system, but can provide output useable in a Cisco router. I don't have a Cisco router here, though; please let me know if it works or doesn't.

      The Mason package now includes some additional "services" files. If you choose, Mason can automatically pull services from these files if your /etc/services file is missing them. Many thanks to the guys who wrote nmap for the nmap-services file.

      Ironically, I do not suggest you use these as they are too complete; Mason may actually have trouble generalizing its rules because everything looks like a server port.

    • Mason-0.11.1 (tar, noarch rpm, src rpm). Ipfwadm hadn't been tested in a while; thanks to Rich who pointed out that it, ahem, didn't work at all. Two typos and it's doing much better now.

      I also added TOS (Type Of Service) flag setting to this version. That, in theory, should help interactive performance on slow links with lots of bulk traffic. I also added the ability to completely block individual IP's or entire subnets.

    • Mason-0.11.0 (tar, noarch rpm, src rpm) Generally functional. Now it has an rpm version.
    • mason-0.11.0-beta3.tar.gz Mostly reorganization, but some bug fixes too. Better support for ipfwadm - it probably works now. I can't test it because I don't run 2.0 kernels at this point. Any feedback?
    • mason-0.11.0-beta2.tar.gz Mason has undergone serious surgery. The documentation is horribly out of date. Nonetheless, the functionality is there. Download this, open it up, run "make install", briefly edit /etc/masonrc, and run mason-gui-text. "base" rules are the permanent, approved rules that get run at boot time. "new" rules are only used during the firewall creation process. When you're happy with a "new" rule, put something like #APPROVED at the end and use the "merge rules" feature to carry them over to the "base" set. That's the 2 cent tour - let me know what you find is broken. I already know the ipfwadm stuff is lagging so far behind ipchains as to be unusable in this release - sorry. Despite that, the new stuff in Mason is well worth it...grin...
    • mason-0.11.0-beta1.tar.gz
    • mason-0.11.0-alpha1.tar.gz
    • mason-0.10.0-beta3.tar.gz The 0.9 and 0.10 versions handle ipchains, but as of 0.10.0-beta3, the documentation does not fully reflect the functionality.
    • mason-0.10.0-beta2.tar.gz
    • mason-0.10.0-beta1.tar.gz
    • mason-0.9.1-beta1.tar.gz
    • mason-0.9.0-beta2.tar.gz
    • mason-0.9.0-beta1.tar.gz
    • mason-0.7.9.tar.gz Versions up to and including 0.7.9 handle only ipfwadm input, kernels and output.
    • mason-0.7.0.tar.gz
    • mason-0.6.9.tar.gz
    • mason.0.6.0
    • mason.0.5.0 Versions up to and including 0.6.0 are just a single shell script.

    Here's how to install:

    • Download the above tar file to /usr/src
    • cd /usr/src
    • tar -xzvf mason-version.tar.gz
    • cd mason-version
    • make install
    • Follow the quickstart section in mason.txt

    Here are the individual files you can download. These files may be newer than the ones in the packages above; if so, they are here as prerelease version for those who want to be on the bleeding edge.

    • COPYING The GNU General Public License.
    • Makefile Used in packaging and distribution.
    • baserulesThe baserules file is one of two files (see newrules) that hold your firewall rules. baserules holds the rules that you've checked over and are sure should be part of your final firewall.
    • baserules.sample A few possible rules for use as a starting point.
    • firewall The boot time script for use in /etc/rc.d/init.d.
    • index.html The Mason web page.
    • mason The actual mason script.
    • mason-gui-text The rudimentary interface to running Mason and building a firewall.
    • mason-gui-text.1 man page for mason-gui-text.
    • mason.1 man page for mason.
    • mason.spec The RPM spec file.
    • mason.lsm The Linux Software Map entry.
    • mason.sgml The primary documentation for the package. The sgml format is designed to allow easy conversion to more readable formats.
    • mason.html The primary documentation for the package, in hypertext.
    • mason.txt The primary documentation for the package, in a flat text file.
    • masonlib A library of functions used by a number of the other files.
    • masonrc The main configuration file. There are intelligent defaults for all of these fields.
    • moreservices The services file I use, good as a reference if you don't recognize a protocol.
    • nmap-services The additional services file includes with the nmap tool. An even better reference.
    • newrules newrules is the other file that holds firewall rules. It holds rules created by mason that you haven't looked over yet. Think about what would happen if you were port scanned while Mason was running; if you only had one file to hold rules, all of these portscan rules you don't want would be mixed in with the rules you do want.

      An important note - rules in newrules are not part of your regular firewall - they are only used during the learning process. This is why you need to merge rules from newrules to baserules once you're sure of them.

    • regression-test The shell script test suite for some of the parts of the package. Contributions welcome.

    Credits

    Most of the files in the Mason package are Copyright (c) 1998-2001 by William Stearns wstearns@pobox.com or Jeff Licquia. They are released under the GNU GPL, which is included in the package. If you did not recieve a copy of this license, please contact the author for a copy (see the top of the Mason script for contact information for the author and the Free Software Foundation).

    Last edited: 5/12/02

    Best viewed with something that can show web pages... <grin>

    mason-1.0.0.orig/mason0100755000765700007640000013636507467514142013532 0ustar martinedv#!/bin/bash set -e #For those who actually read code, welcome. Please note: there appears to be support for #accepting "ipchains -L -n -x -v" input. It sorta works, it generally doesn't. I won't #be working on it in the near future. Play with it if you'd like. #Last YYYY code used: 0024, use 0025 next #cat </dev/null # (The above line allows me to put the documentation right in the #script... Cool, eh? OK, I've had enough fun. Now stop wasting customer #CPU Cycles! *smile*) # #>>>>>>>>>>>>>>>If you read nothing else, please read this<<<<<<<<<<<<<<<< # # This program offers an aid to creating firewall rules. It offers #ABSOLUTELY NO intelligence in deciding what should be allowed or #disallowed. It has ABSOLUTELY NO ability to understand your security #policy and implement it. YOU are responsible for reviewing the rules and #massaging them to fit your needs. ## While the documentation in mason.txt attempts to provide some #general guidelines on how to use Mason, please remember: the author has #no knowledge of what you want your firewall to do and has not tailored the #documentation or program to specially fit your needs. If there is ever a #discrepancy between your needs and the program output or your needs and #the documentation, the program and/or documentation are _dead_ _wrong_. # # #Copyleft: # Mason interactively creates a Linux packet filtering firewall. # Copyright (C) 1998-2000 William Stearns # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # The author can also be reached at: # William Stearns #email: wstearns@pobox.com (preferred) #web: http://www.stearns.org/mason/ #snail: 6 Manchester Dr. # Lebanon NH, 03766, USA # # # This code is entirely owned by William Stearns #(wstearns@pobox.com) and has no relation to any employer or employer #sponsored project. # ##------------------------------ Mason ------------------------------ # The Mason script interactively builds a (fire)wall on a Linux #machine. For more details about how this is done, please see mason.txt, #which gives background, theory of operation, a quick start, and additional #documentation on firewalls and firewall gotchas. # mason.txt and related documentation should have been installed to #/usr/doc/mason-{version}/ . If they are missing or you would like to make #sure you have the latest version, please go to #http://www.pobox.com/~wstearns/mason/ . # All configuration of this program is done in the /etc/masonrc ##file. This script should probably not be directly edited. # #- Bill Stearns # ##The EOTEXT1 line is the end of the text and the start of the code. #EOTEXT1 CKPTMASON=" mason: Ground0" ; #ckpt $CKPTMASON #ZZZZ #DEBUG="non-null" MASONDIR=${MASONDIR:-"/var/lib/mason/"} MASONCONF=${MASONCONF:-"/etc/masonrc"} MASONLIB=${MASONLIB:-"/var/lib/mason/masonlib"} if [ -f $MASONLIB ]; then . $MASONLIB else #Can't use wrap here - no library. echo Missing $MASONLIB library file. Please get a complete copy of Mason from >/dev/stderr echo http://www.pobox.com/~wstearns/mason/ . Exiting. >/dev/stderr sleep 10 exit 1 fi catchall trap preexit 0 #This gets nullified if we get a SIGHUP or SIGINT; see sigexitscript. #------------------------------------------------------------------------- # Start setting up. #------------------------------------------------------------------------- CKPTMASON=" mason: Setup" ; #ckpt $CKPTMASON #LOGCHAINSEXIST="yes" In the process of being removed. Only used in checksys. #REMOVEME LAST1="" ; LAST2="" ; LAST3="" ; LAST4="" ; LAST5="" ; LAST6="" ; LAST7="" ; LAST8="" ; CURRENT="" EXITMASON=${EXITMASON:-"NO"} trap sigexitscript SIGHUP trap sigexitscript SIGINT #Ctrl-C generates this trap loadconf SIGUSR1 loadconf checksys #---------- Start of Main code ---------- CKPTMASON=" mason: Start main" ; #ckpt $CKPTMASON echo $ENH "${HEADER}---- ${BLUE}Mason${HEADER} firewall builder for Linux ----${NORM}" >/dev/stderr echo $ENH "${HEADER}---- see http://www.pobox.com/~wstearns/mason/ for more info. ----${NORM}" >/dev/stderr echo $ENH "${HEADER}---- William Stearns ----${NORM}" >/dev/stderr if [ -n "$MASONVER" ]; then echo $ENH "${HEADER}(This is release $MASONVER )${NORM}" >/dev/stderr fi SIGGED="NO" CKPTMASON=" mason: Save pid" ; #ckpt $CKPTMASON echo "$$" >>$MASONPIDFILE #NAMECACHE Support has been disabled ##Hmmm... I _hate_ overwriting /etc/passwd... #if [ -L $NAMECACHE ]; then # rm -f $NAMECACHE #fi # ##Create the name cache file if it doesn't exist #if [ ! -e $NAMECACHE ]; then # touch $NAMECACHE # #This is a security-related program. I don't want to let people know who we're even talking to. # chmod og-rwx $NAMECACHE #fi for ONEIF in $DYNIF ; do if [ ! -f ${MASONDIR}${ONEIF}-ips ]; then touch ${MASONDIR}${ONEIF}-ips ; fi ipof $ONEIF >>${MASONDIR}${ONEIF}-ips || logfail $LINENO ifconfig $ONEIF and save #if [ "$DYNIFMODE" != "ANYADDRESS" ]; then echo -n "$CMNT $CMNT" ; fi if [ "$DYNIFMODE" = "ANYADDRESS" ]; then #This is a hidden option. The use of 0/0 to match a dynamic address opens some disturbing possibilities for holes in the firewall that I don't really want to uncover. echo "export ${ONEIF}ADDR=\"0/0\" ${CMNT} ${CMNT}Use this if you want to match any address on $ONEIF." fi if [ "$DYNIFMODE" != "SPECIFICIP" ]; then echo -n "$CMNT $CMNT" ; fi echo "export ${ONEIF}ADDR=\"\`ifconfig $ONEIF 2>/dev/null | awk '/inet addr/{print substr($2,6)}'\`$SINGLEMACHSPEC\" ${CMNT} ${CMNT}Use this if you want to match a single address on $ONEIF." if [ "$DYNIFMODE" != "SMALLESTRANGE" ]; then echo -n "$CMNT $CMNT" ; fi #FIXME - what if the file is empty? echo "export ${ONEIF}ADDR=\"$(encompassingnetworkof $(cat ${MASONDIR}${ONEIF}-ips | sort | uniq) || logfail $LINENO return encompassing network for $ONEIF)\" ${CMNT} ${CMNT}Use this if you want to match all addresses seen so far on $ONEIF." eval ${ONEIF}ADDR=`ipof $ONEIF` || logfail $LINENO Set $ONEIF into environment done #DEBUG #set -x #FIXME - output this header even if we switch to ipchains-save, but only once per mason run. if [ "$ECHOCOMMAND" = "ipchains-save" ]; then for ONECHAIN in input forward output ; do echo ':'$ONECHAIN $DEFAULTPOLICY done if [ -n "$NOLOGSUFFIX" ]; then for ONECHAIN in `chainnameof input` `chainnameof forward` `chainnameof output` ; do echo ':'$ONECHAIN$NOLOGSUFFIX '-' done fi fi #Get the first log entry #CKPTMASON=" mason: Get log entry" ; #ckpt $CKPTMASON CKPTMASON="" ; #ckpt $CKPTMASON unset ACK COMMENT CURRCHAIN DEST DESTHOST DESTIP DESTPORT DIR DIRLETTER \ DOACK ECHOACK IF IGNOREPORT INIF ISLOGLINE \ J1 J2 J3 J4 J5 J6 J7 J8 J9 J10 J11 J12 J13 J14 J15 J16 J17 J18 J19 J20 J21 J22 J23 J24 J25 J26 J27 J28 J29 J30 \ O3 O4 O5 O6 O7 O8 O9 O10 O11 O12 O13 \ A3 A4 A5 A6 A7 A8 A9 A10 A11 A12 A13 \ LINEHASDYNAMIC LOGTHIS MESSPOL NUMBYTES NUMPACKETS PROTO SRC SRCHOST SRCIP SRCPORT SYNFLAG SYNFLAGSEEN TAIL TOS || : #unset DFFLAG FFLAG FOFLAG IFLAG LFLAG SFLAG TFLAG || : #These fields are not used at this time. if [ -n "$MINMARK" ]; then INCMINMARK="0" ; fi TOS="" if ! read J1 J2 J3 J4 J5 J6 J7 J8 J9 J10 J11 J12 J13 J14 J15 J16 J17 J18 J19 J20 J21 J22 J23 J24 J25 J26 J27 J28 J29 J30 ; then if [ "$SIGGED" != "YES" ]; then EXITMASON="YES" ; fi fi while [ "$SIGGED" = "YES" ]; do SIGGED="NO" if ! read J1 J2 J3 J4 J5 J6 J7 J8 J9 J10 J11 J12 J13 J14 J15 J16 J17 J18 J19 J20 J21 J22 J23 J24 J25 J26 J27 J28 J29 J30 ; then if [ "$SIGGED" != "YES" ]; then EXITMASON="YES" ; fi fi done CKPTMASON=" mason: post get log entry" ; #ckpt $CKPTMASON while [ "$EXITMASON" != "YES" ] && [ -n "$J1" ] && [ "$J1" != '!!EXIT!!' ]; do CKPTMASON=" mason: In main loop" ; #ckpt $CKPTMASON #Only do the work if the line is a firewalling log entry. if [ "$J6 $J7" = "Packet log:" ]; then #Load variables from ipchains log entry INFORMAT="ipchains-log" case $J8 in output) DIR='output ' ; DIRLETTER='O' ;; input) DIR='input ' ; DIRLETTER='I' ;; forward) DIR='forward' ; DIRLETTER='F' ;; *) wrap ${WARN}Unknown direction $J8${NORM} >/dev/stderr ;; esac IF="$J10" protonum2name "${J11##PROTO=}" SRC="$J12" ; DEST="$J13" #SRC and DEST are only temporary variables for ipfwadm and ipchains formats to split into SRCIP and SRCPORT in a mo. SRCPORT=${SRC##*:} DESTPORT=${DEST##*:} SRCIP=${SRC%%:*} DESTIP=${DEST%%:*} #Even if there were a way to extract a mark value from the log line, it wouldn't seem correct to use it. #MESSPOL="$J9" ; LFLAG="$J14" ; SFLAG="$J15" ; IFLAG="$J16" ; FFLAG="$J17" ; TFLAG="$J18" #Unused SYNFLAG="$J19" if [ "$SYNFLAG" = "SYN" ]; then SYNFLAGSEEN="YES" else SYNFLAG="" fi ISLOGLINE="YES" elif [ "$J5 $J6" = "kernel: IP" ]; then #Load variables from ipfwadm log entry INFORMAT="ipfwadm-log" case $J7 in #Formerly [ "`echo $J7 | cut -b 1-3`" = "fw-" ] fw-out|fw-in|fw-fwd) case $J7 in fw-out) DIR='output ' ; DIRLETTER='O' ;; fw-in) DIR='input ' ; DIRLETTER='I' ;; fw-fwd) DIR='forward' ; DIRLETTER='F' ;; *) wrap ${WARN}Unknown direction $J7${NORM} >/dev/stderr ;; esac IF="$J9" PROTO=`echo $J10 | tr A-Z a-z` SRC="$J11" ; DEST="$J12" #SRC and DEST are only temporary variables for ipfwadm and ipchains formats to split into SRCIP and SRCPORT in a mo. SRCIP=${SRC%%:*} DESTIP=${DEST%%:*} #MESSPOL="$J8" ; LFLAG="$J13" ; SFLAG="$J14" ; IFLAG="$J15" ; FOFLAG="$J16" ; TFLAG="$J17" ; DFFLAG="$J18" #Unused #Break up ipfwadmin's habit of gluing the icmp port onto the protocol. if [ "${PROTO%%/*}" = "icmp" ]; then SRCPORT=${PROTO##*/} PROTO="icmp" DESTPORT="" if [ "$DEBUG" = "YES" ]; then wrap proto= $PROTO srcport= $SRCPORT destport= $DESTPORT >/dev/stderr ; fi else SRCPORT=${SRC##*:} DESTPORT=${DEST##*:} fi ISLOGLINE="YES" #No need to set IGNOREPORT - ipfwadm only handles tcp, udp, and icmp. ;; esac elif [ "$J5" = "kernel:" ]; then #Load variables from possible iptables log entry case $J6 in #Formerly [ "`echo $J6 | cut -b 1-4`" = "SRC=" ] IN=*|SRC=*) #FIXME - it seems reasonably likely that J6 might be something other than SRC= in some circumstances. INFORMAT="iptables-log" #FIXME - more than 30 fields needed? for ONEFIELD in $J6 $J7 $J8 $J9 $J10 $J11 $J12 $J13 $J14 $J15 $J16 $J17 $J18 $J19 $J20 $J21 $J22 $J23 $J24 $J25 $J26 $J27 $J28 $J29 $J30 ; do case $ONEFIELD in DPT=*) DESTPORT=${ONEFIELD##*=} ;; DST=*) DESTIP=${ONEFIELD##*=} ;; PROTO=*) PROTO=`echo ${ONEFIELD##*=} | tr A-Z a-z` ;; SPT=*) SRCPORT=${ONEFIELD##*=} ;; SRC=*) SRCIP=${ONEFIELD##*=} ;; TYPE=*) SRCPORT=${ONEFIELD##*=} ;; #FIXME - not sure about subcode #ZZZZ #FIXME - gracefully handle passing the interface to ipfwadm/ipchains/etc. IN=*) INIF=${ONEFIELD##*=} ;; OUT=*) IF=${ONEFIELD##*=} ;; #ACK) #ACK set ;; #SYN) #SYN set ;; #*) #Ignore (digits), ACK=digits, CODE=digits, DF, ID=digits, LEN=digits, OPT, PSH, RES=hexdigits, SEQ=digits, TOS=hexdigits, TTL=digits, URGP=digits, WINDOW=digits # ;; esac done if [ -n "$INIF" ] && [ -z "$IF" ]; then #FIXME - DIR needs to be lowercase for all but iptables DIR='INPUT ' ; DIRLETTER='I' elif [ -n "$INIF" ] && [ -n "$IF" ]; then DIR='FORWARD' ; DIRLETTER='F' elif [ -z "$INIF" ] && [ -n "$IF" ]; then DIR='OUTPUT ' ; DIRLETTER='O' elif [ -z "$INIF" ] && [ -z "$IF" ]; then #This case shouldn't happen DIR='' ; DIRLETTER='' fi #FIXME - if either ECHOCOMMAND or DOCOMMAND isn't iptables, we need to handle INIF -> IF if IF unset. It probably needs to be done in the ECHO/DO sections. Bash ${ } macro? ISLOGLINE="YES" #FIXME - temporary test code #ISLOGLINE="NO" #DIR='forward' ; DIRLETTER='F' #IF="lo" #wrap J1=$J1 J2=$J2 J3=$J3 J4=$J4 J5=$J5 J6=$J6 J7=$J7 J8=$J8 J9=$J9 J10=$J10 J11=$J11 J12=$J12 J13=$J13 J14=$J14 J15=$J15 J16=$J16 J17=$J17 J18=$J18 J19=$J19 DIR=$DIR DIRLETTER=$DIRLETTER DESTPORT=$DESTPORT DESTIP=$DESTIP PROTO=$PROTO SRCPORT=$SRCPORT SRCIP=$SRCIP >/dev/stderr #FIXME - what about these? #case $J7 in #fw-out) DIR='output ' ; DIRLETTER='O' ;; #fw-in) DIR='input ' ; DIRLETTER='I' ;; #fw-fwd) DIR='forward' ; DIRLETTER='F' ;; #*) wrap ${WARN}Unknown direction $J7${NORM} >/dev/stderr ;; #esac #IF="$J9" ##MESSPOL="$J8" ; LFLAG="$J13" ; SFLAG="$J14" ; IFLAG="$J15" ; FOFLAG="$J16" ; TFLAG="$J17" ; DFFLAG="$J18" #Unused #if [ "${PROTO%%/*}" = "icmp" ]; then # SRCPORT=${PROTO##*/} # PROTO="icmp" # DESTPORT="" # if [ "$DEBUG" = "YES" ]; then wrap proto= $PROTO srcport= $SRCPORT destport= $DESTPORT >/dev/stderr ; fi #else # SRCPORT=${SRC##*:} # DESTPORT=${DEST##*:} #fi #No need to set IGNOREPORT - ipfwadm only handles tcp, udp, and icmp. ;; esac elif [ "$J1" = "Chain" ]; then #Load variables from ipchains -Lv listing; this is a header line. CURRCHAIN=$J2 INFORMAT="ipchains-lv" elif [ "$J1" = "Chain" ]; then #Load variables from ipchains -Lv listing; this is a header line. : elif [ "$J6" = "0xFF" ] || [ "$J6" = "0x01" ]; then #Load variables from ipchains -Lv listing; this is a data line. case $J7 in 0x*) ISLOGLINE="YES" INFORMAT="ipchains-lv" case $CURRCHAIN in output) DIR='output' ; DIRLETTER='O' ;; input) DIR='input' ; DIRLETTER='I' ;; forward) DIR='forward' ; DIRLETTER='F' ;; "") wrap ${WARN}No chain name has been registered. Mason cannot process this entry.${NORM} >/dev/stderr ; ISLOGLINE="" ;; *) DIR="$CURRCHAIN" ; DIRLETTER='Q' if [ -z "$OTHERCHAINWARNISSUED" ]; then case "$ECHOCOMMAND" in ipchains|ipchains-lv|iptables) : ;; *) echo "$CMNT Any following rules with a direction of \"Q\" need to be edited. They" echo "$CMNT came from an ipchains/iptables rule other than input, output, or forward." OTHERCHAINWARNISSUED="YES" ;; esac fi ;; esac case $J5 in #FIXME - formalize this parsing. double check these, check other flag fields. -y*) ACK="! -k" ;; !y*) ACK="-k" ;; *l-) LOGTHIS="-l" ;; --*) ACK="" ;; esac MESSPOL=$J3 if [ "$J8" = "*" ]; then IF="" ; else IF="$J8" ; fi if [ "$J4" = "all" ]; then PROTO="" ; else protonum2name $J4 ; fi if [ "$J6 $J7" != "0xFF 0x00" ]; then TOS=" -t $J6 $J7" ; else TOS="" ; fi #FIXME - handle case of existing or missing mark and outsize fields case $J9 in */*) SRCIP="$J9" ;; *) SRCIP="$J9/32" ;; esac case $J10 in */*) DESTIP="$J10" ;; *) DESTIP="$J10/32" ;; esac NUMPACKETS=$J1 ; NUMBYTES=$J2 #LFLAG="$J13" ; SFLAG="$J14" ; IFLAG="$J15" ; FOFLAG="$J16" ; TFLAG="$J17" ; DFFLAG="$J18" #Unused case $J11 in n/a) SRCPORT="" ;; '*') SRCPORT="" ;; *:*) if [ "${J11%%:*}" = "${J11##*:}" ]; then SRCPORT=${J11%%:*} ; else SRCPORT=$J11 ; fi ;; *) SRCPORT=$J11 ;; esac case $J13 in '*') DESTPORT="" ;; *:*) if [ "${J13%%:*}" = "${J13##*:}" ]; then DESTPORT=${J13%%:*} ; else DESTPORT=$J13 ; fi ;; *) DESTPORT=$J13 ;; esac ;; esac elif [ "$J6" = "->" ]; then #Load variables from an ipfilter log line #1 2 3 4 5 6 7 8 9 10 11 12 13 14 #15:57:33.803147 ppp0 @0:2 b 100.100.100.103,443 -> 20.20.20.10,4923 PR tcp len 20 1488 -A # rule p flags # # #12:46:12.470951 xl0 @0:1 S 20.20.20.254 -> 255.255.255.255 PR icmp len 20 9216 icmp 9/0 # router discovery : fi CKPTMASON=" mason: Process line, set line policy" ; #ckpt $CKPTMASON if [ "$ISLOGLINE" = "YES" ]; then if [ "$INFORMAT" = "ipchains-lv" ] && { [ "$DOCOMMAND" = "ipchains" ] || [ "$DOCOMMAND" = "iptables" ] ; } ; then #We actually use the policy in each line in ipchains-lv entries case "$MESSPOL" in accept|ACCEPT) LCPOLICY="accept" ; UCPOLICY="ACCEPT" ;; reject|REJECT) LCPOLICY="reject" ; UCPOLICY="REJECT" ;; deny|DENY) LCPOLICY="deny" ; UCPOLICY="DENY" ;; "-") LCPOLICY="" ; UCPOLICY="" ;; *) LCPOLICY=$MESSPOL ; UCPOLICY=$MESSPOL ;; esac elif [ "$INFORMAT" = "ipchains-lv" ]; then #We actually use the policy in each line in ipchains-lv entries case "$MESSPOL" in accept|ACCEPT) LCPOLICY="accept" ; UCPOLICY="ACCEPT" ;; reject|REJECT) LCPOLICY="reject" ; UCPOLICY="REJECT" ;; deny|DENY) LCPOLICY="deny" ; UCPOLICY="DENY" ;; "-") #FIXME - technically these should be accounting rules for I and O, a warning for F. case "$NEWRULEPOLICY" in a*|A*) LCPOLICY="accept" ; UCPOLICY="ACCEPT" ;; r*|R*) LCPOLICY="reject" ; UCPOLICY="REJECT" ;; d*|D*) LCPOLICY="deny" ; UCPOLICY="DENY" ;; esac ;; *) LCPOLICY=$MESSPOL ; UCPOLICY=$MESSPOL ;; esac else case "$NEWRULEPOLICY" in a*|A*) LCPOLICY="accept" ; UCPOLICY="ACCEPT" ;; r*|R*) LCPOLICY="reject" ; UCPOLICY="REJECT" ;; d*|D*) LCPOLICY="deny" ; UCPOLICY="DENY" ;; esac fi #Handle AUTOMASQ feature. Masquerade packets forwarded to requested interfaces if source #address is a reserved (rfc1918) address. CKPTMASON=" mason: Process line, check for masq" ; #ckpt $CKPTMASON if [ "$DIRLETTER" = "F" ] && [ -n "$AUTOMASQIF" ] && [ "$LCPOLICY" = "accept" ] && reservedip $SRCIP ; then for ANIF in $AUTOMASQIF ; do if [ "$ANIF" = "$IF" ]; then UCPOLICY="MASQ" #For ipchains LCPOLICY="accept -m" #For ipfwadm #FIXME - iptables... fi done fi #If forwarding and automasq requested. if [ "$IGNOREPORT" = "YES" ]; then SRCPORT="" ; DESTPORT="" ; fi #Quickly put in a completely specific rule for this packet to stop the flow - it will be deleted later #in masonlib: LCPOLICY, UCPOLICY #from above: IF, DIR, DIRLETTER, PROTO, SRCIP, SRCPORT, DESTIP, DESTPORT #not set? ACK, SRCHOST, DESTHOST, TOS, DOACK UNDOSPECIFICRULE="" if [ "$DOCOMMAND" = "ipfwadm" ]; then CKPTMASON=" mason: Process line, ipfwadm specific rule" ; #ckpt $CKPTMASON #REMOVEME #$IPFWADMBIN -i $LCPOLICY ${IF:+"-W"} $IF -$DIRLETTER ${PROTO:+"-P"} $PROTO -S $SRCIP $SRCPORT -D $DESTIP $DESTPORT || logfail $LINENO Mason: YYYY 0001 #REMOVEME echo 0018 DIRLETTER $DIRLETTER >>${MASONDIR}masoncrash dorule i "$DIRLETTER" "$IF" '' "$PROTO" "$SRCIP" "$SRCPORT" "$DESTIP" "$DESTPORT" '' '' "$LCPOLICY" '' '' '' || logfail $LINENO Mason: YYYY 0018 #UNDOSPECIFICRULE="$IPFWADMBIN -d $LCPOLICY ${IF:+"-W"} $IF -$DIRLETTER ${PROTO:+"-P"} $PROTO -S $SRCIP $SRCPORT -D $DESTIP $DESTPORT || logfail $LINENO Mason: YYYY 0002" #FIXME global - quoting on ''? UNDOSPECIFICRULE="dorule d \"$DIRLETTER\" \"$IF\" '' \"$PROTO\" \"$SRCIP\" \"$SRCPORT\" \"$DESTIP\" \"$DESTPORT\" '' '' \"$LCPOLICY\" '' '' '' || logfail $LINENO Mason: YYYY 0019" CKPTMASON=" mason: Process line, ipfwadm post specific rule" ; #ckpt $CKPTMASON elif [ "$DOCOMMAND" = "ipchains" ]; then case $DIRLETTER in I) DODIR="`chainnameof input`$NOLOGSUFFIX" ;; O) DODIR="`chainnameof output`$NOLOGSUFFIX" ;; F) DODIR="`chainnameof forward`$NOLOGSUFFIX" ;; esac CKPTMASON=" mason: pre specific rule" ; #ckpt $CKPTMASON #REMOVEME #$IPCHAINSBIN -I $DODIR 1 ${IF:+"-i"} $IF ${PROTO:+"-p"} $PROTO -s $SRCIP $SRCPORT -d $DESTIP $DESTPORT ${UCPOLICY:+"-j"} $UCPOLICY || logfail $LINENO Mason: YYYY 0003 $IPCHAINSBIN -I $DODIR 1 ${IF:+"-i"} $IF ${PROTO:+"-p"} $PROTO -s $SRCIP $SRCPORT -d $DESTIP $DESTPORT ${UCPOLICY:+"-j"} $UCPOLICY #REMOVEME echo 0020 DODIR $DODIR >>${MASONDIR}masoncrash dorule i "$DODIR" "$IF" '' "$PROTO" "$SRCIP" "$SRCPORT" "$DESTIP" "$DESTPORT" '' '' "$UCPOLICY" '' '' '' || logfail $LINENO Mason: YYYY 0020 CKPTMASON=" mason: post specific rule" ; #ckpt $CKPTMASON #UNDOSPECIFICRULE="$IPCHAINSBIN -D $DODIR ${IF:+"-i"} $IF ${PROTO:+"-p"} $PROTO -s $SRCIP $SRCPORT -d $DESTIP $DESTPORT ${UCPOLICY:+"-j"} $UCPOLICY || logfail $LINENO Mason: YYYY 0004" UNDOSPECIFICRULE="dorule d \"$DODIR\" \"$IF\" '' \"$PROTO\" \"$SRCIP\" \"$SRCPORT\" \"$DESTIP\" \"$DESTPORT\" '' '' \"$UCPOLICY\" '' '' '' || logfail $LINENO Mason: YYYY 0021" unset DODIR || : #FIXME - add in iptables section for quick stop. Should we do a quick stop for iptables? fi # no need to handle DOCOMMAND=none :-) #Put the dynamic IP addresses in the current environment. for ONEIF in $DYNIF ; do CKPTMASON=" mason: eval dynif of $ONEIF" ; #ckpt $CKPTMASON #this just places the value of a var right back in that same var! #eval ${ONEIF}ADDR=$(eval echo \${$(eval echo ${ONEIF}ADDR)}) #No, really. That's the IP address. #Umm, this is what I think I need... *smile* eval ${ONEIF}ADDR=`ipof $ONEIF || logfail $LINENO Mason: YYYY 0005` done CKPTMASON=" mason: gen ip" ; #ckpt $CKPTMASON if [ "$INFORMAT" = "ipchains-lv" ]; then SRCHOST=$SRCIP DESTHOST=$DESTIP elif [ "$IGNOREPORT" = "YES" ]; then #For non tcp/udp/icmp protocols (w/o port numbers), restrict to machine to machine HOLDIPCONV="$IPCONV" #Convert to hostname, but honor Dynamic IP macros. Temporarily set IPCONV to HOST to do this. IPCONV="HOST" SRCHOST=`generalizeip $SRCIP` DESTHOST=`generalizeip $DESTIP` IPCONV="$HOLDIPCONV" else #If this is a DNS request and the server is one of those listed in /etc/resolv.conf, don't generalize the ip address. #Also, don't generalize if this is one of the Sparse Server or Sparse Client protocols. HOLDIPCONV="$IPCONV" ; HOLDHOSTLOOKUP="$HOSTLOOKUP" if [ "$SRCPORT" = "53" ] && ( [ "$PROTO" = "udp" ] || [ "$PROTO" = "tcp" ] ) ; then for ONEDNSSERVER in $DNSSERVERS ; do if [ "$SRCIP" = "$ONEDNSSERVER" ]; then if [ "$IPCONV" = "NETWORK" ]; then IPCONV="HOST" ; fi if [ "$HOSTLOOKUP" = "FULL" ]; then HOSTLOOKUP="FILESONLY" ; fi fi done fi for ONESPARSE in $SSP ; do if [ "$SRCPORT/$PROTO" = "$ONESPARSE" ] && [ "$IPCONV" = "NETWORK" ]; then IPCONV="HOST" ; fi done for ONESPARSE in $SCP ; do if [ "$DESTPORT/$PROTO" = "$ONESPARSE" ] && [ "$IPCONV" = "NETWORK" ]; then IPCONV="HOST" ; fi done SRCHOST=`generalizeip $SRCIP` IPCONV="$HOLDIPCONV" ; HOSTLOOKUP="$HOLDHOSTLOOKUP" HOLDIPCONV="$IPCONV" ; HOLDHOSTLOOKUP="$HOSTLOOKUP" if [ "$DESTPORT" = "53" ] && ( [ "$PROTO" = "udp" ] || [ "$PROTO" = "tcp" ] ) ; then for ONEDNSSERVER in $DNSSERVERS ; do if [ "$DESTIP" = "$ONEDNSSERVER" ]; then if [ "$IPCONV" = "NETWORK" ]; then IPCONV="HOST" ; fi if [ "$HOSTLOOKUP" = "FULL" ]; then HOSTLOOKUP="FILESONLY" ; fi fi done fi for ONESPARSE in $SSP ; do if [ "$DESTPORT/$PROTO" = "$ONESPARSE" ] && [ "$IPCONV" = "NETWORK" ]; then IPCONV="HOST" ; fi done for ONESPARSE in $SCP ; do if [ "$SRCPORT/$PROTO" = "$ONESPARSE" ] && [ "$IPCONV" = "NETWORK" ]; then IPCONV="HOST" ; fi done DESTHOST=`generalizeip $DESTIP` IPCONV="$HOLDIPCONV" ; HOSTLOOKUP="$HOLDHOSTLOOKUP" fi #Clean up protocol type and number fields, visualize source and dest port fields, set ack flag. #If port not in /etc/services and >=1024, generalize to "high port" CKPTMASON=" mason: port range and comment" ; #ckpt $CKPTMASON COMMENT2="" ; COMMENT="$CMNT" ; SRCCISCOPORTSPEC="" ; DESTCISCOPORTSPEC="" if [ "$PROTO" = "tcp" ] || [ "$PROTO" = "udp" ]; then if [ -n "$SRCPORT" ]; then serverportrange "$SRCPORT" "$PROTO" if [ "$INFORMAT" = "ipchains-lv" ]; then SRCSERVICE="$SRCPORT" ; else SRCSERVICE="$READABLEPORT" ; fi SRCCOMMENT="$PARTIALCOMMENT" fi if [ -n "$DESTPORT" ]; then serverportrange "$DESTPORT" "$PROTO" if [ "$INFORMAT" = "ipchains-lv" ]; then DESTSERVICE="$DESTPORT" ; else DESTSERVICE="$READABLEPORT" ; fi DESTCOMMENT="$PARTIALCOMMENT" fi CKPTMASON=" mason: src $SRCSERVICE $SRCCOMMENT dest $DESTSERVICE $DESTCOMMENT" ; #ckpt $CKPTMASON if [ "$INFORMAT" != "ipchains-lv" ]; then if [ "$PROTO" = "tcp" ] && [ "$INFORMAT" != "ipchains-lv" ]; then #The ack flag should be set if port=tcp and source port is a server service. #The one tcpdump I've seen of an ftp connection seems to indicate that the #ftp-data connection is from the _server_ to the client - backwards. #Passive mode FTP is supposed to reverse this. Ugh. And again, I say, Ugh. #FIXME - use the SYN / PENANCE flag Rusty's putting into later 2.2's. Thanks, Rusty! #From 2.2.10/ip_fw.c: #if(tcp->syn && !(tcp->ack || tcp->rst)) #tcpsyn=1; #if [ "$SYNFLAGSEEN" = "YES" ] && [ "SYNFLAG" != "SYN" ]; then #ACK="-k" #Change next line to elif - hmmm, did I if block this right? if [ -n "$SRCSERVICE" ] && [ -z "$DESTSERVICE" ] && [ "$SRCPORT/$PROTO" != "20/tcp" ]; then ACK="-k" fi #ZZZZ - auth exception... if [ "$GENERALIZETCPACK" = "YES" ] && [ "$ACK" = "-k" ]; then #If we're in this section we already know PROTO=tcp if [ "$UCPOLICY" = "ACCEPT" ] || [ "$UCPOLICY" = "MASQ" ]; then if isdigits "$SRCPORT"; then SRCSERVICE=`generalportrange "$SRCPORT"` ; SRCCOMMENT="GENERALIZED TCP RESPONSE - place last" fi if isdigits "$DESTPORT"; then DESTSERVICE=`generalportrange "$DESTPORT"` ; DESTCOMMENT="GENERALIZED TCP RESPONSE - place last" fi fi #Is accept or masq fi #Generalizetcpack and ack flag set fi #proto=tcp and not ipchains-lv CKPTMASON=" mason: port and service sservice $SRCSERVICE dservice $DESTSERVICE" ; #ckpt $CKPTMASON if [ -n "$SRCSERVICE" ] && [ -n "$DESTSERVICE" ]; then # Both source and destination ports are servers. Rare, but possible. SRCPORT=$SRCSERVICE DESTPORT=$DESTSERVICE elif [ -n "$SRCSERVICE" ]; then # Source port is a server port. DESTPORT=`clientportrange "$DESTPORT" "$SRCPORT" "$PROTO" "$ACK"` settos "$SRCPORT" "$SRCSERVICE" "$PROTO" SRCPORT=$SRCSERVICE elif [ -n "$DESTSERVICE" ]; then # Dest port is a server port. SRCPORT=`clientportrange "$SRCPORT" "$DESTPORT" "$PROTO" "$ACK"` settos "$DESTPORT" "$DESTSERVICE" "$PROTO" DESTPORT=$DESTSERVICE else # Neither source nor dest is a server port. #COMMENT2="$CMNT$CMNT S=`nameof $SRCIP`:$SRCPORT D=`nameof $DESTIP`:$DESTPORT" #FIXME - put in case to test for null, */0, local IP, otherwise display COMMENT2="$CMNT$CMNT" if [ -n "$SRCIP" ]; then COMMENT2="$COMMENT2 S=`nameof $SRCIP`" ; fi if [ -n "$SRCPORT" ]; then COMMENT2="$COMMENT2:$SRCPORT" ; fi if [ -n "$DESTIP" ]; then COMMENT2="$COMMENT2 D=`nameof $DESTIP`" ; fi if [ -n "$DESTPORT" ]; then COMMENT2="$COMMENT2:$DESTPORT" ; fi ORIGSRCPORT=$SRCPORT SRCPORT=`clientportrange "$SRCPORT" "$DESTPORT" "$PROTO" "$ACK"` DESTPORT=`clientportrange "$DESTPORT" "$ORIGSRCPORT" "$PROTO" "$ACK"` unset ORIGSRCPORT #if [ "$INFORMAT" != "ipchains-lv" ]; then TOS=" -t 0x01 0x08" ; fi #Maximize throughput on the assumption that this is FTP data or irc dcc? #If we have a high port to high port connection (darn ftp and irc dcc), do _not_ generalize to anywhere if [ "$SRCPORT" = "1024:65535" ] && [ "$DESTPORT" = "1024:65535" ]; then if [ "$SRCHOST" = "0/0" ]; then HOLDIPCONV="$IPCONV" ; IPCONV="HOST" ; SRCHOST=`generalizeip $SRCIP` ; IPCONV="$HOLDIPCONV" fi if [ "$DESTHOST" = "0/0" ]; then HOLDIPCONV="$IPCONV" ; IPCONV="HOST" ; DESTHOST=`generalizeip $DESTIP` ; IPCONV="$HOLDIPCONV" fi fi fi if [ -n "$SRCCOMMENT" ]; then COMMENT="$COMMENT $SRCCOMMENT" ; fi if [ -n "$DESTCOMMENT" ]; then if [ "$SRCCOMMENT" != "$DESTCOMMENT" ]; then COMMENT="$COMMENT $DESTCOMMENT" ; fi fi COMMENT="$COMMENT ($DIRLETTER)" SRCCISCOPORTSPEC="`port2ciscoport $SRCPORT $PROTO`" DESTCISCOPORTSPEC="`port2ciscoport $DESTPORT $PROTO`" fi #not ipchains-lv elif [ "$PROTO" = "icmp" ]; then #Handle ICMP comments convicmpcode $SRCPORT $DESTPORT #FIXME - maybe someday we'll do the cisco conversions to names too. DESTCISCOPORTSPEC=" $SRCPORT${DESTPORT:+" "}$DESTPORT" else #Handle non tcp/udp/icmp protocols COMMENT="$CMNT $PROTO ($DIRLETTER)" #COMMENT2="$CMNT$CMNT S=`nameof $SRCIP` D=`nameof $DESTIP`" COMMENT2="$CMNT$CMNT" #FIXME - put in case to test for null, */0, otherwise display if [ -n "$SRCIP" ]; then COMMENT2="$COMMENT2 S=`nameof $SRCIP`" ; fi if [ -n "$DESTIP" ]; then COMMENT2="$COMMENT2 D=`nameof $DESTIP`" ; fi fi if [ -n "$NUMPACKETS" ]; then COMMENT2="$COMMENT2 #^ $NUMPACKETS" ; fi if [ -n "$NUMBYTES" ]; then COMMENT2="$COMMENT2 #@ $NUMBYTES" ; fi #if [ "$LINEHASDYNAMIC" = "YES" ]; then COMMENT="$COMMENT DynamicIP" ; fi #LINEHASDYNAMIC is not exported because generalizeip is a function. Not used. CKPTMASON=" mason: var debug" ; #ckpt $CKPTMASON if [ "$DEBUG" = "YES" ]; then wrap J1=$J1 J2=$J2 J3=$J3 J4=$J4 J5=$J5 J6=$J6 J7=$J7 J8=$J8 J9=$J9 J10=$J10 J11=$J11 J12=$J12 J13=$J13 J14=$J14 J15=$J15 J16=$J16 J17=$J17 J18=$J18 J19=$J19 DIR=$DIR DIRLETTER=$DIRLETTER MESSPOL=$MESSPOL IF=$IF PROTO=$PROTO SRC=$SRC DEST=$DEST LFLAG=$LFLAG SFLAG=$SFLAG IFLAG=$IFLAG FOFLAG=$FOFLAG FFLAG=$FFLAG TFLAG=$TFLAG DFFLAG=$DFFLAG TAIL=$TAIL >/dev/stderr wrap Unused: DFFLAG, FFLAG, FOFLAG, IFLAG, LFLAG, MESSPOL, SFLAG, TFLAG >/dev/stderr fi #Actually create and implement the firewall command to display. CKPTMASON=" mason: Display" ; #ckpt $CKPTMASON DODISPLAY="YES" case "$ECHOCOMMAND" in #CURRENT=`awk "BEGIN {printf \"%x %0.0s %-12s %s x \n\", 57005, \"$AA$BB\", \"aaa\", \"cheeky\"}"` ipchains) CKPTMASON=" mason: ipchains display" ; #ckpt $CKPTMASON case "$ACK" in ""|" ") ECHOACK="" ;; "-k") ECHOACK="! -y" ;; "! -k") ECHOACK="-y" ;; esac if [ -n "$LOGTHIS" ]; then LOGTHIS="-l" ; fi #Handle 0/0 host spec or missing port spec - thanks, Rusty! case $SRCHOST in */0|*/0.0.0.0) if [ -n "$SRCPORT" ]; then SRCSPEC="--sport $SRCPORT " ; else SRCSPEC="" ; fi ;; *) if [ -n "$SRCPORT" ]; then SRCSPEC="-s $SRCHOST $SRCPORT " ; else SRCSPEC="-s $SRCHOST " ; fi ;; esac case $DESTHOST in */0|*/0.0.0.0) if [ -n "$DESTPORT" ]; then DESTSPEC="--dport $DESTPORT" ; else DESTSPEC="" ; fi ;; *) if [ -n "$DESTPORT" ]; then DESTSPEC="-d $DESTHOST $DESTPORT" ; else DESTSPEC="-d $DESTHOST" ; fi ;; esac #CURRENT="$IPCHAINSBIN -A $DIR ${IF:+"-i "}$IF ${PROTO:+"-p "}$PROTO $ECHOACK $SRCSPEC$DESTSPEC$TOS ${UCPOLICY:+"-j"} $UCPOLICY $LOGTHIS" #TOS is either blank or has a leading space #REMOVEME #FIXME - dont pad variables any more. -------------15----12----9----12---5---83 = 136 CKPTMASON=" mason: ipchains display - awk" ; #ckpt $CKPTMASON CURRENT=`awk "BEGIN {printf \"$IPCHAINSBIN %-11s %-8s %-11s %4s %-83s\", \ \"${DIR:+"-A "}$DIR\", \ \"${IF:+"-i "}$IF\", \ \"${PROTO:+"-p "}$PROTO\", \ \"$ECHOACK\", \ \"$SRCSPEC$DESTSPEC$TOS${MINMARK:+" -m "}$MINMARK${UCPOLICY:+" -j "}$UCPOLICY${LOGTHIS:+" "}$LOGTHIS\" \ }" || logfail $LINENO Mason: YYYY 0006` if [ -n "$MINMARK" ]; then INCMINMARK="1" ; fi ;; #ZZZZ - start of ECHOCOMMAND conversion to iptables. This is NOT complete. iptables) CKPTMASON=" mason: iptables display" ; #ckpt $CKPTMASON #FIXME - fix ACK matching case "$ACK" in ""|" ") ECHOACK="" ;; "-k") ECHOACK="! --syn" ;; "! -k") ECHOACK="--syn" ;; esac #FIXME - fix logging #if [ -n "$LOGTHIS" ]; then LOGTHIS="-l" ; fi #Handle 0/0 host spec or missing port spec - thanks, Rusty! case $PROTO in [Ii][Cc][Mm][Pp]) case $SRCHOST in */0|*/0.0.0.0) SRCSPEC="" ;; *) SRCSPEC="-s $SRCHOST " ;; esac case $DESTHOST in */0|*/0.0.0.0) DESTSPEC="" ;; *) DESTSPEC="-d $DESTHOST" ;; esac if [ -n "$SRCPORT" ]; then if [ -n "$DESTSPEC" ]; then DESTSPEC="$DESTSPEC " ; fi DESTSPEC="$DESTSPEC--icmp-type $SRCPORT" if [ -n "$DESTPORT" ]; then DESTSPEC="$DESTSPEC/$DESTPORT" fi fi ;; *) case $SRCHOST in */0|*/0.0.0.0) if [ -n "$SRCPORT" ]; then SRCSPEC="--sport $SRCPORT " ; else SRCSPEC="" ; fi ;; *) if [ -n "$SRCPORT" ]; then SRCSPEC="-s $SRCHOST --sport $SRCPORT " ; else SRCSPEC="-s $SRCHOST " ; fi ;; esac case $DESTHOST in */0|*/0.0.0.0) if [ -n "$DESTPORT" ]; then DESTSPEC="--dport $DESTPORT" ; else DESTSPEC="" ; fi ;; *) if [ -n "$DESTPORT" ]; then DESTSPEC="-d $DESTHOST --dport $DESTPORT" ; else DESTSPEC="-d $DESTHOST" ; fi ;; esac ;; esac if [ -n "$INIF" ] && [ -n "$IF" ]; then IFSPEC="-i $INIF -o $IF" elif [ -n "$INIF" ]; then IFSPEC="-i $INIF" elif [ -n "$IF" ]; then IFSPEC="-o $IF" else IFSPEC="" fi #CURRENT="$IPTABLESBIN -A $DIR ${IF:+"-i "}$IF ${PROTO:+"-p "}$PROTO $ECHOACK $SRCSPEC$DESTSPEC$TOS ${UCPOLICY:+"-j"} $UCPOLICY $LOGTHIS" #TOS is either blank or has a leading space #REMOVEME #FIXME - dont pad variables any more. -------------15----12----9----12---5---83 = 136 CKPTMASON=" mason: iptables display - awk" ; #ckpt $CKPTMASON CURRENT=`awk "BEGIN {printf \"$IPTABLESBIN %-11s %-8s %-11s %4s %-83s\", \ \"${DIR:+"-A "}$DIR\", \ \"$IFSPEC\", \ \"${PROTO:+"-p "}$PROTO\", \ \"$ECHOACK\", \ \"$SRCSPEC$DESTSPEC$TOS${UCPOLICY:+" -j "}$UCPOLICY${LOGTHIS:+" "}$LOGTHIS\" \ }" || logfail $LINENO Mason: YYYY 0007` #${MINMARK:+" -m "}$MINMARK #FIXME - future mark support? #if [ -n "$MINMARK" ]; then INCMINMARK="1" ; fi ;; #ZZZZ - end of conversion ipchains-save) #Currently experimental CKPTMASON=" mason: ipchains-save display" ; #ckpt $CKPTMASON case "$ACK" in " ") ECHOACK="" ;; "-k") ECHOACK="! -y" ;; "! -k") ECHOACK="-y" ;; esac if [ -n "$LOGTHIS" ]; then LOGTHIS="-l" ; fi case $SRCHOST in */0|*/0.0.0.0) SRCSPEC=" -s 0.0.0.0/0.0.0.0" ;; *) SRCSPEC=" -s ${SRCHOST%%/*}/`bits2mask ${SRCHOST##*/}`" ;; esac case "$SRCPORT" in #serverportrange should have returned a numeric port for ipchains-save "") SRCSPEC="$SRCSPEC 0:65535" ;; *:*) SRCSPEC="$SRCSPEC $SRCPORT" ;; *) SRCSPEC="$SRCSPEC $SRCPORT:$SRCPORT" ;; esac case $DESTHOST in */0|*/0.0.0.0) DESTSPEC=" -d 0.0.0.0/0.0.0.0" ;; *) DESTSPEC=" -d ${DESTHOST%%/*}/`bits2mask ${DESTHOST##*/}`" ;; esac case "$DESTPORT" in "") DESTSPEC="$DESTSPEC 0:65535" ;; *:*) DESTSPEC="$DESTSPEC $DESTPORT" ;; *) DESTSPEC="$DESTSPEC $DESTPORT:$DESTPORT" ;; esac PROTONUMBER=`grep -i "^$PROTO[[:space:]]" /etc/protocols | awk '{print $2}' || logfail $LINENO Mason: YYYY 0008` #Head -1? if [ -z "$PROTONUMBER" ]; then #CURRENT="-A $DIR $SRCSPEC $DESTSPEC ${IF:+"-i "}$IF ${PROTO:+"-p "}$PROTO $TOS ${UCPOLICY:+"-j "}$UCPOLICY $LOGTHIS $ECHOACK ${MINMARK:+"-m"} $MINMARK" #TOS is either blank or has a leading space #REMOVEME CURRENT=`awk "BEGIN {printf \"%-111s\", \ \"${DIR:+"-A "}$DIR$SRCSPEC$DESTSPEC${IF:+" -i "}$IF${PROTO:+" -p "}$PROTO$TOS${UCPOLICY:+" -j "}$UCPOLICY${LOGTHIS:+" "}$LOGTHIS${ECHOACK:+" "}$ECHOACK${MINMARK:+" -m "}$MINMARK\" }" || logfail $LINENO Mason: YYYY 0009` else #CURRENT="-A $DIR $SRCSPEC $DESTSPEC ${IF:+"-i "}$IF ${PROTONUMBER:+"-p "}$PROTONUMBER $TOS ${UCPOLICY:+"-j "}$UCPOLICY $LOGTHIS $ECHOACK ${MINMARK:+"-m"} $MINMARK" #TOS is either blank or has a leading space #REMOVEME CURRENT=`awk "BEGIN {printf \"%-111s\", \ \"${DIR:+"-A "}$DIR$SRCSPEC$DESTSPEC${IF:+" -i "}$IF${PROTONUMBER:+" -p "}$PROTONUMBER$TOS${UCPOLICY:+" -j "}$UCPOLICY${LOGTHIS:+" "}$LOGTHIS${ECHOACK:+" "}$ECHOACK${MINMARK:+" -m "}$MINMARK\" }" || logfail $LINENO Mason: YYYY 0010` fi ;; ipfwadm) CKPTMASON=" mason: ipfwadm display" ; #ckpt $CKPTMASON if [ -n "$LOGTHIS" ]; then LOGTHIS="-o" ; fi #CURRENT="$IPFWADMBIN -a $LCPOLICY ${IF:+"-W "}$IF ${DIRLETTER:+"-"}$DIRLETTER ${PROTO:+"-P "}$PROTO $ACK -S $SRCHOST $SRCPORT -D $DESTHOST $DESTPORT$TOS $LOGTHIS" #REMOVEME CURRENT=`awk "BEGIN {printf \"$IPFWADMBIN %-9s %-8s %-2s %-11s %4s %-72s\", \ \"${LCPOLICY:+"-a "}$LCPOLICY\", \ \"${IF:+"-W "}$IF\", \ \"${DIRLETTER:+"-"}$DIRLETTER\", \ \"${PROTO:+"-P "}$PROTO\", \ \"$ACK\", \ \"-S $SRCHOST $SRCPORT -D $DESTHOST $DESTPORT$TOS $LOGTHIS\" \ }" || logfail $LINENO Mason: YYYY 0011` case $PROTO in [Tt][Cc][Pp]|[Uu][Dd][Pp]|[Ii][Cc][Mm][Pp]) #FIXME - should we be actually running a rule here? I really think this is wrong. eval "$IPFWADMBIN ${LCPOLICY:+"-i"} $LCPOLICY ${IF:+"-W"} $IF -$DIRLETTER ${PROTO:+"-P"} $PROTO $ACK -S $SRCHOST $SRCPORT -D $DESTHOST $DESTPORT $TOS $LOGTHIS || logfail $LINENO Mason: YYYY 0012" ;; *) CURRENT="#(invalid protocol for ipfwadm) $CURRENT" #only show the warning once. if [ -z "$NONIPFWADMPROTOWARNED" ]; then wrap ${WARN}ipfwadm cannot handle protocols other than tcp, udp and icmp. This rule wanted to use protocol: $PROTO . This is the only warning you will get this run.${NORM} >/dev/stderr NONIPFWADMPROTOWARNED="YES" fi ;; esac ;; cisco) #FIXME handle comments to user for $IF, $DIRLETTER, fix "eq", TOS format? no forwarding rules (maybe in baserules?) #FIXME - is this screwing up the DOCOMMAND=ipchains parameters? CKPTMASON=" mason: cisco display" ; #ckpt $CKPTMASON if [ "$DIRLETTER" = "F" ]; then DODISPLAY="NO" ; wrap Forwarding rule skipped in cisco mode. >/dev/stderr elif [ "$IF" = "lo" ]; then DODISPLAY="NO" ; wrap Loopback interface skipped in cisco mode. >/dev/stderr else case "$LCPOLICY" in "reject"|"deny "|"deny") CISCOPOLICY="deny" ;; "accept"|"accept -m") CISCOPOLICY="permit" ;; #Cisco Masq? sorry, do not know how. *) CISCOPOLICY="unknown" ;; esac case "$ACK" in " ") ECHOACK="" ;; "-k") ECHOACK="established" ;; "! -k") ECHOACK="" ;; esac if [ -n "$LOGTHIS" ]; then LOGTHIS="log" ; fi if [ -n "$TOS" ]; then CISCOTOS=" tos$TOS" ; else CISCOTOS="" ; fi case $IF in eth0) CISCOIF="E0" ;; eth1) CISCOIF="E1" ;; eth2) CISCOIF="E2" ;; eth3) CISCOIF="E3" ;; ppp0) CISCOIF="S0" ;; ppp1) CISCOIF="S1" ;; ppp2) CISCOIF="S2" ;; ppp3) CISCOIF="S3" ;; tr0) CISCOIF="To0" ;; tr1) CISCOIF="To1" ;; tr2) CISCOIF="To2" ;; tr3) CISCOIF="To3" ;; *) CISCOIF="`echo "$IF" | sed -e 's/^eth/E/' -e 's/^ppp/S/' -e 's/^tr/To/'`" ;; esac #CURRENT="access-list $DIRLETTER$CISCOIF $CISCOPOLICY $PROTO $SRCHOST$SRCCISCOPORTSPEC $DESTHOST$DESTCISCOPORTSPEC$CISCOTOS $ECHOACK $LOGTHIS" #REMOVEME CURRENT=`awk "BEGIN {printf \"access-list %-4s %-6s %-8s %-90s\", \ \"$DIRLETTER$CISCOIF\", \ \"$CISCOPOLICY\", \ \"$PROTO\", \ \"$SRCHOST$SRCCISCOPORTSPEC $DESTHOST$DESTCISCOPORTSPEC$CISCOTOS $ECHOACK $LOGTHIS\" \ }" || logfail $LINENO Mason: YYYY 0013` fi ;; esac # No need to handle ECHOCOMMAND=none :-) CKPTMASON=" mason: finished display" ; #ckpt $CKPTMASON if [ "$DEBUG" = "YES" ]; then echo current= "$CURRENT" >/dev/stderr ; fi if [ -n "$UNDOSPECIFICRULE" ]; then eval "$UNDOSPECIFICRULE" ; fi #Don't do anything if this is the same as one of the last 8 rules. This #reduces the occurence of repeated rules showing up. CKPTMASON=" mason: Implement new rule" ; #ckpt $CKPTMASON #Yank mark values before comparing case `echo $CURRENT | sed -e 's/ -m [0-9][0-9]* //'` in $LAST1|$LAST2|$LAST3|$LAST4|$LAST5|$LAST6|$LAST7|$LAST8) if [ "$HEARTBEAT" = "YES" ]; then echo -n "-" >/dev/stderr ; NEEDLF="YES" ; fi ;; *) if [ "$NEEDLF" = "YES" ]; then echo >/dev/stderr ; NEEDLF="NO" ; fi if [ "$DOBEEP" = "YES" ]; then echo -n -e "\a" >/dev/stderr ; fi if [ "$DODISPLAY" = "YES" ]; then case $ECHOCOMMAND in ipchains|ipfwadm|cisco|iptables) echo "$CURRENT $COMMENT $COMMENT2" ;; ipchains-save) echo $CURRENT ;; esac fi #Put a real rule in the rule chain so that we don't log it again. We need to use eval since ${xxxHOST} may be a $DYNIP #and may need to be evaluated to its real value. CKPTMASON=" mason: Actually put new rule in" ; #ckpt $CKPTMASON if [ "$DOCOMMAND" = "ipfwadm" ]; then if [ -n "$LOGTHIS" ]; then LOGTHIS="-o" ; fi case $PROTO in [Tt][Cc][Pp]|[Uu][Dd][Pp]|[Ii][Cc][Mm][Pp]) #FIXME - here and below - watch out for data fields that have their own parameters "-t 0x..." #REMOVEME #eval "$IPFWADMBIN ${LCPOLICY:+"-i"} $LCPOLICY ${IF:+"-W"} $IF -$DIRLETTER ${PROTO:+"-P"} $PROTO $ACK -S $SRCHOST $SRCPORT -D $DESTHOST $DESTPORT $TOS $LOGTHIS || logfail $LINENO Mason: YYYY 0014" #REMOVEME echo 0022 DIRLETTER $DIRLETTER >>${MASONDIR}masoncrash dorule "i" "$DIRLETTER" "$IF" '' "$PROTO" "$SRCHOST" "$SRCPORT" "$DESTHOST" "$DESTPORT" '' "$ACK" "$LCPOLICY" "$TOS" "$LOGTHIS" "" || logfail $LINENO Mason: YYYY 0022 ;; *) #only show the warning once. if [ -z "$NONIPFWADMPROTOWARNED" ]; then wrap ${WARN}ipfwadm cannot handle protocols other than tcp, udp and icmp. This rule wanted to use protocol: $PROTO. This is the only warning you will get this run${NORM}. >/dev/stderr NONIPFWADMPROTOWARNED="YES" fi ;; esac elif [ "$DOCOMMAND" = "ipchains" ]; then case "$ACK" in ""|" ") DOACK="" ;; "-k") DOACK="! -y" ;; "! -k") DOACK="-y" ;; esac if [ -n "$LOGTHIS" ]; then LOGTHIS="-l" ; fi #FIXME - yank these once we're using dorule. case $DIRLETTER in I) DIR="`chainnameof input`$NOLOGSUFFIX" ;; O) DIR="`chainnameof output`$NOLOGSUFFIX" ;; F) DIR="`chainnameof forward`$NOLOGSUFFIX" ;; esac #REMOVEME #eval "$IPCHAINSBIN ${DIR:+"-I"} $DIR 1 ${IF:+"-i"} $IF ${PROTO:+"-p"} $PROTO $DOACK -s $SRCHOST $SRCPORT -d $DESTHOST $DESTPORT $TOS ${MINMARK:+"-m"} $MINMARK ${UCPOLICY:+"-j"} $UCPOLICY $LOGTHIS || logfail $LINENO Mason: YYYY 0015" #REMOVEME echo 0023 DIR $DIR >>${MASONDIR}masoncrash dorule i "$DIR" "$IF" '' "$PROTO" "$SRCHOST" "$SRCPORT" "$DESTHOST" "$DESTPORT" "$MINMARK" "$DOACK" "$UCPOLICY" "$TOS" "$LOGTHIS" "" || logfail $LINENO Mason: YYYY 0023 if [ -n "$MINMARK" ]; then INCMINMARK="1" ; fi #ZZZZ - start conversion to iptables. NOT complete. elif [ "$DOCOMMAND" = "iptables" ]; then case "$ACK" in ""|" ") DOACK="" ;; "-k") DOACK="! -y" ;; "! -k") DOACK="-y" ;; esac if [ -n "$LOGTHIS" ]; then LOGTHIS="-l" ; fi #FIXME - simplify, no case needed. global fix. case $DIRLETTER in I) DIR="`chainnameof INPUT`$NOLOGSUFFIX" ;; O) DIR="`chainnameof OUTPUT`$NOLOGSUFFIX" ;; F) DIR="`chainnameof FORWARD`$NOLOGSUFFIX" ;; esac #REMOVEME #eval "$IPTABLESBIN ${DIR:+"-I"} $DIR 1 ${IF:+"-i"} $IF ${PROTO:+"-p"} $PROTO $DOACK -s $SRCHOST $SRCPORT -d $DESTHOST $DESTPORT $TOS ${MINMARK:+"-m"} $MINMARK ${UCPOLICY:+"-j"} $UCPOLICY $LOGTHIS || logfail $LINENO Mason: YYYY 0016" #REMOVEME echo 0024 DIR $DIR >>${MASONDIR}masoncrash #Returns INPUTN, FORWARDN, OUTPUTN dorule i "$DIR" "$INIF" "$IF" "$PROTO" "$SRCHOST" "$SRCPORT" "$DESTHOST" "$DESTPORT" "$MINMARK" "$DOACK" "$UCPOLICY" "$TOS" "$LOGTHIS" "" || logfail $LINENO Mason: YYYY 0024 if [ -n "$MINMARK" ]; then INCMINMARK="1" ; fi #ZZZZ - end iptables conversion fi # no need to handle DOCOMMAND=none :-) CKPTMASON=" mason: push current rule on last stack" ; #ckpt $CKPTMASON LAST8=$LAST7 ; LAST7=$LAST6 ; LAST6=$LAST5 ; LAST5=$LAST4 LAST4=$LAST3 ; LAST3=$LAST2 ; LAST2=$LAST1 ; LAST1=`echo $CURRENT | sed -e 's/ -m [0-9][0-9]* //' || logfail $LINENO Mason: YYYY 0017` ;; esac #Check that current isn't equal to one of the previous 8 rules. if [ "$DEBUG" = "YES" ]; then wrap src= $SRCIP $SRCPORT dest= $DESTIP $DESTPORT if= $IF proto= $PROTO >/dev/stderr ; fi if [ "$LCPOLICY" = "accept -m" ]; then #Reset policy to non-masq for the next rule. UCPOLICY="ACCEPT" ; LCPOLICY="accept" fi fi #if ISLOGLINE if [ -n "$MINMARK" ]; then MINMARK=$[ $MINMARK + $INCMINMARK ] ; fi #Get the next log entry and start over. unset ACK COMMENT DEST DESTHOST DESTIP DESTPORT DIR DIRLETTER DOACK ECHOACK IF IGNOREPORT INIF ISLOGLINE \ LINEHASDYNAMIC LOGTHIS MESSPOL NUMBYTES NUMPACKETS PROTO SRC SRCHOST SRCIP SRCPORT SYNFLAG SYNFLAGSEEN TAIL TOS || : #unset DFFLAG FFLAG FOFLAG IFLAG LFLAG SFLAG TFLAG || : #These are unused. if [ -n "$MINMARK" ]; then INCMINMARK="0" ; fi TOS="" A3=$O3 ; A4=$O4 ; A5=$O5 ; A6=$O6 ; A7=$O7 ; A8=$O8 ; A9=$O9 ; A10=$O10 ; A11=$O11 ; A12=$O12 ; A13=$O13 O3=$J3 ; O4=$J4 ; O5=$J5 ; O6=$J6 ; O7=$J7 ; O8=$J8 ; O9=$J9 ; O10=$J10 ; O11=$J11 ; O12=$J12 ; O13=$J13 #CKPTMASON=" mason: reading next line" ; #ckpt $CKPTMASON CKPTMASON="" ; #ckpt $CKPTMASON if ! read J1 J2 J3 J4 J5 J6 J7 J8 J9 J10 J11 J12 J13 J14 J15 J16 J17 J18 J19 J20 J21 J22 J23 J24 J25 J26 J27 J28 J29 J30 ; then if [ "$SIGGED" != "YES" ]; then EXITMASON="YES" ; fi fi #Keep reading until a line with different firewall values is found. #FIXME - test for J19 once SYN checking is in place. J20+? #FIXME {O3=J3||INFORMAT=ipfwadm } or something like that for fields that don't need to be checked? A function? while { [ "$O3" = "$J3" ] && [ "$O4" = "$J4" ] && [ "$O5" = "$J5" ] && [ "$O6" = "$J6" ] && \ [ "$O7" = "$J7" ] && [ "$O8" = "$J8" ] && [ "$O9" = "$J9" ] && [ "$O10" = "$J10" ] && \ [ "$O11" = "$J11" ] && [ "$O12" = "$J12" ] && [ "$O13" = "$J13" ] ; } || { [ "$A3" = "$J3" ] && [ "$A4" = "$J4" ] && [ "$A5" = "$J5" ] && [ "$A6" = "$J6" ] && \ [ "$A7" = "$J7" ] && [ "$A8" = "$J8" ] && [ "$A9" = "$J9" ] && [ "$A10" = "$J10" ] && \ [ "$A11" = "$J11" ] && [ "$A12" = "$J12" ] && [ "$A13" = "$J13" ] ; } || { [ "$SIGGED" = "YES" ] ; } ; do #CKPTMASON=" mason: duped line or sigged" ; #ckpt $CKPTMASON CKPTMASON="" ; #ckpt $CKPTMASON if [ "$EXITMASON" = "YES" ]; then continue ; fi if [ "$SIGGED" = "YES" ]; then SIGGED="NO" else if [ "$HEARTBEAT" = "YES" ]; then echo -n "." >/dev/stderr ; NEEDLF="YES" ; fi A3=$O3 ; A4=$O4 ; A5=$O5 ; A6=$O6 ; A7=$O7 ; A8=$O8 ; A9=$O9 ; A10=$O10 ; A11=$O11 ; A12=$O12 ; A13=$O13 O3=$J3 ; O4=$J4 ; O5=$J5 ; O6=$J6 ; O7=$J7 ; O8=$J8 ; O9=$J9 ; O10=$J10 ; O11=$J11 ; O12=$J12 ; O13=$J13 fi if ! read J1 J2 J3 J4 J5 J6 J7 J8 J9 J10 J11 J12 J13 J14 J15 J16 J17 J18 J19 J20 J21 J22 J23 J24 J25 J26 J27 J28 J29 J30 ; then if [ "$SIGGED" != "YES" ]; then EXITMASON="YES" ; fi fi done done #CKPTMASON=" mason: outside of main loop" ; #ckpt $CKPTMASON CKPTMASON="" ; #ckpt $CKPTMASON if [ "$NEEDLF" = "YES" ]; then echo >/dev/stderr ; NEEDLF="NO" ; fi if [ "$J1" = '!!EXIT!!' ]; then wrap Mason is exiting because of an exit request on stdin. >/dev/stderr elif [ "$EXITMASON" = "YES" ]; then wrap Mason is exiting because of a SIGHUP or EXITMASON=YES. >/dev/stderr else wrap Mason is exiting because of an end of input data. >/dev/stderr fi CKPTMASON="" exit 0 mason-1.0.0.orig/mason-1.html0100644000765700007640000000555007467640610014617 0ustar martinedv The Mason HOWTO: Formalities Next Previous Contents

    1. Formalities

    1.1 Disclaimer

    ---------------If you read nothing else, please read this----------------

    This program offers an aid to creating firewall rules. It offers ABSOLUTELY NO intelligence in deciding what should be allowed or disallowed. It has ABSOLUTELY NO ability to understand your security policy and implement it. YOU are responsible for reviewing the rules and massaging them to fit your needs.

    While this documentation attempts to provide some general guidelines on how to use Mason, please remember: the author has no knowledge of what you want your firewall to do and has not tailored the documentation or program to specially fit your needs. If there is ever a discrepancy between your needs and the program output or your needs and the documentation, the program and/or documentation are _dead_ _wrong_.

    1.2 Copyleft

    Mason interactively creates a Linux packet filtering firewall.

    Copyright (C) 1998-2002 William Stearns wstearns@pobox.com

    This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

    This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

    You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

    The author can also be reached at:

    email

    wstearns@pobox.com (preferred)

    web

    http://www.stearns.org/mason/

    snail

    William Stearns
6 Manchester Dr.
Lebanon NH, 03766, USA

    This code is entirely owned by William Stearns ( wstearns@pobox.com) and has no relation to any employer or employer sponsored project.

    Next Previous Contents mason-1.0.0.orig/mason-10.html0100644000765700007640000000420407467640611014673 0ustar martinedv The Mason HOWTO: Additional resources Next Previous Contents

    10. Additional resources

    Next Previous Contents mason-1.0.0.orig/mason-11.html0100644000765700007640000001415707467640611014704 0ustar martinedv The Mason HOWTO: Authors, credits, feedback, copyright, how to help! Next Previous Contents

    11. Authors, credits, feedback, copyright, how to help!

    Once again, the linux kernel and firewall developers deserve all the credit. Mason is simply a front end to a fast, powerful, stable firewall implementation in the linux kernel. Many thanks to all the linux firewall developers.

    The name "Mason" comes from two sources; first of all, it builds a (fire)wall. Second, it's my nephew's name. Mason lives in Brooklyn with my sister and her husband and my niece Eve. He's a great guy!

    If you have comments, suggestions, problems, ideas, flames, patches, whatever, I'd like to hear them. I'd even be interested in hearing where Mason fell short for your needs. My permanent email address is wstearns@pobox.com. The permanent web site for the software is http://www.pobox.com/~wstearns/mason/.

    Jeff Licquia has kindly offered to package up Mason into a Debian package. The Debian requirements are helping to make a better program for all distributions.

    Jens Knudsen wrote nicerules, a wrapper script for Mason. It's a simple script that takes the "newrules" output, sorts and orders the firewall rules in a way that makes it easier to review security, and produces a "standalone" firewall script and a firewall.disable script. The script probably has many "bugs", use it as an aid, but don't blame him for any problems it may cause you. There is more information in the actual script which is also heavily commented. Have fun.

    If you choose to send me actual mason firewall rules and choose to hide the IP addresses and/or networks for security reason, that's fine, but please replace them with something that describes their general use so I can make sense of them. For example: 

    cat myrules | sed -e 's@11.22.33.44/32@fw-outside@' \
                  -e 's@192.168.1.1/32@fw-inside@' \
                  -e 's@192.168.1.0/24@inside-net@' \
>myrules.mailable
    - or something like that.

    There are a number of things you can do to help this project:

    • Send in bug reports.
    • Send in suggestions or fixes.
    • Organize the documentation.
    • Design a logo.
    • Take over the announcement process.
    • Help integrate Mason into your distribution. Heck, just letting me know under which distributions Mason works is helpful!
    • Organize the Web site into a more useful resource.
    • Set up mailing lists for developers, announcements, and users.

    The files in the Mason package are Copyright (c) 1998-2002 by William Stearns wstearns@pobox.com or Jeff Licquia. They are released under the GNU GPL, which is included in the package. If you did not recieve a copy of this license, please contact the author for a copy (see the top of the Mason script for contact information for the author and the Free Software Foundation).

    William is also the author of buildkernel, the automated Linux kernel builder, and other minor shell scripts.

    11.1 Thanks

    Chris Brenton deserves very special thanks for spending an evening with me discussing a number of questions I've had about packet filtering. He was very kind to share his knowledge with me. I owe him a pizza sometime. :-)

    Chris has written some excellent networking texts - I'm about halfway through Mastering Network Security and am very impressed with the writing and content: Multiprotocol Network Design & Troubleshooting, Mastering Network Security. The above plug was not requested, but is well deserved.

    Thanks to Nathan Bailey who took the time to remind me that there is a Perl Module that's also called Mason. Thanks also to Jonathan Swartz, the author of HTML::Mason who graciously agreed to share the name and pointers with me.

    Many thanks to Dave Stern, who has offered suggestions on how to improve Mason and helped with beta testing early versions. Maybe someday I'll tell him they were prerelease versions... :-)

    Thanks to all of the people who have sent in questions, bug reports, fixes, improvements, and six foot long lizards.

    The new section of masonrc with a boatload of backdoor ports is courtesy of the authors of and contributors to snort. Specifically, Nick Rogness, Jim Forster and Martin Markgraf are credited with the work on the ports - many thanks, guys.

    Snort can be found at http://www.snort.org. It's a really cool intrusion detection tool. Thanks to Marty roesch@clark.net for the tool.

    A special thank you to all the authors in the Linux movement. In a small way, the code I return to the community is my way of paying back my incredible debt to the people who came before me.

    As always, many thanks to my wife Debbie, who has shown amazing patience with my Linux related projects. Many thanks, my love.

    Next Previous Contents mason-1.0.0.orig/mason-2.html0100644000765700007640000002765107467640611014627 0ustar martinedv The Mason HOWTO: Introduction Next Previous Contents

    2. Introduction

    "If you have not checked out Mason, I highly recommend it. Mason is a Linux based firewall, but none like you've ever used. In short, you put Mason into learning mode and run the services to the Internet you wish to support. Mason will then take these log entries and turn them into a set of packet filtering rules. Pretty cool eh? No ACK compliment rules to worry about, no "what was that service port again?" decisions to worry about, simply plug it in, let it learn and off you go. :)"
    - - Chris Brenton, cbrenton@sover.net

    The Mason script interactively builds a (fire)wall on a Linux machine. For more details about how this is done, please read on for background, theory of operation, a quick start, and additional documentation on firewalls and firewall gotcha's.

    mason.txt and related documentation should have been installed to /usr/doc/mason-{version}/ . If they are missing or you would like to make sure you have the latest version, please go to http://www.stearns.org/mason/ .

    The impatient should go right to the Quickstart.

    2.1 Background and motivation

    The built-in firewall features of the Linux kernel offer a powerful set of packet filtering features that can be used to build a firewall. The various pieces of available documentation provide an introduction on how to configure the firewall for simple setups, but can't possibly explain how to configure a firewall for more complex setups, including fine-grained allow and deny lists. This is especially obvious when trying to create a firewall with a default policy of deny.

    Someone looking to configure a linux firewall is simultaneously hit with the complexity of trying to understand the ipfwadm syntax, trying to understand the structure of TCP/IP connections, and trying to create and implement a security policy. No wonder firewalls are daunting!

    The Mason application attempts to handle the first two problems by dynamically creating the firewall based on the traffic flowing through it. For example, if you start up a telnet session through your firewall from a machine on your LAN to a machine out on the WAN while mason is running, mason will create all the rules necessary to allow this traffic.

    Conversely, if you're looking to block incoming NFS requests, simply launch mason, select a "deny" or "reject" policy, and make the NFS connection. When the firewall is restarted, voila! No more incoming NFS.

    Creating a firewall no longer requires understanding the ipfwadm, ipchains or iptables syntax. Even novices can create a firewall under Linux. _HOWEVER_, creating a _good_ firewall _still_ requires some understanding of TCP/IP protocols and packet filtering. Many good books cover this. Check out O'Reilly and Associates ( http://www.ora.com or http://www.oreilly.com ) for some excellent general coverage of firewall designs.

    One last novice's mistake I'd like to see Mason users avoid is the false sense of security that a firewall can provide. _Truly_ securing a system or network requires _much_ more than simply filtering packets. The aforementioned books provide a great background in general security.

    2.2 Basic theory of operation

    Before starting, if the user has some rules that he or she knows should be used in this machine, these can be added to /var/lib/mason/baserules. As part of the process of running Mason, we'll add rules that log all other packets to /var/log/messages. The "tail" command is used to feed these log messages into Mason, which converts each log entry into the corresponding command necessary to allow that kind of traffic. In the previous telnet example, 6 different firewall rules would be created on the firewall, three for the original request packet, 3 for the response back from the server (just 1 or 2 in iptables firewalls): 

    pkt 1:  Allow telnet request in from LAN
pkt 1:  Forward request through firewall
pkt 1:  Allow request to exit to WAN
pkt 2:  Allow telnet response back into firewall from WAN
pkt 2:  Forward response through system
pkt 2:  Allow response to exit back to the original machine on the LAN.

    All packets from 3 on are handled by these rules. There may be a short delay in the initial connection as the rules are created.

    The script creates the actual ipfwadm/ipchains/iptables commands to accomodate the packet flow. When the command is executed the new rule is inserted at the head of the existing rules so that future packets of this type no longer reach the logging rule at the bottom.

    The rules are also echoed to the console so that you can see the rules as they are executed or redirect them to a file. This process is handled automatically by mason-gui-text.

    If any of this is unclear, take a look at the Quickstart which walks you through actually running it. It'll make more sense when you see it in action.

    2.3 Compatibility and requirements

    • Distributions
      • Heavily tested on RedHat 5.x, 6.x, and 7.x
      • Compatible with Debian 2.x
      • Probably works with Slackware
      • Probably works with Suse, but you need to choose between the default /etc/rc.d/init.d/firewall and the one included with Mason
    • Requirements
      • Bash 1.x or 2.x
      • Standard system utilities: awk, cat, chmod, cut, grep, head, ifconfig, mkdir, ps, route, sed, sleep, sort, tail, touch, tr, true, uniq and wc
      • A kernel that supports packet filtering and packet logging (kernel 2.0's ipfwadm, kernel 2.2's ipchains, or 2.4's iptables)
      • The ipchains, ipfwadm or iptables binaries.
    • Things Mason doesn't care about
      • Hardware architecture (i386, Axp, Sparc...)
      • Number or type of interfaces
      • Whether the machine is a router or end-node (a normal server or workstation).

    2.4 Features

    Mason supports the following: (see the release notes for additional features)

    • It accepts any mix of ipchains, ipfwadm or iptables log entries as input.
    • It can run on an ipfwadm, ipchains or iptables kernel.
    • It can spit out ipfwadm, ipchains or iptables output.
    • In theory, the above 3 are independent from each other. Mason can, for example, accept ipchains and ipfwadm log entries, run on an ipfwadm host, and output ipchains rules. Unfortunately, the structure and design of an iptables firewall is sufficiently different from ipfwadm and ipchains firewalls that you can't automatically convert back and forth.
    • It will run on the firewall machine or on another machine, using the firewall's packet logs as input.
    • It can run as the traffic is flowing through the machine or be fed the firewall logs later.
    • While there are some advantages to running as root, it can be run as a non-root user.
    • Mason will put in a macro for dynamic IP addresses, usually for your ppp link.
    • It supports any kind of interface that can carry TCP/IP traffic.
    • It recognizes any protocol listed in /etc/services and commonly used icmp protocols.
    • It automatically handles setups such as cable modem or satellite where the packets go out on one interface and come back on another.
    • It automatically handles masquerading on the firewall and the strange rules that can require.
    • It allows you to put in any rules you may know you need and fills in the rest, or just builds the entire thing for you if you prefer. It can also be used after a firewall has been created to fill in some new rules or new protocols.
    • It automatically generalizes the firewall rules in the following ways:
      • Any local IP addresses are converted to the corresponding local network. Special IP's (0.0.0.0, 127.0.0.1, 255.255.255.255) are handled appropriately. Mason can also be configured to leave addresses alone or convert them to hostnames. This gives you the ability to either treat all machines in a subnet as having equal access rights or create fine-grained access rules for individual servers, as you choose.
      • Non-local IP's are converted to 0/0 (anywhere).
      • Port numbers in /etc/services are converted to the corresponding service name.
      • High port numbers are generalized to 1024:65535. The special port needs of ssh, traceroute, nfs, ip masquerading, irc, x, openwindows, and vnc are handled automatically.
    • The ack flag is set for all tcp connections except for ftp.
    • The TOS (type Of Service) flag is set for ftp, ftp-data, imap, irc, nntp, pop, ssh, snmp, and telnet to improve interactive performance by queuing interactive packets ahead of bulk transfer packets.
    • Each output line is commented to give you an idea of what it's for and allow for easy grouping via sort.
    • The rule policy can be changed on the fly without having to stop Mason.
    • Because Mason is a shell script, it can run on any system with bash and basic GNU tools (sed, awk, grep, etc.). Actually creating the firewall log entries, interactively building the firewall, or implementing the finished firewall needs requires a Linux system with appropriate kernel (generally 2.0.0 and up, including 2.1.x and 2.2.x) with firewalling and firewall packet logging built in.
    • Thanks to Don Howard howarddj@bigvax.alfred.edu, Mason 0.12.0 and above have initial support for creating Cisco ACL's. The support is not truly complete, and hence untested. It needs someone that's interested in working with me on the project before it's complete.
    • A rather extensive manual/howto/notes file covers operating Mason and some issued associated with packet filtering firewalls. Good reading for anyone trying to understand some of the more advanced topics in packet filtering firewalls.
    • automatically makes masq rules for reserved addresses
    • icmp subcodes
    • support for ip tunneling, cipe and a number of other protocols
    • removal of the namecache (no longer needed)
    • mason now stops logging packets quickly while it does the main processing
    • stop using ipcalc to calculate broadcast
    • don't touch /etc/hosts or /etc/services
    • more Debian integration and two man pages (Thanks, Jeff!)
    • support for ipchains-save output format
    • support for --sport and --dport (Thanks, Rusty!)
    • major documentation updates
    • the ability to add packet counts to each rule, sorting the most commonly used rules to the top (ipfwadm and ipchains only; iptables no longer requires this).
    • misc. bug fixes and performance improvements
    • fixes to the Cisco output format
    • the ability to generalize the ack rules for tcp connections, cutting 25%-35% of the rules
    • an internal checkpointing ability to help in debugging
    • Mason can find the smallest subnet that encompasses the ips found on a dynamic interface
    • and no_outgoing_ protocols

    Next Previous Contents mason-1.0.0.orig/mason-3.html0100644000765700007640000003005207467640611014615 0ustar martinedv The Mason HOWTO: Quickstart Next Previous Contents

    3. Quickstart

    This document is designed to help people who are unfamiliar with Mason build a firewall using it. A novice user should be able to start building a basic firewall using these instructions in 20 minutes. 

    #include <disclaimer.h>

    3.1 Make sure the system is already pretty secure.

    See the Linux security sites and the Linux Administrators Security Guide for more info. A strict packet filtering firewall is useless if someone can get root access somehow; they can just turn off the firewall.

    3.2 Install the Mason package

    5 minutes or less.

    If you're using an rpm-based system, type just 

    rpm -Uvh ftp://www.stearns.org/pub/wstearns/mason/mason-1.0.0-0.noarch.rpm

    Otherwise, download the latest version to /usr/src, 

    cd /usr/src<Enter>
tar -xzvf mason...tar.gz<Enter>
cd mason...<Enter>
make install<Enter>

    3.3 Prepare /etc/services

    Probably mostly done!

    Mason depends on a few setup details to be able to provide a firewall that works in the way you intended. Make sure that /etc/services includes the server port names for all services you intend to work with, whether those services are running on the firewall machine or on some other machine.

    For example, if you intend to use ssh to connect to another system, make sure that the line 

    ssh     22/tcp

    is in /etc/services. Entries that might be missing include: 

    ftp-data        20/tcp
ssh             22/tcp          #Secure shell
linuxconf       98/tcp
squid           3128/tcp        #Squid proxy cache requests
icp             3130/udp        #Inter Cache Protocol, used in squid

    It is not necessary to include entries for services that you don't use. Also, do _not_ place entries for _client_ ports in this file; Mason assumes anything referenced in this file is a server port. For example, even though one of the client ports used for ssh is 1022/tcp, you would _not_ place this in /etc/services. Doing so would cause Mason to provide incorrect rules.

    If you're not sure which ports are being used as servers on the firewall or on other machines on your network, use the "netstat -an | less" command on Linux/Unix systems and look for lines with "LISTEN".

    3.4 Prepare /etc/hosts

    Probably mostly done!

    Try to place short names first. You don't have to do this, but the firewall will be much more readable in the end if you do.

    Make sure that your /etc/hosts file has at least entries for:

    • locahost
    • the ip addresses of all interfaces on your firewall
    • all the networks in your routing table except 0.0.0.0.
    • all dns servers
    • any other hosts that Mason might treat specially

    For example: 

    127.0.0.1               localhost
172.16.0.1              fwall-inside    bastion bastion.mydomain.org
12.13.14.15             fwall-outside
172.16.0.0              INSIDE                  #I use all caps to distinguish networks from normal IP's.
12.13.14.0              OUTSIDE
12.13.16.10             myisp-dns1
12.13.16.11             myisp-dns2
12.13.14.44             ntp             bonzo   bonzo.mydomain.org

    3.5 Prepare the routing table and interfaces

    Probably already done!

    Mason assumes that the routing table and interfaces are set up to match the way the final firewall will run. If you're running this on the actual firewall machine and all the interfaces and networks have been configured, proceed to the next step.

    Edit /etc/masonrc on the machine on which Mason will run. Edit the line (or add it if it's not there) 

    NETWORKS="....."
    Inside the quotes, place the following:

    • All ip addresses of all interfaces for the firewall, each followed by /32 .
    • The ip's of any hosts that shouldn't be treated identically to the other machines on their respective networks.
    • All networks whose machines the firewall should treat identically.

    For example, if the firewall had IP address 172.16.0.1 on network 172.16.0.0/255.255.0.0 and IP address 12.13.14.15 on network 12.13.14.0/255.255.255.0, I would add the following line to /etc/networks if I was building the firewall on another machine: 

    NETWORKS="127.0.0.1/32 172.16.0.1/32 12.13.14.15/32 172.16.0.0/16 12.13.14.0/24"

    3.6 Check the configuration file

    5 minutes, more if you want to customize.

    The configuration choices in /etc/masonrc are ordered so that the fields you'll most likely need to edit are at the top and the really obscure ones are at the bottom.

    There are a few setting you must set for Mason to work at all: NEWRULEPOLICY, DEFAULTPOLICY, and FLUSHEDPOLICY. If you have no firewall at all and are creating one for the first time, set each to "ACCEPT". During the learning process, you will have no protection at all (all packets will be accepted), but note that this is no _less_ secure than a system without a firewall.

    If you want to make the creation process a little more secure, you might consider setting one of these to DENY or REJECT; see the comments in /etc/masonrc and mason.txt for more info on this. In particular, if you are building this remotely via a telnet or ssh session, note that setting one of the above to something other than ACCEPT before Mason knows about the telnet or ssh traffic almost guarantees that you will lose the ability to telnet or ssh to the box until it is rebooted from the console.

    If you're in a rush to try out Mason, feel free to set just these three fields and continue. The more of the settings you set to match your needs, the better the firewall will be at matching your security policy in the end.

    3.7 Place any known rules in /var/lib/mason/baserules

    No time for most people.

    If you know some rules you'll need already, put them in this file. For example, if you know you'll need to masquerade all traffic from the 172.16.0.0/255.255.0.0 network, a sample rule for this is already in baserules.

    If you don't know of any, no problem.

    3.8 Run mason-gui-text

    This (admittedly rudimentary) interface helps you build the firewall. Choose "BL" (begin learning) and watch mason start to spit out the firewall rules that perfectly match your system's network traffic.

    Check that stopwatch - you're building a firewall less than 20 minutes from when you started! Give yourself a pat on the back. Mason will do a great deal of the rest in the background while you're doing your day to day work.

    Do all of the things you want this firewall to support. If you want to allow mail to be sent through it, send mail through it. if you want to be able to ping it, ping it. If you want to be able to traceroute from it, traceroute from it.... You get the idea.

    Mason will present the new rules that match your networks traffic. For each rule you'll be given the chance to modify the rule or commit the rule. Here are the modify choices:

    • Edit manually Edit the rule. You can make any changes you'd like to the rule before committing it to the permanent ruleset.
    • Jot Jot a note at the end of the rule. You can enter a comment to be placed at the end of the rule.
    • Accept change policy to Accept and commit. Without changing any of the rest of the rule, this changes the rule action to Accept (let the packet pass) and commits it to the permanent ruleset.
    • Deny change policy to Deny and commit. Like the above, but change the policy to Deny (or drop, as appropriate for the firewall type; deny and drop discard the packet without sending any error message back to the original sender).
    • Masq change policy to Masquerade and commit. Like the above, but change the policy to Masquerade. Masquerading allows multiple machines to share a single IP address; the more general term is "many-to-one NAT".
    • Reject change policy to Reject and commit. Like the above, but Reject the packet. Like Deny/Drop, the packet is discarded, but Reject sends back an error message to the original sender.

    Here are the commit choices:

    • Postpone Postpone choice. If you can't decide what to do with a rule, or don't have the time to decide, choose postpone. This saves it to the "newrules" file, which is not used in the firewall at boot time. You'll be asked later about any rule choices you postponed.
    • Throw away Throw away line. Forget the rule entirely.
    • Blockedhost make this host a BLOCKEDHOST and delete the rule. Good if someone's attacking you and you want to shun them entirely.
    • Noincoming make this port a NOINCOMING port and delete the rule. This is good for ports that should never be allowed in to your network.
    • Commit Commit to the permanent firewall set. Commit the rule verbatim.
    • Quit postpone any remaining rules and Quit. Oops, time for lunch! Use this to postpone the current rule and any others in the queue.

    Once you're happy with a firewall ruleset, stop learning. From the main menu you can either Edit the Base ruleset with "EB" or Quit. Edit New and Merge Rules are generally not needed and will be removed in a future version.

    Baserules is reserved for rules that you are _sure_ are correct; only these rules get loaded at boot time if you've enabled the firewall (run "ntsysv" in RedHat and enable the firewall service, or make the appropriate symlink from /etc/rc.d/init.d/firewall to /etc/rc.d/rc3.d/S92firewall for other distributions).

    The goal is to have a baserules file that has all of the rules you've approved and an empty newrules file. Keep in mind that the firewall that will normally be started at boot time _only_ uses rules from baserules.

    If you need to step away from the firewall for a minute, choose "LC" (lock console) from the main menu. Mason will keep on learning and you'll still see the new rules, but that console will be locked. You'll need to enter the root password to return to the main menu.

    3.9 Tell your boss that you're going to need a few weeks to build this.

    Then head off to Bermuda and bask in the sun while Mason does its learning.

    And make sure you have a penguin typing away in your chair so no-one is suspicious.

    *grin*

    3.10 Implement the final firewall.

    Once you've let Mason run in the background for a couple of days, are confident that you've gotten all of the traffic types this machine needs to support, have merged all of the rules to baserules, and are confident they are what you want, lock down the firewall.

    In /etc/masonrc, change DEFAULTPOLICY to DENY. If you want to keep Mason running to see if any stragglers show up, you'll probably want to change NEWRULEPOLICY to DENY as well; this has the effect of creating rules for new packet types, but they are DENY rules now.

    Otherwise, just start the standard firewall with: /etc/rc.d/init.d/firewall start

    If you've made the symlink in step 7, the firewall will be started automatically at boot time.

    Next Previous Contents mason-1.0.0.orig/mason-4.html0100644000765700007640000006116607467640611014630 0ustar martinedv The Mason HOWTO: Special considerations Next Previous Contents

    4. Special considerations

    4.1 Kernel

    (Please note that most kernels provide the support necessary; it's probably safe to check back with this section only if you have problems.)

    IP firewalling and firewall packet logging have to be compiled into the kernel. To see if IP firewalling is compiled into your kernel, type the command: 

    ls -al /proc/net/ip_fwchains /proc/net/ip_input

    If ip_fwchains exists, you have ipchains compiled into your kernel. If ip_input exists, you have ipfwadmin firewalling compiled into your kernel. If neither file exists, one of the following is true:

    • Your kernel is too old. It appears that linux firewalling switched from the old "ipfw" firewalling in 1.3.66, but some features require 2.0.0.
    • Your kernel is missing the proc filesystem or it's not mounted ("mount /proc" will probably fix the latter). If your kernel truly doesn't support the proc filesystem, reboot into the kernel that came with your distribution, which almost certainly does.
    • You have the right version of the kernel, but firewalling is not enabled. You must recompile the kernel and turn on firewalling. See the HOWTO's at http://metalab.unc.edu/linux/HOWTO/ to see how this is done. In particular, see the masquerading and kernel HOWTO's.
    • Your 2.4 kernel has iptables, which doesn't have a flag file like ipfwadm and ipchains.

    When you recompile the kernel, I recommend you have all of the following enabled: network firewalls, ip firewalling, firewall packet logging, always defragment, proc filesystem, transparent proxy support, IP masquerading, and icmp masquerading.

    To see if firewall packet logging is enabled in your kernel, type one of the following commands: 

    /sbin/ipfwadm -a deny -F -S 127.12.2.3/32 -o <Enter>
/sbin/ipchains -A forward -s 127.12.2.3/32 -l <Enter>
/sbin/iptables -A FORWARD -s 127.12.2.3/32 -j LOG<Enter>

    The "-o" or "-l" at the end tells the kernel to log this particular packet type (one which should never show up). If your kernel does not support logging, I _think_ you would get an error. On the other hand, I've never had a kernel that has firewalling but does not have logging. The solution is the same - recompile your kernel to include both firewalling _and_ firewall packet logging.

    (If recompiling a kernel is too daunting, try my automated kernel builder, "buildkernel", which can be found at http://www.stearns.org/buildkernel/).

    4.2 Ipfw, Ipfwadm, Ipchains, and Iptables

    Current versions of Mason handle ipfwadm, ipchains and iptables. It will accept log entries created under all three firewall types automatically. Mason automatically detects which kind of rule to create, although this can be overridden with environment variables set in /etc/masonrc. The masonrc file has comments describing these fields.

    Make sure you have the ipfwadm, ipchains or iptables executable - one of these should be included with your distribution.

    Mason has no support for ipfw firewalls (the firewalling used in kernels prior to 1.3.66). I don't intend to pursue this type of firewalling, but am not against integrating a patch if someone feels like adding the support. Does anyone still use this?

    4.3 DNS

    Mason does not try to look up the hostnames of any machines involved in DNS requests (unless they're in /etc/hosts). If it did, Mason could enter a situation where it issues a steady flow of DNS requests to resolve the machine names and each DNS request requires a new rule, which in turn requires more DNS requests... ugh.

    The easy way to get machine names into your DNS rules is to make sure all your DNS servers are listed in /etc/hosts . If they're not listed there, Mason will just leave them as IP's.

    4.4 Rule order

    When a packet needs to be processed (at entry, forwarding, or exit), the firewall scans the existing list of rules to decide whether to allow, deny or reject the packet. As this scans stops at the first rule that matches the packet, the order in which your final firewall rules are executed can make a difference. This document only provides basic coverage of how to order your rules - sorry. The best place to find out more about this is in the O'Reilly and associates books.

    (If anyone would like to provide additional general guidelines as to how this is done, I would be glad to place them here with the appropriate disclaimers).

    4.5 Generalization

    The packets Mason processes are data transfers between specific ports on specific machines. For example, here's a response packet from a specific FTP server (linux.kernel.org) to what is probably a machine on your LAN: 

    /sbin/ipfwadm -i accept -W ppp0 -I -P tcp -S linux.kernel.org/32 ftp -D \
devel1.goober.net/32 1024:65535 # ftp/tcp

    The rule above (possibly along with others) would only allow devel1 to reach only linux.kernel.org, making for a ridiculously large ruleset if other machines wanted to ftp out to linux.kernel.org or wanted to reach other ftp servers.

    By default, Mason _generalizes_ the source and destination IP addresses. For example, devel1.goober.net/32 is replaced with 210.134.12.0/24 (the fictitious network address block of which devel1 is a part). Since linux.kernel.org is not a part of any local network blocks, linux.kernel.org is replaced with 0/0 (which matches any machine anywhere).

    This automatic generalization can be disabled by setting IPCONV="HOST" in /etc/masonrc.

    Mason also does some generalization on the source and destination ports. Irc, X, realaudio, traceroute, and others use ranges of ports; Mason knows how to generalize many protocols to the appropriate range.

    For the standard tcp and udp services, Mason generalizes the client port to 1024:65535. The connection that prompted this rule might have been, for example, port 1745 on devel1. As Mason didn't recognize 1745 as some special server, it assumed that the next connection might be from, say, port 1788. By using the entire range of high ports ("1024:65535" in the above rule), Mason uses a pretty standard approach to packet filtering to reduce the number of rules.

    4.6 Router or end node

    This program was originally intended for use on a traditional firewall - a packet filtering router (linux box that connects 2 or more networks through one or more interfaces). It works equally well on Linux boxes with only one interface. These could be workstations on a LAN, servers outside of your firewall, or even slip or ppp connected workstations. The number of interfaces and their type and speed are irrelevant to the firewall creation process.

    This would be great for locking down a web or mail server outside your firewall, for example. Start up Mason and make sure you make one of every kind of connection you want to that machine. Mason will create the corresponding rules. Generalize these and add a default policy of "deny". _Only_ the connection types you specified will be allowed to that machine. The difficulty of setting up the rules has been the major impediment to this kind of hardened end node in the past. Now that Mason is here, there's no reason why every machine on your LAN can't have packet filtering enabled and active.

    Note that on an end node (Linux box with a single NIC connected to a single IP network) you should never see forwarding rules created - this makes sense if you think about it.

    You could technically create a firewall on a machine with only the loopback interface, but this would be more for instructional value about internal tcp connections than for any security goal. On the other hand, if you wanted to stop shell account users from getting to an internal Web server, you certainly could; just make sure you put in blocking rules for all interfaces, not just the loopback interface.

    4.7 Slow machines or fast nics

    As a shell script, Mason is much less efficient at its work than a C app would be. On a slow machine, it can take a couple of seconds from the time the log entry is fed into it until the firewall rule is implemented. If the system is slow, if it has a lot of packets traveling through it, or if it simply has a great deal of log file traffic it can take Mason a long time to catch up. If this is the case, start slow. Try one connection type at a time and give the system a chance to settle before you move on.

    If Mason _cannot_ catch up, choose the "EL" (End Learning) option in mason-gui-text. Wait until Mason stops, then restart learning.

    4.8 Active hacking while mason running

    If at all possible, try to set up these rules in a controlled environment. Hook up your firewall to machines that simulate the routers and networks that will be used in its final location. It is not a good idea to create a firewall in an environment not completely under your control.

    If you must create the firewall rules in a live environment, be warned: Mason simply creates rules based on what traffic is passing through it. IT CANNOT DISTINGUISH BETWEEN THE TRAFFIC YOU'RE CREATING TO TEACH IT AND SOMEONE ACTIVELY TRYING TO HACK THROUGH YOUR FIREWALL. IF THIS HAPPENS, MASON WILL CREATE RULES THAT _SPECIFICALLY_ _ALLOW_ PEOPLE TO GET BACK IN LATER. _Please_ read and try to understand the rules before you put them to use in a production environment.

    (I hate all caps too, but the "boldface" button on my keyboard is jammed :-).

    The "hacker" mentioned above does not need to be a computer criminal in a far-off country looking to crash your machines. This individual could be someone in accounting that is (without malicious intent) connecting to an Internet IRC server, when this doesn't fit in the security policy you're trying to implement. If you don't read and understand the rules Mason spits out, you may very well leave an explicit opening for this user's future IRC use.

    One more time: Mason _does_ _not_ understand the traffic flowing through your firewall; it just creates the rules that you can later use to specifically allow or disallow this traffic. This is why it is a good idea to delete any rules that look even vaguely suspicious. If it turns out these rules are needed for normal operation, they will be relearned when you restart Mason.

    4.9 Masquerading

    One of the common uses for Linux firewalling is to act not only as a packet filter but also as a masquerading host, allowing multiple machines to share a single IP address.

    As of Mason 0.13.0, Mason will automatically masquerade traffic from RFC 1918 (also called "reserved") addresses. Since you probably don't want to masquerade between internal lans, you need to list all the interfaces leading _out_ to the real world (_not_ the interfaces that use these reserved addresses).

    4.10 Offline and non-root creation

    If you are especially cautious, you might not want Mason actively creating rules on your production server. Or maybe you think you've created a good firewall, but keep getting log messages and don't know how to keep your log files from filling your disk. Or perhaps your CPU can't keep up. Or maybe you just don't trust Mason's author - no offense taken :-). In all of the above circumstances, Mason can create the commands without actually being fed the log messages live. For example, if you have packet logging entries in /var/log/messages, try this: 

    cat /var/log/messages | grep ' I=' | DOCOMMAND="none" mason <Enter>

    The output can, of course, be tee'd, redirected to a file, piped to less, etc. "... | sort | uniq" can be useful too when you're not converting it live.

    Obviously, the source file can be one that has been transferred from another machine.

    There is one caveat to the offline approach. The specific case is when one has a "deny" or "reject" policy in place for the input logging rule. Let's say I try to telnet through the firewall. My packet arrives at the firewall, is stopped and logged (so Mason can successfully create the correct input rule later). The firewall never has a rule implemented that allows me to get any further than that, however, so there is never a log entry created for any of the remaining 5 packet checks.

    One way around this might be to use a policy of "accept" on your logging rules while you're creating /var/log/messages for later consumption by Mason. I'm not saying this is appropriate for you, but might be one way to handle this. Be warned; this can create very large log files as every packet passing through the system can create 6 log entries!

    One final use for this technique is creating the rules when you're not root. Simply edit /etc/masonrc to set DOCOMMAND="NO" and the script will still output the appropriate ipfwadm/ipchains commands but won't try to execute them, allowing non-root users to create the firewall rules. Note that you still need to be root long enough to turn on some kind of logging, or /var/log/messages will never contain any entries to convert. Root privileges are also required to implement the rules once you've created them.

    4.11 /etc/services and special ports

    Mason converts the protocol number and type (i.e. 53, udp) into the more common name (domain, in this example). It uses the /etc/services file to do make this conversion. Before you start, make sure all the protocols you will work with are listed there. If a particular protocol is not in that file, Mason will have serious problems producing accurate rules.

    Having this entry is especially important if you are working with services whose ports are >= 1024 (nfs, X, squid, irc, vdolive, etc.). If a service >= 1024 is not found in /etc/services, it will be automatically (and incorrectly) generalized to the port range of 1024-65535. If your favourite service isn't in there, simply edit the file and add it in the same format as the other entries.

    These services whose ports are >=1024 can occasionally show up in your rules where Mason should have used 1024:65535 instead. Well, you know how to fix this, right? Just delete the rule, add the service to /etc/services, and relearn it.

    The entries in /etc/services should only be for well-known server ports. Client ports (which are usually just random ports between 1024 and 65535 anyways) should not be listed in here. The specific example of something that should be missing is the ssh client port.

    If you plan to do the conversion on one machine and actually run the firewall on another, make sure all of the protocols used are listed in the /etc/services on both machines.

    The authoritative source for these ports is the Internet Assigned Numbers Authority (IANA). A list of these ports can be found at: ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers . Mason includes what seems to be an even more up-to-date reference; see /var/lib/mason/nmap-services. Many thanks to the authors of nmap.

    4.12 Insert vs. append

    Ipfwadm has two ways of adding rules: at the beginning of the rule list using insert ("-i"), or at the end of the list using append ("-a"). The usual way of creating the firewall is to flush the existing rules and then add each of the rules using append so they will be scanned in the same order in which they were implemented. For this reason, the rules that Mason spits out to stdout use "append" so they can easily be put in a shell script.

    Mason needs some way to tell the kernel to not log already logged packets anymore. The way to do this is to put a matching rule before the logging rule. Unfortunately, that means one of two things: deleting the logging rule at the end, implementing the new rule at the end, and reinstating the logging rule, or simply inserting the new rule at the top of the list. The first option is tricky to do well. It's also a bad choice because the user using Mason may not be logging everything, so mason doesn't know what logging rule to reinstate. That leaves using "-i" to insert the rule at the very top of the list.

    The end effect is that the rules that Mason displays use "-a" to match how that would be put into a rule file, but the rules that are actually implemented while Mason is running use "-i" to avoid relogging those packets again in this Mason run.

    The major side effect of this approach is that the rule set in memory as Mason is running is almost certainly _not_ in the order you'd want. The final firewall rule set you put in place should flush whatever is in memory before starting so as to clean out these incorrectly ordered rules.

    As ipchains and iptables support additional user defined chains, we can throw all the temporary rules in user defined chains (called inputN, outputN, and forwardN; the "N" stands for Nolog). These chains get called just before the logging rules.

    4.13 Allow versus deny and reject

    During the course of a Mason run, it's quite reasonable that the firewall creator might want to spend some time working with traffic types that he/she wants to allow, and then switch over to other traffic types that he/she wants to reject or deny (see man ipfwadm for the subtle difference between deny and reject). If you change any settings by choosing "Change Settings" in mason-gui-text, it will automatically signal a running Mason to re-read its configuration file. You can do the same if running mason manually by typing "killall -USR1 mason".

    Changing the target of a single rule to Accept, Deny, Reject, or Masquerade can be done right in the menu under that rule without having to go back to the main menu and changing the global settings.

    4.14 Input, Output, and Forwarding

    To implement packet filtering, the Linux kernel needs to inspect each packet at at least one of the following three times: when the packet enters the system, as it passes through the system on the way to its exit interface, and as it leaves the system.

    At each of those three times, the kernel can decide to allow or deny/reject the packet. The rules can be different at each stage - it's perfectly legal to, for example, allow it in, allow it to be forwarded, but then block it at the last second before it leaves the system.

    A simple firewall could be implemented using just, say, input rules(*). It's when you get complex firewalls that having rules at all three stages is useful. You might want to allow hosts from eth0 to get to a pop-3 server on eth1, but not allow hosts from eth2 to get to the same server. This kind of restriction might be impossible to do without forwarding rules, especially if eth2 hosts _should_ be allowed to get to a pop-3 server on eth0.

    For simpler firewalls, or if you want less than the imposing grandeur of a firewall ruleset that goes on for pages and pages, Mason can accomodate you. If you just want input rules, add the following to /var/lib/mason/baserules : 

    if [ -f /proc/net/ip_fwchains ]; then
       /sbin/ipchains -A forward -j ACCEPT
       /sbin/ipchains -A output -j ACCEPT
elif [ -f /proc/net/ip_input ]; then
       /sbin/ipfwadm -F -a accept
       /sbin/ipfwadm -O -a accept
fi

    Place any general traffic types you don't care about in baserules.

    Please note that I am _not_ advocating the above, but pointing out that the technique is available for those that feel the reduced security is appropriate for them.

    (*) The exceptions to this are the special rules for redirecting packets (which must be done as an input rule), and masquerading packets, (which must be done as a forwarding rule). Even in the cases where you wish to use these facilities, it's still legal to implement packet filtering using another rule type.

    Please note that the above does not apply to iptables. In iptables, packets are not inspected multiple times in multiple chains.

    4.15 Remote firewall creation - Telnet/ssh lockout

    If you're creating this firewall rule set and you're telnetting, ssh'ing, or rsh'ing (collectively, "telnetting") in to the firewall, be careful. Some of the first rules to be created will be for the telnet packet flow you're using. If you are so unfortunate as to start this process with a policy of deny, guess what packet flow will be stopped almost immediately? That's right, your telnet session(s). Your machine will be completely locked down with no way to remotely reach it. (Now where were my car keys? <grrrr>)

    If you want to put the rules allowing your remote access before starting Mason, great. If not, just make sure that your startup policy is allow or it's remote reboot time! Logging in on any of the console's virtual terminals does not require TCP/IP packets, so you can never lock yourself out completely.

    You did read the section above on "simulating the working environment under controlled conditions", didn't you? Are you still sure you want to be creating a firewall not directly under your control? Just a thought...

    4.16 Ack flag

    Let's look at some standard rules that allows a telnet connection to a server somewhere (these are only two of the 6 possible rules). 

    allow   LAN_IP's, ports 1024-65535 -> Outside_world_IP's, port 23
allow   Outside_world_IP's, port 23 -> LAN_IP's, ports 1024-65535

    It looks pretty safe, right? Hmmm....

    Let's say that one of your LAN machines runs a squid server. This sits waiting for connections on port 3128. Additionally, consider the possibility that the root user on some Outside_world_IP machine writes some program that starts a connection _from_ port 23. This user starts this program and connects to your LANs squid server.

    All with your firewalls full consent. Ugh.

    The way to avoid this problem is to be able to identify the _direction_ in which the connection is created. We want to allow connections that start _from_ LAN:1024-65535 _to_ Outside:23, but block connections that start _from_ Outside:23 _to_ LAN:1024-65535.

    The TCP ACK flag comes to the rescue. The first packet in a connection does _not_ have this flag set. Every packet after the first _does_ have this flag set. If we require all packets coming from the server port have their ACK flag set, we can stop the bogus connection from port 23 back to port 3128.

    In short, by requiring all packets from a server port have their ACK flag set, we block connections that originate from those server ports.

    Three notes. Only TCP uses ACK flags, so we can't use this to control the direction in which icmp or udp conversations are initiated. Secondly, DNS may be a problem. Tcp domain transfers and large dns requests can be from port 53 to port 53, depending on what dns software you're using. FTP-data connections do not have their ACK flag set because they can be created in either direction. Finally, there may be issues from ssh low ports if /etc/services has entries up near 1023.

    Mason is able to automatically set the ack flag if your /etc/services lists all of the services you use.

    I specifically avoided the "-b" (bidirectional) flag so that I could use "-k" to control the direction.

    Iptables uses the state of the connection as a more dependable way of handling the above problem. I'd generally encourage you to use the "-m state --state ESTABLISHED,RELATED" lines in baserules. If you do, then Mason hands you a single rule for any given type of traffic; the opening packet. The ESTABLISHED,RELATED lines handle all the other packets.

    4.17 Limitations, Ideas and future enhancements

    • group foreign machines into additional rule? (Document how.)
    • Document the living hell of NFS.

    Next Previous Contents mason-1.0.0.orig/mason-5.html0100644000765700007640000000731107467640611014621 0ustar martinedv The Mason HOWTO: Configuring Mason Next Previous Contents

    5. Configuring Mason

    Most of the configuration is set via environment variables. For permanent changes, try 

    export VARIABLE=value

    For one time settings, just put the variables on the command line just before calling the program. For example: 

    tail -f --lines=0 /var/log/messages | ECHOCOMMAND=ipchains mason

    If you set a variable both on the command line and in /etc/masonrc, be warned that /etc/masonrc wins.

    • ECHOCOMMAND=ipchains|ipfwadm|none #Autodetected if unset or invalid

      Which kind of command should Mason display? This does _not_ have to match the firewalling in the current kernel; this lets you create an ipfwadm firewall ruleset on an ipchains kernel and vice-versa. (Remember that iptables can't take part in this cross-creation.)

      The following two commands will spit out an ipfwadm firewall and an ipchains firewall, respectively, from the same input: cat /var/log/messages | grep ' L=' | ECHOCOMMAND=ipfwadm mason >ipfwadm-wall cat /var/log/messages | grep ' L=' | ECHOCOMMAND=ipchains mason >ipchains-wall

      Both kinds of firewall log entries have L= in them; this is a reasonably good filter to keep Mason from having to process _all_ the junk entries.

    • DOCOMMAND=ipchains|ipfwadm|none #Autodetected if unset or invalid

      Which kind of command should Mason run to prevent that type of traffic from being logged in the future? Set to none if you're processing the log entries later, or on another machine.

      Unless you're forcing it to "none", probably best to let Mason autodetect.

    • HEARTBEAT=yes|no If yes, mason displays a "." or "-" when it processes an input line that has been handled by one of the recently implemented rules. The heartbeat character is sent to stderr so it doesn't screw up logging to a file or piping to some other program.
    • DYNIF="ppp0 sl0" If your machine has interfaces whose entries change IP address, put the interface name(s) in quotes, separated by spaces. Mason will handle these interfaces specially by handing you a line that will assign that interfaces IP address to an environment variable when executed, and uses that variable throughout the ruleset. If your Ethernet IP address is assigned via DHCP, BOOTP, or RARP, _and_ _changes_ from time to time, you might even want to put your Ethernet interface name(s) in the list. If the addresses are assigned via one of those tools, but _never_ _change_ (those protocols are supposed to try to give you the same address you had last time if at all possible), don't put the Ethernet interface(s) in there. Make sure you re-run your firewall ruleset (or at least the rules with dynamic IP entries) when the address changes. For ppp interfaces, restart your firewall inside /etc/ppp/ip-up. I think DHCP has a similar ability to run commands when the address changes; consult the DHCP documentation.

    The main documentation for all the configurable fields is conveniently in /etc/masonrc .

    Next Previous Contents mason-1.0.0.orig/mason-6.html0100644000765700007640000001327607467640611014631 0ustar martinedv The Mason HOWTO: IP protocols and their firewall characteristics Next Previous Contents

    6. IP protocols and their firewall characteristics

    6.1 Standard TCP and UDP protocols

    Most of the connections made in tcp/ip follow a standard form. The client machine picks a random port between 1024 and 65535. The packets are sent to a fixed, known port that's below 1024.

    For example, I need to send an email message from mybox.office.com to mailserver.office.com. Since email goes to tcp port 25 (see /etc/services for some of these), the tcp/ip code on mybox picks a random tcp port, such as 1931. Packets flow from mybox port 1931 to port 25 on mailserver. Packets also flow back from mailserver port 25 to mybox port 1931.

    Here are some of the protocols that follow this form:

    • 23/TCP - telnet
    • 25/TCP - SMTP
    • 80/TCP - HTTP
    • 110/TCP - POP3
    • 143/TCP - IMAP
    • 512/UDP - BIFF

    6.2 ICMP

    ICMP doesn't use source and destination ports, but it has icmp codes and subcodes, each a number between 0 and 15.

    6.3 DNS

    If the firewall or one of the machines behind it is a DNS server, you have a situation where mason issues a steady flow of DNS requests to resolve the machine names and each DNS request requires a new rule, which in turn requires more DNS requests... ugh.

    Mason no longer does DNS lookups on machines involved in DNS lookups. If you have the names and IP addresses of your DNS servers, add them to /etc/hosts.

    6.4 FTP

    Ahhh, yes, ftp. The scourge of firewall creators everywhere.

    If you're using iptables, have the ip_conntrack_ftp module loaded and have uncommented the "-m state --state ESTABLISHED,RELATED" lines in baserules, the problem I'm about to describe does not apply to you. Since iptables is a stateful firewall, this problem has been solved in an elegant and now hassle-free way.

    Ftp starts off well because the client opens a connection from a high port (1024-65535) to the ftp control port 21. This part of the connection follows the same model as other tcp protocols: client uses a random high port and connects to a fixed low port.

    The problem arises when it's time to actually transmit data. The client and server exchange directory listings and files over additional tcp connections that are between a random high port at the client end and a random high port at the server end.

    Remember that packet filtering firewalls depend on being able to identify connections by their (fixed and generally low) server port. Here we have connections that need to be allowed if ftp is going to work, but can't be identified this way.

    It really comes down to a choice: does the firewall allow ftp traffic (leaving at least one high to high rule which is a generally considered a security risk), or do we block ftp? You'll need to decide.

    Mason creates these rules as transparently as any others. It opens up the ports for the control channel and the high to high rule (called the data channel). A single ftp connection could therefore open 12 rules. You'll need to decide whether these high to high rules are too much of a security risk.

    If you do choose to open up ftp rules, you might want to do these last. This allows you to put in more specific rules first.

    6.5 Netbios

    For those hoping to come here for a simple set of rules for firewalling netbios, sorry. This one is all over the map.

    Mason comes in really handy for netbios because it works with whatever netbios throws at it. The netbios ports are 135, 137, 138, and 139 - both tcp and udp. Connections can be from one of these low ports to itself, from a high port to one of these ports, or from a high port to a high port.

    In short, good luck trying to do this without Mason.

    By the way, allowing netbios traffic in from and out to the Internet may be a very bad idea.

    6.6 NTP

    NTP is one of the few protocols that uses the same port at both the client and server end. In this case, it is port 123/udp.

    6.7 SSH

    SSH (server port 22/tcp) has one minor note about its operation. When installed by root (setuid), it may not use a random high port between 1024 and 65535 for the client end. The first client session may use port 1023, the next uses 1022, etc. No real problem for Mason, but you might be surprised at the client ports used.

    These client ports should NOT be listed in /etc/services, even though it might seem to make identification easier. The reason is that Mason uses this file to identify _server_ ports in the process of deciding whether to use the ACK flag check.

    6.8 Other IP protocols

    The other protocols, such as ipip, igmp, ospf, etc (see /etc/protocols), don't use port numbers. For this reason, Mason only creates rules between individual machines for these.

    Next Previous Contents mason-1.0.0.orig/mason-7.html0100644000765700007640000000504107467640611014621 0ustar martinedv The Mason HOWTO: Version summary (out of date, sorry) Next Previous Contents

    7. Version summary (out of date, sorry)

    • 0.9.0

      _Lots_ of good new stuff. Mason handles log entries from ipchains or ipfwadm automatically. The command it runs can be either an ipchain or ipfwadm command, and it can output either an ipchain or ipfwadm command. All independently. See the ECHCOMMAND=... and DOCOMMAND=... parameters, above.

      _Major_ speedup! Keep reading lines until the 7th-13th fields are different from the previous line; this probably quadruples Mason's throughput or better. Bonus points to the readers who can read morse code from the heartbeat output... Oh, and I added heartbeat output to show that Mason hasn't just crashed. :-)

      Mason handles interfaces whose IP address changes automatically; see the DYNIF=... parameter, above.

      Note: additional ipchains fields are: 

      L=Total length
S=TOS
I=ip->id?
F=Fragment offset
T=TTL

    • 0.8.0

      -k added to control the direction in which connections are made. Unfortunately, the ftp-data port doesn't honor the simple rule for -k; I suspect this is a consequence of PASV vs. "active?" ftp opening the data connection in one direction of the other. Hmmm... This was released to the world as 0.7.9.

    • 0.7.0

      (6/21/98) 20% speed improvement by changing read command. Local name cache added. On the fly policy changing. Comments. Major documentation updates. Another 20% performance improvement by replacing some sed's with bash internal pattern deletion. 6% more by using ${#..} instead of wc --bytes to size strings. Cut time necessary to process non-firewall lines in third by using && instead of -a.

    • 0.6.0

      (6/4/98) Documentation added

    • 0.5.0

      (6/2/98) Bare code, almost no documentation, ipfwadm support only.

    Next Previous Contents mason-1.0.0.orig/mason-8.html0100644000765700007640000002260307467640611014625 0ustar martinedv The Mason HOWTO: Advanced scenarios Next Previous Contents

    8. Advanced scenarios

    8.1 General approach

    Once you've gone through the Quick Start, what now? Now we learn how to use this to match your security policy.

    The first lesson to learn about packet filtering rules is that they are only useful if you have a mix of accept and deny (equivalent to reject in this discussion) rules. Think about it. If all of your rules are allow rules and your default policy is also allow, this setup is no different from having no rules at all; the system is completely open.

    At the other end of the spectrum, if all of your rules are deny and the default policy is also deny, well, it's going to be pretty hard to use TCP/IP at all. :-)

    This means that putting a firewall together involves deciding what should be allowed _and_ what should not be allowed.

    The first thing for you to decide is what your default policy should be. In the next few minutes we'll be looking at what you specifically want to allow and what you specifically want to disallow. What should the firewall do with the rest of the packets? That depends on how you view your firewall.

    If you primarily want your firewall to block a relatively small amount of malicious things, but want users on both sides of the firewall to have relatively unencumbered access to the opposite side, you'd probably want to use a default policy of accept. This tends to be a good choice in the case where there are a large number of types of TCP/IP traffic that should be allowed to pass through the firewall.

    If, on the other hand, you tend more toward the paranoid and want very fine grained control over _exactly_ what passes through your firewall, you'll probably want to use a default policy of deny. This tends to work well when there are a relatively small number of protocols that should be allowed.

    Choosing a policy becomes difficult when you want fine grained control but there are a large number of protocols used by your users. You'll still choose a default policy of deny, but you'll have to create a large number of rules to accomodate them. Good thing you've got Mason to give you a hand!

    Now that you've chosen a policy, what goes next? Here's where you can become an artist.

    With the help of Mason, your job is to decide what should be allowed and what should not be allowed.

    [More to be added as time allows...]

    8.2 Ordering rules

    Here are a couple of guidelines about how to order your rules. I refer to policy below; for this discussion, there are 6 possible policies: accept, deny, reject, accept and log, deny and log, and reject and log.

    As there is no way that input rules and output rules could ever overlap, the rulesets for those can be considered seperately. The same logic holds true for input and forwarding and output and forwarding. Effectvely, even though you might have them all mixed together in your firewall creation shell script, you can work with the input rules according to the principles below, then come back and work with the forwarding rules, and then come back one last time for the output rules.

    • I suggest placing dns (also called domain; port 53/tcp and 53/udp) rules at the top of your firewall if you're using the default mode of HOSTLOOKUP=FULL. The other rules in your firewall may require dns lookups; if those requests can't get through because the dns rules aren't in place yet, the early rules may not get put in place.
    • If your ruleset contains a block of 2 or more rules with the same policy (accept, deny, or reject) that immediately follow each other, the order of the rules in that block has no functional difference to the operation of the firewall. If you are very concerned about performance, you might want to put the rules that process the largest number of packets at the top of this block and the rules that process the least number of packets near the bottom of this block. See the SORTMODE option in /etc/masonrc (not available in iptables).
    • If two consecutive rules do not have any overlapping cases in the patterns they match, they can appear in either order without affecting the operation of the firewall. As long as no two rules in the set overlap, this can be extended to a set with more than two rules.
    • If two rules overlap in the patterns they match and have different policies, they _cannot_ be reordered without affecting the functional operation of the firewall. Specifically, the packets in the overlapping case will have their policy changed.
    • If two consecutive rules have the same policy and one is subset of the other, the more specific rule can be discarded and the more general rule can be kept without affecting the functional operation of the firewall. One common case of this is when your default policy is, say, accept, and the last rule just before the default policy rule also has a policy of accept. This more specific rule (not the policy, of course) can be discarded.
    • Your default policy always comes at the end.

    I've referred to discarding rules above. One reason why you might _not_ want to discard a particular rule rule is when you're using your firewall to do accounting as well as blocking. You might want to be able to have seperate accounting for the packet traffic in the rule that would have been discarded.

    8.3 Tips and tricks

    The following are tools and techniques I use. They may not be appropriate for you. Please consider whether they are appropriate for you before using them.

    • If you want to see which rules in your running firewall are actually carrying traffic, try this: 
      ( ipfwadm -lenI ; ipfwadm -lenF ; ipfwadm -lenO ) | grep -v '^ *0 *0 ' | less -S
      or 
      ipchains -L -n -x -v | grep -v '^ *0 *0 ' | less -S
      or 
      iptables -L -n -x -v | grep -v '^ *0 *0 ' | less -S
      The "grep -v ..." removes all packets with 0's in the count and bytes columns. If the number of rules returned is still too large, flush the firewall and restart it; this clears out all the packet counts. Then you can rerun whatever test you've been doing and run the above command again to see what rules are carrying your traffic. This is especialy useful if you've got a deny rule somewhere blocking a certain connection: 
      ( ipfwadm -lenI ; ipfwadm -lenF ; ipfwadm -lenO ) | grep -v '^ *0 *0 ' | less -S
      or 
      ipchains -L -n -x -v | grep -v '^ *0 *0 ' | egrep '(Chain|target|DENY|REJECT)' | less -S
    • If you don't want to go through the above process, but just want to convert a few log entries to rules, you can do the feed yourself. For example: 
      tail --lines=1000 /var/log/messages | grep 'kernel.*I=' | DOCOMMAND="none" mason >afewrules
      Any other options can be placed on the command line or in /etc/masonrc.
    • If you want rules that will run under ipfwadm and ipchains kernels, you have two good choices. Create ipfwadm rules no matter what kind of kernel you have (put ECHOCOMMAND="ipchains" in /etc/masonrc or on the command line). The first choice is to use the ipfwadm-wrapper (part of the ipchains-scripts package) as a front end to either ipfwadm or ipchains, as appropriate. The second choice is to take all of the ipfwadm rules and create the following file as your real firewall: 
      if [ -f /proc/net/ip_fwchains ]; then
        #Convert your ipfwadm rules to ipchains rules and place the converted rules here.
        /sbin/ipchains...
elif [ -f /proc/net/ip_input ]; then
        #Place your ipfwadm rules here:
        /sbin/ipfwadm....
fi
      The above conversion is actually darn simple: 
      cat ipfwadmfile | ipfwadm2ipchains >ipchainsfile
      The ipfwadm2ipchains script is available at http://www.stearns.org/i2i/ . This site also holds ipchains2iptables, a similar script that gives a first pass output in iptables format from a given ipchains firewall. Note that this output won't use any of the advanced features of iptables, but you can add these.
    • If you have a number of interfaces that all get the same rules, replace the if0, if1, if2, etc rules with if+ . I believe this is ipchains only.
    • (Diald users only). The packets leaving your system on sl+ (or tap+) may have different source addresses (0.0.0.0/32, some dummy ip address, an old ppp address...). You might want to replace them with 0/0 to say I don't care what the source address is.
    • To see what program is using a particular port, try: 
      ps axf | grep "^ *`fuser port_number/proto | awk '{print $2}'` "

    Next Previous Contents mason-1.0.0.orig/mason-9.html0100644000765700007640000000602007467640611014621 0ustar martinedv The Mason HOWTO: Notes about Mason itself Next Previous Contents

    9. Notes about Mason itself

    9.1 File descriptions

    COPYING

    The GNU General Public License.

    Makefile

    Used in packaging and distribution.

    baserules

    The baserules file is one of two files that hold your firewall rules. baserules holds the rules that you've checked over and are sure should be part of your final firewall.

    baserules.sample

    A few possible rules for use as a starting point.

    firewall

    The boot time script for use in /etc/rc.d/init.d.

    index.html

    The Mason web page.

    mason

    The actual mason script.

    mason-gui-text

    The rudimentary interface to running Mason and building a firewall.

    mason-gui-text.1

    man page for mason-gui-text.

    mason.1

    man page for mason.

    mason.html

    The primary documentation for the package, in hypertext.

    mason.lsm

    The Linux Software Map entry.

    mason.sgml

    The primary documentation for the package. The sgml format is designed to allow easy conversion to more readable formats.

    mason.spec

    The RPM spec file.

    mason.txt

    The primary documentation for the package, in a flat text file.

    masonlib

    A library of functions used by a number of the other files.

    masonrc

    The main configuration file. There are intelligent defaults for all of these fields.

    moreservices

    The services file I use, good as a reference if you don't recognize a protocol.

    nmap-services

    The additional services file includes with the nmap tool. An even better reference.

    newrules

    newrules is the other file that holds firewall rules. It holds rules created by mason that you haven't looked over yet. Think about what would happen if you were port scanned while Mason was running; if you only had one file to hold rules, all of these portscan rules you don't want would be mixed in with the rules you do want.

    An important note - rules in newrules are not part of your regular firewall - they are only used during the learning process. This is why you need to merge rules from newrules to baserules once you're sure of them.

    Next Previous Contents mason-1.0.0.orig/mason-banner.gif0100644000765700007640000004647507032223247015527 0ustar martinedvGIF89a<̙̙ff33fff3333f! ADOBE:IR1.0! NETSCAPE2.0!,<I8ͻ`(dihlR@,tmx|pH,Ȥrl$tJZ vzx<B@n|N/e Аw1 F7YE MEwHny|7_I;ǚ>В 2 RS 4 F;|S_U (P(Q.`a'ތz wr+c`HG*Ec K2V1P! m*̏ C{~bDqSL5)hAp1ĕ`E V8tE?O1#QMiθ+#\:>zm|+W+ۥQ٭jL0K%iR4jQIek4}27nڍpB8 @d3Q: Hz%gg !뛾U):=|Z;p=%y,§C^L" mu%CZrȺ9e㠖= 櫯DY6x;d+]i2n1J},dcB0K03m@"8g BC0\NiDmFSHE>[(UwF_R26ʩ|]L@lv\Q9 z1TRIΕid3AbKK:ՕZvnIL35x9\ŬM$+CȶSIXs.3 L'~csh91N 鎾;S5wNخ<]JGyOc黝ƾmZJ:|Ȃ,=K&z1/kz9vZaχtMB} 1p8+~wS&>AB^F DDS XƆoz:$ϨydըIL5qXET,d2@w4Q¡@3 tb+6AD2h6FaRa+ @"2+b)f3Ģ]gv\ݤY7X\F8`0r`3' 41qLF.S3cV%)UL5FHD?(nPmE7@݅!dI: 𼡘8ZzbBq))NI=ْ ƨZ0AbMQf:6t:6knZ,mIGocDzQE5o@NyTPITnom!H7MUY _ x `##jТC''V"B{`eNrD X$H;徘VxKn7 K7zƍ|n<AkB~AEqp. > ih,Ƥ-PO:ʰ+6}J{!GE`x4Z_Hc%Û 5sZly%k=_>k1yfшD]XS{;FWM`*@wXͱ4=@S/g,UO.;d8Byt̥.Ag#-/ S@Aeщ>ӌ.#J9(=ԡdñ.Hs`db q^ r0Ja N#0 ;1Q%2[L8rx_`0/]%'$+KDD^85G ؍U Iér 7KVirx͠ o7^4lJ#313|TYV;Fψbk}+_Y5yʓQ& :Ap4Ϣ>jZjF1V1tXmT"ҕқEF)!.GCPEՌwS+Jh.no+e\$p@|bXXw El-f #]tKT!~ Xm-eiHl]*vLTMoXG+HQŬ t9JRn30.^ [" 2YƒNJY*Ygߥ}{YDRxCh~q21ǙIX[Z^.i̗f$kuΏ@E/0Wݬ/q9"`y\)bᔉ(>_!ܞ`0q`s8 MĄa!"s}'J&6ePnARf0  B\"Zܱ=Pl+ēNHx.@mjӨ8hjN\ijEp).R'q O3{x !ɀD:`g΂ h 3Wo;7 ..gLZ'kϸ\:;B XJ҆i^?չiynbTL˄6A]&k^UI"#bہOLjࠄ)s WtIQ&yo$`ôA!d,8I8 ādyh*tmx|pH&hI.G)WᘚRXK^VOzn}  Vt$Y\*!-VW|sqZX XxtYt~"`Wy,WXAT}t{A{u M|IXaW HGauQН4UI: &̺kR[\R|3x y\H7AzFy؛=Fx9b-i3H(GQJɍx獩. St٦CWxإfzM9L +l$j>#Bѹ"y:ej`̞qwjXmfrk/& #Ւ+o ~sjs^خȖXgfW$f0-QT,_<,gHEj, =)'$DjxVNėj!aaYY\G9&bA](]n<~Rw!OljrKroG]܎DTwfO0l_T֢ClKjJ.k>Kd[yw?c\4h1d2{R'.`Oħat범Da%QCDgo+b'ge^Ha[] h7r0a!CfH9~BPY$Ene%M dy.w@i'$UxIʀ򵐢hK!v@Dx`Ŋf#%`dWؓ%^aHZW%v0XRZ䪗:?$0ӻ9Qq \&7RPiHQ[Da5 B@1$ҨŝIgqٜȷL"DĨۙMƪ$jUbr*jxν-jaeW=1[XeLNrEY@[CEdO=''S7sǓ F>|N#1.3t sAF lF͗{?0R I< Udm4VKW64vDf"ʴwvJ`\~nI eutIUOfTWbSV,j?#q^꥝M.S*p>Q&l[T<ylAK,2ҌbnCylNȻ -5no*W{`jBط-H%" > .9-i vvJХxd`48fi1$ ݒ6`뚓ݘAM@K Y.f̾gݚ;Gwx|5?| nypp3^ų'! , /pI)ͻ`(dia a t Vn\F,H'gzP&];h+~YjjcwAesI/D-6{oJ~zpSIw^Rdy4u r$-EuA+A,]Y 5 ~+¾VQYC213'EN_W3PJa5Fց}|)$ s  P!C C@ɖB*NiWX29VOP34)b"i+ EA|rNѦ*rtJaxJS&_ ]iV)2fU ;晗v >*_Q8bjqӊ$ah0nYLkD;[J[,)/6 =}鰫lU??B;;Ң[xؤ=2NP(ٓ|JΩJz- ,. >^ 賲V&LaY49";l1*4y|PO$ n'ouqR!wUk&phx\3brڋf5P>EAy+F`ZS*?ɇen& ~0&_ V]lj04wL4*ɴWd|"ؕFӃm%wgχX1YYZ&rt-ԦGU馔tVvB^ErZC.Ԥ)'+M}IBli0_[Zh,^K!(ZBH>PQ-m%X߆ W_-z$fx"+`أuy ܱp'gWªx7ޞHl_kGtb4Z2p꠼zBA'B=A[&M4qg)2z\։gZ0 9Bo=] xJdy- l~ݝnB 'ECkOm<%TVQPzZ$f_D=v]TN.šx3q\Nu{43u5\P%\[s]"IWxQ}Ql sD+h_O6+L=  ;~1Q_oN6A؟mA0 AĩV3]gti aW`]Лެ`]$bIAGu pH '#lͰ HE 4 ,rd⵾8!oUa"e6EhE1&y##Kĕ}LpZػ4qu5INQ Ď;|H%*XW!, /0IL`(diheɲ$0ܪ`+]D(faШt:K$&aQ!kQl"r nSqtvm9\d} lxq @; )Ȅwz &@RLsE2W n ZR[*\V6ՙnC-VьHY\ѴECܺ 蚒 K&N<" rk[Inh|{XN b|6M6 l\&zzQXN$U'ƺ҉W6*C[̵. /Y \j2zd 86핔!#q8B,'|9g.RSRm7e/h݄”g}=oxb5uL! 2PuC06X$IudVq:Z(Q q13UAlSpfzO JLDhxthr|!" &aOJ)]砣~aEEOG<i>df%wgNcfM.ZVM*C΋ۈ RB+`BzpP>諱I*ްA_E-.T%v[m Huô ؗeVN屎tv@$@Ih_gW*Wi%S=@D{эu` ^!>к,,%.5Bxz GQ@$7 :9.$ a=5>/>p%ȩGQ +ݧn: W7o q O>SWUdV#ڎ8!5hF/i%hz.-'_Xt[՗!]5|)X2mṒFz>vtRӟ~Շ`l̖;bHA8DJ&Dјۆj=ʼlZMwU ]"~&Ϲ(! ,8I8!1tGyp,tmx|_phHD6k** *mrѤoL.tm~Y7,O]٭Qrqmjz ,?~zFrzx?r#"TsR,Sķƴͽϩ"6m¸voȖ+Oh@0A|`!G*`H*ڝrHȜIsf fPjJ00bB6'䔩'YV"dRǪVhRN`etΣhcТh.Kvf4-JUsWG[& fװ5ǖ=  ( M/4S.ݲ# kQ|Xp jS\wi-dGw3TsΞ7)N][yBS{k9SD:^/;4^97kEi y`]ZFT v_Kr`O35 >GoFQ6QEH ^"%^*HLDt HcLDصJՕaRiȝmKv~48ZY (@Yb9MQuPԐ9 ș%~>rH`爉Bj8) [1R }ݑ "mS\Pfbͥ&d Pk ߟ2ETkE h2۬K@,zƊ,VQI'oH2)$;^ H%` =UeO~:\7FF)kz\>ٵr[ :b --F6•\FzZ4 e/k%U! #R)<QN9m^J -Aʹ.M[j+p Zuيlv٘J䘗U>ZAÂw!`RUO@H{+-{`\>ɓ'Pa:گ[\#sGh(gR yI* zPmXYlbd A LBim+V՝1-l γFnE ,a]l8LJ' B!%U,IlNzgL4:p{\S9KmLlSeFZR|_rXtFfBTf"F׌@3I&.ҳ.-Ut6w.m8fy1t\+k+gaRm5bX N9vGӑg5Lۅ i uɒ /Qͤk`$WWUַI6?z%kHVbj!)K+Ao|Igl찓N¡[x*MT1nq[6[RT^ֽ41ۚhĎ+qR|xqb^h3aئh <ѳT޹8NDZk}mڞ5n"5mۗֈ9j+fdb74\Ѧ!&(nVLJFf2FހD@9S-IFV!SʌX2hl) -Z`qR {6R(7/\Όfx=D`n \"Y# qȓi;ԓ0-ϔP*_̸hʸ' yU%&:ԥvTebme cyУ~bcyvQz f303 "PޙWfzA_u jVښ..CA y ^f3fnhƵD0ag͝W6Ř+Z%8޿({orV&|M9y5- .PB8UG| 5"T ACj ׀KUeT A # CH7/tKՇ7HħWM, ʓa_Y/1GYzF}^6mm1t+͸yiH )nwByg.u{_r8(uA][R=IN8=6ų&-D TDZ@J֫o~n>)_q̧mޑ5@}e}n {QV~5d5bv=q(m9V`Q-%5?rq jU 6Wwzh*gIGu`_ ' x:h9]J2vIht|蕄NAca[ouTt ͅq& ~C.dh|Ww^׃/>؄P6D^ M]}XmE7b}i!|C<oȃIGqFp]”sw#Sx#>G|}(S 鶈*.1owac}q؉Nxxk紊X>ab@wu@W[yG?sL 4x@(ƈY}FZ8L({8|  Dx*a[S̵/r9Xqphv脬(|KyxhO޷ l^ 'Tp Ae.l5#!m0HuPI}}YvҡYF+uevx^`(l&!Atp2U` kRUQ6UN”URiBoJYLȔ I~{FgUd0mBmd6RFPr6mDӊ9I^UR~#>_?}-b_ {}ɖPכ^FG^ crV(ojUE U3׏ygYR6b'\K1BЊXY'VYx(RzoQyכxXPHd zIeFpY9F"cZw@( r\4ngXZ!TglYG빠0I:TstDZPxl r)g <fE }F`\WJ^j`PHĉ;@U0 Vv=bzxh Z0 q:r! ,8I8s!i_8p,tmxW@S%H,Hj:.s ="1Ivz`tJ16[l _Ϫt2&u+CMoSKy+qnMf"N~d#*"Õ|l5ySٵ+û=Su{ԿXI->aJ(H!f tX 2H#Ǐ$P( I<%wQdGu<ЂC.J(t@Fa)GKz#e MkէP$ 0Vѧ$D$sB2xߚL3[fҀT~:K\@`:XP d@޻$HWN&PT^a4o(y?Ja0%} G7I N\D\%gNrSuZHalu21 fӛ7-6;AoAՐX|eUP6eчvCQT_^9)l|G$(G"@/X~%b/J3\ʩh`p[ S 4VO>aqVIrdEQ1%]fIp}ۇ"TAX$`[ nBAٜDSs'Tt dmTaJjIlȒ*uJ]aGި9Y%_٦MVS&ؔZ=Zk'9~Yg{6eVט{v{!DPe h-O2sUΦM]l{2嘳^Hr i,[`m{npMZmIVlNj V|2hTgr/yŖ10R*IoF+]r~NKN.Hu#"ܢjli%|iH]OvgdiYR)F&,nQi{)GsvZ_ԙ*,Pn}Y9%HX 8kq,j 'ew0g_4mWeG\)SBcuq^]0|`%}]JAҺ5%o-q%@`Nx%SŕD Hʵ?FIÈ0 |CDd0pX붆&#u++oólźxsXM&,hYnk_|# op#6DHM |¬& P8_^%G\b=@kpkr~@fmq:Tm+qZƿ`I05_xC+ 0>$JSs3JKF|g9+$@I(eZtuG6 m :?@߀XÃ[4L# @"MP-qHH$Fv<uY.OyQ2E'j 8 Bځ|([H׫)h)i>msʥ2j\ KH>{z5-ȊrsK\f&G* H4p?#걯"6fWT Y`=zN+\zwDL4h3 3L|}43 (*hq/wwݳ՜7`C֖#^v5)3 / IaɞXKyYfggOaǤdĕnؗffvz`jsdfR>!v;{$|]L1aeZF-,f_F}d+ɓv}Gw{d~5*Ԃ {DTnKZ5&Ya1:Ag(]LY<0@#Kqg{gqhq6(*hgu5 {l;6Md-UO(rG|YMj!tFIAD *4a U^E fG O&&}׊RuL ete?vCVHdG'ĂlqV7 %w~&dp52Xx#e3E$Lz$YHxPdMUfdL09hxfh8 keZ!mXŃI%VT'<„ gG|4X:㉼ƑBF#gHsDXX˵tJՍ &sUՇ~3=H'f!*` z׎SS^!j4J"Ljsp>~芁u"_Q'6daY@VHpP3j9k-ni[f]KZcR'mx*)hUk1)3/L9iCh8:PK}7%4=#DIR2MSGY~ XUvHX7$ HUC1t}sSS^U! _"ɒG͵,A%?\>(nR)x%b>qe8i9VΠ4ȕ9D~#d)Yj`ßTٵaP9aw)jq javEK.3 d&+`F5H[Dp~(UƇ ^p(v򕗌 .!$*o^kuh!h]РSb!.u%tbQ0P/jVtVqv`ghJ7*Bv"7jDI:_zz Ly3(=qQ@p/ګJ %ollȚ!d,8I8ͻ`(dihlp,tmx|pH,Ȥrl:ШtJZجvzxL.zn|N~G;mason-1.0.0.orig/mason-decide0100755000765700007640000002643107301020575014722 0ustar martinedv#!/bin/bash #echo First entry into mason-decide! #Copyright 1999-2000, William Stearns . #Given ipchains rules on stdin, allow the user to decide what to do with the rule. #- Script shouldn't care about the source of the rules. mgt feeds it a copy of newrules, then starts learning. #- Originally put in place with same newrulepolicy #- Feed mason output to this app. stderr? fed to this app or not? #stdin: rule input #stdout: send to user #&10: user terminal input #&11: accepted rules output #&12: postponed rules output #&13: mason's flag file output for exit (this script feeds !!EXIT!! to that file when user chooses quit. #cat indata | ./mason-decide 10<&1 11>accepted 12>postponed 13>flagfile #FIXME - ignore line w/ only whitespace #FIXME - should we be loading MASONLIB/CONF/running checksys, etc? almost certainly yes. #FIXME - use wrap? #Last YYYY code used: 0004, use 0005 next MASONDIR=${MASONDIR:-"/var/lib/mason/"} MASONCONF=${MASONCONF:-"/etc/masonrc"} MASONLIB=${MASONLIB:-"${MASONDIR}masonlib"} #MASONLIB=${MASONLIB:-"${MASONDIR}masonlib"} #My editor of choice (mcedit) gets quoting backwards if there is an odd number of these. if [ -f $MASONLIB ]; then . $MASONLIB else #Can't use wrap here - no library to load it from. echo Missing $MASONLIB library file. Please get a complete copy of Mason from >/dev/stderr echo http://www.pobox.com/~wstearns/mason/ . Exiting. >/dev/stderr sleep 10 exit 1 fi EOFREACHED='' mdcleanup () { #FIXME - this doesn't seem to catch before we get at least one rule... EXITNOW="YES" showstate 'mason-decide: exiting' if [ -n "$CURRLINE" ]; then echo "$CURRLINE" >&12 fi echo '!!EXIT!!' >&13 if type -path logger >/dev/null ; then #Give something in /var/log/messages to give Mason a kick through the last rule... logger 'Mason-decide exiting' fi COMMITTED="YES" if [ "$EOFREACHED" != "YES" ]; then while read INLINE ; do #postpone the rest echo "$INLINE" >&12 done EOFREACHED="YES" fi echo echo $0 done! IFS="$ORIGIFS" exit 0 } catchall trap mdcleanup SIGINT #Ctrl-C generates this #Problems: #Doesn't honor commentchar setting. #Doesn't deal with a mix of ipchains/ipfwadm. #Doesn't handle iptables at all. #Rules added by $0 - type header >>&11 ? #Add port to /etc/services and delete for rescan menu () { echo $ENH "Modify choices:" echo $ENH " ${KEY}E${NORM}dit manually ${KEY}E${NORM}dit the rule" echo $ENH " ${KEY}J${NORM}ot ${KEY}J${NORM}ot a note at the end of the rule" #append to the end with comment character echo $ENH " ${KEY}A${NORM}ccept change policy to ${KEY}A${NORM}ccept and commit" #place these three in baserules echo $ENH " ${KEY}D${NORM}eny change policy to ${KEY}D${NORM}eny and commit" echo $ENH " ${KEY}M${NORM}asq change policy to ${KEY}M${NORM}asquerade and commit" echo $ENH " ${KEY}R${NORM}eject change policy to ${KEY}R${NORM}eject and commit" echo $ENH "Commit choices:" echo $ENH " ${KEY}P${NORM}ostpone ${KEY}P${NORM}ostpone choice" #Append to newrules echo $ENH " ${KEY}T${NORM}hrow away ${KEY}T${NORM}hrow away line" echo $ENH " ${KEY}B${NORM}lockedhost make this host a ${KEY}B${NORM}LOCKEDHOST and delete the rule" echo $ENH " ${KEY}N${NORM}oincoming make this port a ${KEY}N${NORM}OINCOMING port and delete the rule" echo $ENH " ${KEY}C${NORM}ommit ${KEY}C${NORM}ommit to the permanent firewall set" echo $ENH " ${KEY}Q${NORM}uit postpone any remaining rules and ${KEY}Q${NORM}uit" #Feed !!EXIT!! to flag file, postpone rest of the rules #Postpone everything without exiting? #Original - go back to original version echo } #End of menu reppolicy () { #Replace the policy in CURRLINE with $1 if [ -n "$CURRLINE" ]; then case "$1" in [Aa]*) CURRLINE=`echo "$CURRLINE" | \ sed -e 's/\(.*\)ipchains\(.*\)-j [A-Z]*\(\W.*\)/\1ipchains\2-j ACCEPT\3/' \ -e 's/\(.*\)iptables\(.*\)-j [A-Z]*\(\W.*\)/\1iptables\2-j ACCEPT\3/' \ -e 's/\(.*\)ipfwadm\(.*\)-a [a-z]*\(\W.*\)/\1ipfwadm\2-a accept\3/' \ -e 's/\(.*\)ipfwadm\(.*\)\W-m\(\W.*\)/\1ipfwadm\2\3/'` ;; [Dd]*) CURRLINE=`echo "$CURRLINE" | \ sed -e 's/\(.*\)ipchains\(.*\)-j [A-Z]*\(\W.*\)/\1ipchains\2-j DENY\3/' \ -e 's/\(.*\)iptables\(.*\)-j [A-Z]*\(\W.*\)/\1iptables\2-j DROP\3/' \ -e 's/\(.*\)ipfwadm\(.*\)-a [a-z]*\(\W.*\)/\1ipfwadm\2-a deny\3/' \ -e 's/\(.*\)ipfwadm\(.*\)\W-m\(\W.*\)/\1ipfwadm\2\3/'` ;; [Mm]*) CURRLINE=`echo "$CURRLINE" | \ sed -e 's/\(.*\)ipchains\(.*\)-j [A-Z]*\(\W.*\)/\1ipchains\2-j MASQ\3/' \ -e 's/\(.*\)iptables\(\W*-[AI]\)\W*[A-Za-z0-9]*\(.*\)-j [A-Z]*\(\W.*\)/\1iptables\2 POSTROUTING -t nat\3-j MASQUERADE\4/' \ -e 's/\(.*\)ipfwadm\(.*\)\W-m\(\W.*\)/\1ipfwadm\2\3/' \ -e 's/\(.*\)ipfwadm\(.*\)-a [a-z]*\(\W.*\)/\1ipfwadm\2-a accept -m\3/'` ;; [Rr]*) CURRLINE=`echo "$CURRLINE" | \ sed -e 's/\(.*\)ipchains\(.*\)-j [A-Z]*\(\W.*\)/\1ipchains\2-j REJECT\3/' \ -e 's/\(.*\)iptables\(.*\)-j [A-Z]*\(\W.*\)/\1iptables\2-j REJECT\3/' \ -e 's/\(.*\)ipfwadm\(.*\)-a [a-z]*\(\W.*\)/\1ipfwadm\2-a reject\3/' \ -e 's/\(.*\)ipfwadm\(.*\)\W-m\(\W.*\)/\1ipfwadm\2\3/'` ;; esac fi #CURRLINE="$CURRLINE #$1" } #End of reppolicy if [ -f $MASONCONF ]; then #The entire loadconf function is not required . $MASONCONF fi #checksys #Disabled as we've already done this at least once in mason or mason-gui-text checkconf ORIGIFS="$IFS" IFS='' EXITNOW='' echo #FIXME - null CURRLINE when committed; check for null CURRLINE. echo $ENH Waiting for new rule, press ${KEY}Ctrl-C${NORM} to abort... showstate 'mason-decide: waiting for new rule' while [ "$EXITNOW" != "YES" ] && read INLINE ; do showstate 'mason-decide: processing rule' CURRLINE="$INLINE" #Check to see if the line is a firewall rule #Loop until some commit choice made. COMMITTED='' clear echo $ENH "${HEADER}-----------${NORM}" echo "$CURRLINE" echo $ENH "${HEADER}-----------${NORM}" menu while [ "$COMMITTED" != "YES" ] && read CHOICE <&10 ; do case "$CHOICE" in [Ee]*) echo Manually editing the rule. showstate 'mason-decide: editing rule' if ! type -path mktemp >/dev/null 2>/dev/null ; then TMPFILE="/var/lib/mason/manualedit" #FIXME - || RETVAL=$? ? likewise below. touch $TMPFILE else TMPFILE=`mktemp -q /tmp/mason-edit.XXXXXX` fi if [ $? -ne 0 ]; then echo $ENH "${WARN}$0: Can't create temp file.${NORM}" else echo "$CURRLINE" >$TMPFILE $EDITOR $TMPFILE <&10 CURRLINE=`cat $TMPFILE` rm -f $TMPFILE || : fi ;; [Jj]*) echo Jot a note at the end of the rule, append to end with comment character echo $ENH Please enter a comment. Just press ${KEY}Enter${NORM} if you changed your mind. read NEWCOMMENT <&10 if [ -n "$NEWCOMMENT" ]; then CURRLINE="$CURRLINE $CMNT$NEWCOMMENT" fi ;; [Aa]*) echo Change policy to Accept and commit to baserules reppolicy 'Accept' echo "$CURRLINE" >&11 COMMITTED="YES" ;; [Dd]*) echo Change policy to Deny and commit to baserules reppolicy 'Deny' echo "$CURRLINE" >&11 COMMITTED="YES" ;; [Mm]*) echo Change policy to Masq and commit to baserules reppolicy 'Masq' echo "$CURRLINE" >&11 COMMITTED="YES" ;; [Rr]*) echo Change policy to Reject and commit to baserules reppolicy 'Reject' echo "$CURRLINE" >&11 COMMITTED="YES" ;; [Pp]*) echo Postpone choice, append to newrules echo "$CURRLINE" >&12 COMMITTED="YES" ;; [Tt]*) echo Throw away line CURRLINE='' COMMITTED="YES" ;; [Bb]*) echo make this host a BLOCKEDHOST and delete the rule echo Please enter the host or network to block. echo Just press enter if you changed your mind. read TOBLOCK <&10 if [ -n "$TOBLOCK" ]; then echo "BLOCKEDHOSTS=\"\${BLOCKEDHOSTS} $TOBLOCK\"" >>/etc/masonrc #Block right now. dorule i input '' '' '' "$TOBLOCK" '' '' '' '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO mason-decide: YYYY 0001 dorule i output '' '' '' "$TOBLOCK" '' '' '' '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO mason-decide: YYYY 0002 dorule i input '' '' '' '' '' "$TOBLOCK" '' '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO mason-decide: YYYY 0003 dorule i output '' '' '' '' '' "$TOBLOCK" '' '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO mason-decide: YYYY 0004 CURRLINE='' COMMITTED="YES" fi ;; [Nn]*) echo make port a NOINCOMING port and delete the rule echo Please enter the port to make noincoming. echo Use the format \"portnumber/protocol\", such as echo \"telnet/tcp\" or \"23/tcp\". echo Just press enter if you changed your mind. read TONOINCOMING <&10 if [ -n "$TONOINCOMING" ]; then echo "NOINCOMING=\"\${NOINCOMING} $TONOINCOMING\"" >>/etc/masonrc #BLOCK right now for OUTSIDEIF in $INCOMINGINTERFACES ; do oneblockproto $TONOINCOMING $OUTSIDEIF done CURRLINE='' COMMITTED="YES" fi ;; [Cc]*) echo Commit to the permanent firewall set echo "$CURRLINE" >&11 COMMITTED="YES" ;; [Qq]*) echo Quit. When we exit the loop, any additional rules will be postponed EXITNOW="YES" if [ -n "$CURRLINE" ]; then echo "$CURRLINE" >&12 #Save current rule to postpone set fi echo '!!EXIT!!' >&13 COMMITTED="YES" ;; esac if [ "$COMMITTED" != "YES" ]; then clear echo '-----------' echo "$CURRLINE" echo '-----------' menu fi done #If not committed and read choice echo $ENH Waiting for new rule, press ${KEY}Ctrl-C${NORM} to abort... if [ "`echo $INLINE | sed -e 's/#.*//' -e 's/ //g'`" != "`echo $CURRLINE | sed -e 's/#.*//' -e 's/ //g'`" ]; then #If changed, remove old line and install new echo -n Rule changed, removing old rule... #REMOVEME #echo eval `echo $INLINE | sed -e "s/\(.*\)ipchains\(.*\)-[AI]\(\W*[A-Za-z0-9]*\)\(\W.*\)/\1ipchains\2-D\3$NOLOGSUFFIX\4/" \ # -e "s/\(.*\)iptables\(.*\)-[AI]\(\W*[A-Za-z0-9]*\)\(\W.*\)/\1iptables\2-D\3$NOLOGSUFFIX\4/" \ # -e 's/\(.*\)ipfwadm\(.*\)-[ai]\(\W.*\)/\1ipfwadm\2-d\3/'` eval `echo $INLINE | sed -e "s/\(.*\)ipchains\(.*\)-[AI]\(\W*[A-Za-z0-9]*\)\(\W.*\)/\1ipchains\2-D\3$NOLOGSUFFIX\4/" \ -e "s/\(.*\)iptables\(.*\)-[AI]\(\W*[A-Za-z0-9]*\)\(\W.*\)/\1iptables\2-D\3$NOLOGSUFFIX\4/" \ -e 's/\(.*\)ipfwadm\(.*\)-[ai]\(\W.*\)/\1ipfwadm\2-d\3/'` # || : ? Sigh. if [ -n "$CURRLINE" ]; then echo -n and installing new version... #the "N" after \3 on the iptables and ipchains lines was removed so the new rule will be added to the main chain and not the NOLOG chain. #echo eval `echo $CURRLINE | sed -e 's/\(.*\)ipchains\(.*\)-[AI]\(\W*[A-Za-z]*\)\(\W.*\)/\1ipchains\2-I\3\4/' \ # -e 's/\(.*\)iptables\(.*\)-[AI]\(\W*[A-Za-z]*\)\(\W.*\)/\1iptables\2-I\3\4/' \ # -e 's/\(.*\)ipfwadm\(.*\)-[ai]\(\W*[a-z]*\)\(\W.*\)/\1ipfwadm\2-i\3\4/'` eval `echo $CURRLINE | sed -e 's/\(.*\)ipchains\(.*\)-[AI]\(\W*[A-Za-z]*\)\(\W.*\)/\1ipchains\2-I\3\4/' \ -e 's/\(.*\)iptables\(.*\)-[AI]\(\W*[A-Za-z]*\)\(\W.*\)/\1iptables\2-I\3\4/' \ -e 's/\(.*\)ipfwadm\(.*\)-[ai]\(\W*[a-z]*\)\(\W.*\)/\1ipfwadm\2-i\3\4/'` fi echo done! fi CURRLINE='' showstate 'mason-decide: waiting for new rule' done #not EXITNOW and read INLINE if [ "$EXITNOW" != "YES" ]; then EOFREACHED="YES" fi if [ "$EOFREACHED" != "YES" ]; then while read INLINE ; do #postpone the rest echo "$INLINE" >&12 done fi echo echo $0 done! showstate '' IFS="$ORIGIFS" mason-1.0.0.orig/mason-gui-text0100755000765700007640000003602507215735261015264 0ustar martinedv#!/bin/bash set -e #Copyright (c) 1999-2000, William L. Stearns #See top of Mason script for copyright and licensing information. #Last YYYY code used: 0019, use 0020 next CKPTMGT=" mgt: Ground0" ; #ckpt $CKPTMGT MASONDIR=${MASONDIR:-"/var/lib/mason/"} MASONCONF=${MASONCONF:-"/etc/masonrc"} MASONLIB=${MASONLIB:-"${MASONDIR}masonlib"} #MASONLIB=${MASONLIB:-"${MASONDIR}masonlib"} #My editor of choice (mcedit) gets quoting backwards if there is an odd number of these. if [ -f $MASONLIB ]; then . $MASONLIB else #Can't use wrap here - no library to load it from. echo Missing $MASONLIB library file. Please get a complete copy of Mason from >/dev/stderr echo http://www.pobox.com/~wstearns/mason/ . Exiting. >/dev/stderr sleep 10 exit 1 fi catchall #Put in a default handler for everything; don't just let children die. trap preexit 0 #This gets nullified if we get a SIGHUP or SIGINT - see mgtcleanup. killrunningmason () { #A backgrounded Mason is a pain in the %$^#^%$ to kill... #I think I may have found my wooden stake. Have the equivalent of a pipe to mason; a #file which is tailed along with /var/log/messages into mason when it's run. When #we need to kill mason, echo '!!EXIT!!' into it and have mason look for it on stdin. #Until I'm sure this works, I'll keep the old "bludgeon it to death with sigs" #approach as a backup. if [ -n "$KILLFILES" ]; then for ONEKILLFILE in $KILLFILES ; do echo '!!EXIT!!' >>$ONEKILLFILE done sleep 5 for ONEKILLFILE in $KILLFILES ; do rm -f $ONEKILLFILE 2>/dev/null || : done KILLFILES="" fi if [ -n "$MASONTAILPID" ]; then kill -TERM $MASONTAILPID 2>/dev/null || : ; MASONTAILPID="" ; sleep 1 ; fi if [ -n "$MASONPID" ]; then #FIXME - check if it's still running first? #wrap Killing active $MASONPID >/dev/stderr kill -HUP $MASONPID 2>/dev/null || : sleep 2 kill -TERM $MASONPID 2>/dev/null || : MASONPID="" fi if [ -f "$MASONPIDFILE" ]; then for ONEPID in `cat $MASONPIDFILE` ; do if type -path ps >/dev/null 2>/dev/null && type -path grep >/dev/null 2>/dev/null ; then if [ -n "`ps ax | grep "^[[:space:]]*$ONEPID[[:space:]]" | grep mason`" ]; then #wrap Killing background $ONEPID >/dev/stderr kill -TERM $ONEPID 2>/dev/null || : sleep 2 kill -9 $ONEPID 2>/dev/null || : fi else kill -TERM $ONEPID 2>/dev/null || : fi done cat /dev/null >$MASONPIDFILE || : #SUDO? fi } CKPTMGT=" mgt: trap" ; #ckpt $CKPTMGT mgtcleanup () { #FIXME - should this be 'trap 0'? trap - 0 #If we received a signal, no need to process a "crash". unset CKPTMGT CKPTMASON CKPTCHECKSYS CKPTCLIENTPORTRANGE \ CKPTGENERALIZEIP CKPTIPLE CKPTIPLT CKPTISNUMERICIP CKPTLOADCONF \ CKPTSERVERPORTRANGE CKPTADDCOUNTS CKPTNAMEOF CKPTBROADCASTOF \ CKPTCHECKCONF CKPTDELCOUNTS CKPTFLUSHFIREWALL CKPTPORT2CISCOPORT \ CKPTPROTONUM2NAME CKPTRULETAG CKPTRUNFIREWALL \ CKPTSETTOS CKPTSORTRULEFILE \ CKPTUNIQRULEFILE CKPTUPDATECOUNTS CKPTNETWORKOF || : if [ -n "$VIEWTAILPID" ]; then kill -TERM $VIEWTAILPID 2>/dev/null || : ; VIEWTAILPID="" ; fi killrunningmason CKPTMGT="" echo wrap ${WARN}Exiting - you may need to reset the firewall...${NORM} exit 0 } trap mgtcleanup SIGINT #Ctrl-C generates this reprocess-newrules () { rm -f $NEWRULEFILE.tmp || : mv -f $NEWRULEFILE $NEWRULEFILE.tmp || : touch $NEWRULEFILE || : cat $NEWRULEFILE.tmp | $MASONDECIDE 10<&1 11>>$BASERULEFILE 12>>$NEWRULEFILE 13>/dev/null rm -f $NEWRULEFILE.tmp || : } if [ -f $MASONCONF ]; then #the entire loadconf function is not required . $MASONCONF fi CKPTMGT=" mgt: start" ; #ckpt $CKPTMGT checksys checkconf EXITCONTROL="NO" MASONPID="" MASONTAILPID="" VIEWTAILPID="" KILLFILES="" killrunningmason while [ ! "$EXITCONTROL" = "YES" ]; do clear echo $ENH "${HEADER}---- ${BLUE}Mason${HEADER} firewall builder for Linux ----$NORM" echo $ENH "${HEADER}---- Learning shell for Mason. ----$NORM" echo $ENH "${HEADER}---- see http://www.pobox.com/~wstearns/mason/ for more info. ----$NORM" echo $ENH "${HEADER}---- William Stearns ----$NORM" if [ -n "$MASONVER" ]; then echo $ENH "${HEADER}(This is release $MASONVER)$NORM" fi if [ -n "$MASONPID$MASONTAILPID" ]; then echo Mason is currently in learn mode. echo echo $ENH ${KEY}EL${NORM}: ${KEY}E${NORM}nd ${KEY}L${NORM}earning. showstate 'Mason-gui-text: Main menu, learning in the background' else echo Mason IS NOT currently learning. echo echo $ENH ${KEY}BL${NORM}: ${KEY}B${NORM}egin ${KEY}L${NORM}earning. showstate 'Mason-gui-text: Main menu, not learning' fi echo $ENH ${KEY}EB${NORM}: ${KEY}E${NORM}dit ${KEY}B${NORM}ase firewall rule file. #=> end learn echo $ENH ${KEY}EN${NORM}: ${KEY}E${NORM}dit ${KEY}N${NORM}ew firewall rule file. #=> end learn, ask to merge rulefiles when done echo $ENH ${KEY}MR${NORM}: ${KEY}M${NORM}erge ${KEY}R${NORM}ules from new to base. echo $ENH ${KEY}CS${NORM}: ${KEY}C${NORM}hange mason ${KEY}S${NORM}ettings. #=> sigusr1 mason when done echo $ENH ${KEY}LC${NORM}: ${KEY}L${NORM}ock this ${KEY}C${NORM}onsole and display new rules. echo $ENH ${KEY}Q${NORM}: ${KEY}Q${NORM}uit. #CKPTMGT=" mgt: Waiting for main menu choice" ; #ckpt $CKPTMGT CKPTMGT="" ; #ckpt $CKPTMGT read CHOICE || : CKPTMGT=" mgt: Calling $CHOICE" ; #ckpt $CKPTMGT case $CHOICE in [Bb][Ll]) wrap Begin Learning. showstate 'Mason-gui-text: starting to learn' echo CKPTMGT=" mgt: BL, flushing" ; #ckpt $CKPTMGT flushfirewall CKPTMGT=" mgt: BL, learning" ; #ckpt $CKPTMGT runfirewall LEARN CKPTMGT=" mgt: BL, set killfile" ; #ckpt $CKPTMGT NEWKILLFILE="$MASONDIR$RANDOM.tempflagfile" #FIXME - mktemp/mkstemp? touch $NEWKILLFILE || logfail $LINENO mason-gui-text: YYYY 0019 KILLFILES="$KILLFILES $NEWKILLFILE" CKPTMGT=" mgt: BL, tail" ; #ckpt $CKPTMGT if /bin/false ; then #Is there _any_ _friggin'_ _way_ to handle this cleanly and catch a non-zero return code? #Should we set +e here? ( tail -q -f --lines=0 $PACKETLOGFILE $KILLFILES | $MASONEXE >>$NEWRULEFILE ) & #nohup just before tail removed #SUDO on tail? MASONTAILPID="$MASONTAILPID `ps axf | grep -v grep | grep -A 1 '^[[:space:]]*$![[:space:]]' | tail -1 | awk '{print $1}' || logfail $LINENO mason-gui-text: YYYY 0001`" #I am open to ideas on better ways to figure out the pid of the tail command. Anyone? Bueller? MASONPID="$MASONPID `ps axf | grep -v grep | grep -A 2 '^[[:space:]]*$![[:space:]]' | tail -1 | awk '{print $1}' || logfail $LINENO mason-gui-text: YYYY 0002`" #FIXME - display this first so as not to mix output? wrap Mason is now running in the background. I will be showing the log output. Press Enter when you want to return to the main menu - Mason will continue to run in the background until you choose \"EL\" from the main menu. #tail -f --lines=0 $PACKETLOGFILE $NEWRULEFILE & CKPTMGT=" mgt: BL, background tail" ; #ckpt $CKPTMGT set +e #Turn off failure checking - I don't know how to handle a failure return code from it. tail -f --lines=0 $NEWRULEFILE & VIEWTAILPID="$VIEWTAILPID $!" set -e echo $ENH Press ${KEY}ENTER${NORM} to return to the main menu CKPTMGT=" mgt: BL, press enter" ; #ckpt $CKPTMGT read JUNK || : CKPTMGT=" mgt: BL, killtail" ; #ckpt $CKPTMGT kill -TERM $VIEWTAILPID 2>/dev/null || : ; VIEWTAILPID="" else #FIXME - check all files trap : SIGINT #make ctrl-c trap do nothing when running mason-decide #trap '{ echo Ctrl-C caught by mgt }' SIGINT #Ctrl-C tail -q -f --lines=0 $PACKETLOGFILE $KILLFILES | $MASONEXE | $MASONDECIDE 10<&1 11>>$BASERULEFILE 12>>$NEWRULEFILE 13>>$NEWKILLFILE #SUDO on tail? killrunningmason flushfirewall runfirewall STANDARD trap mgtcleanup SIGINT #Ctrl-C fi ;; [Ee][Ll]) showstate 'Mason-gui-text: Ending the learning process' if [ -n "`cat $NEWRULEFILE | sed -e 's/#.*//' | grep -v '^[[:space:]]*$' | grep -v '^export' || :`" ]; then #formerly YYYY 0003 wrap You still have unmerged rules in $NEWRULEFILE. Would you like to process them now? ${KEY}Y${NORM}/${KEY}N${NORM}? if askYN ; then reprocess-newrules ; fi fi wrap End Learning. killrunningmason flushfirewall runfirewall STANDARD ;; [Ee][Bb]) wrap Edit Base rule file. showstate 'Mason-gui-text: Edit base rule file' if [ -z "$EDITOR" ]; then wrap ${WARN}EDITOR was not set in your environment. Please set it with something like \"export EDITOR=mcedit\"${NORM} sleep 10 else cp -pf $BASERULEFILE $BASERULEFILE.bak || logfail $LINENO mason-gui-text: YYYY 0004 addcounts $BASERULEFILE $EDITOR $BASERULEFILE || logfail $LINENO mason-gui-text: YYYY 0005 if diff -bB <(sed -e 's/#.*//' -e 's/[[:space:]]//g' $BASERULEFILE | uniq || logfail $LINENO mason-gui-text: YYYY 0006) <(sed -e 's/#.*//' -e 's/[[:space:]]//g' $BASERULEFILE.bak | uniq || logfail $LINENO mason-gui-text: YYYY 0007) >/dev/null ; then wrap No changes made. else wrap Changes made, restarting firewall flushfirewall if [ -n "$MASONPID$MASONTAILPID" ]; then runfirewall LEARN else runfirewall STANDARD fi fi fi ;; [Ee][Nn]) wrap Edit the new rule file. showstate 'Mason-gui-text: Edit new rule file' if [ -z "$EDITOR" ]; then wrap ${WARN}EDITOR was not set in your environment. Please set it with something like \"export EDITOR=mcedit\"${NORM} sleep 10 else if [ -n "$MASONPID$MASONTAILPID" ]; then wrap Ending the learn process. ; fi killrunningmason uniqrulefile $NEWRULEFILE $EDITOR $NEWRULEFILE || logfail $LINENO mason-gui-text: YYYY 0008 if diff -bB <(sed -e 's/#.*//' -e 's/[[:space:]]//g' $NEWRULEFILE | uniq || logfail $LINENO mason-gui-text: YYYY 0009) <(sed -e 's/#.*//' -e 's/[[:space:]]//g' $NEWRULEFILE.bak | uniq || logfail $LINENO mason-gui-text: YYYY 0010) >/dev/null ; then wrap No changes made. else if [ -n "$MASONPID$MASONTAILPID" ]; then wrap Changes made, restarting firewall flushfirewall runfirewall LEARN else wrap Changes made, but no need to restart firewall as Mason is not running. fi fi fi ;; [Mm][Rr]) CKPTMGT=" mgt: start mr" ; #ckpt $CKPTMGT showstate 'Mason-gui-text: Merging rules' wrap Do you want to merge some, all, or none of the rules in this file to the base rule file? Enter \"${KEY}some${NORM}\", \"${KEY}all${NORM}\", or \"${KEY}none${NORM}\". unset WHATTOMERGE || : read WHATTOMERGE || : case $WHATTOMERGE in [Aa][Ll][Ll]) CKPTMGT=" mgt: mr all" ; #ckpt $CKPTMGT cp -pf $BASERULEFILE $BASERULEFILE.bak || logfail $LINENO mason-gui-text: YYYY 0011 #FIXME - should we or not? #uniqrulefile $NEWRULEFILE echo "#Rules merged from the new rule file:" >>$BASERULEFILE #cat $NEWRULEFILE | sed -e 's/^/#/' >>$BASERULEFILE #Use this version if you want to force them commented cat $NEWRULEFILE >>$BASERULEFILE || logfail $LINENO mason-gui-text: YYYY 0012 cat /dev/null >$NEWRULEFILE || logfail $LINENO mason-gui-text: YYYY 0013 wrap You will probably want to edit the base rule file next. ;; [Ss][Oo][Mm][Ee]) CKPTMGT=" mgt: mr some" ; #ckpt $CKPTMGT wrap What string identifies the rules to merge? unset MERGEID || : read MERGEID || : wrap There are `grep "$MERGEID" $NEWRULEFILE | wc -l` rules with that ID, and `grep -v "$MERGEID" $NEWRULEFILE | wc -l` lines without it, `cat $NEWRULEFILE | wc -l` total. if echo "Do you want to continue ({KEY}Y${NORM}/${KEY}N${NORM})" ; askYN ; then CKPTMGT=" mgt: mr some continue" ; #ckpt $CKPTMGT cp -pf $BASERULEFILE $BASERULEFILE.bak || logfail $LINENO mason-gui-text: YYYY 0014 #FIXME - should we or not? #uniqrulefile $NEWRULEFILE CKPTMGT=" mgt: mr some continue header" ; #ckpt $CKPTMGT echo "#Rules merged from the new rule file:" >>$BASERULEFILE #cat $NEWRULEFILE | grep "$MERGEID" | sed -e 's/^/#/' >>$BASERULEFILE CKPTMGT=" mgt: mr some continue append to base" ; #ckpt $CKPTMGT cat $NEWRULEFILE | grep "$MERGEID" >>$BASERULEFILE || : CKPTMGT=" mgt: mr some continue remove from new" ; #ckpt $CKPTMGT cat $NEWRULEFILE | grep -v "$MERGEID" >$NEWRULEFILE.tmp || : #Grep returns false if we happen to merge everything. CKPTMGT=" mgt: mr some continue overwrite new" ; #ckpt $CKPTMGT cat $NEWRULEFILE.tmp >$NEWRULEFILE || : CKPTMGT=" mgt: mr some continue remove tmp" ; #ckpt $CKPTMGT rm -f $NEWRULEFILE.tmp || : wrap You will probably want to edit the base rule file next. else wrap Aborting merge. fi ;; esac ;; [Cc][Ss]) if [ -z "$EDITOR" ]; then wrap ${WARN}EDITOR was not set in your environment. Please set it with something like \"export EDITOR=mcedit\"${NORM} sleep 10 else #wrap Here are the non-comment lines in $MASONCONF: #echo #cat $MASONCONF | sed -e 's/#.*//' | grep -v '^$' | uniq #echo #wrap Press ${KEY}enter${NORM} to edit this file #read JUNK showstate 'Mason-gui-text: Changing settings' cp -pf $MASONCONF ${MASONDIR}masonrc.bak || : $EDITOR $MASONCONF || logfail $LINENO mason-gui-text: YYYY 0015 if diff -bB <(sed -e 's/#.*//' -e 's/[[:space:]]//g' $MASONCONF | uniq || logfail $LINENO mason-gui-text: YYYY 0016) <(sed -e 's/#.*//' -e 's/[[:space:]]//g' ${MASONDIR}masonrc.bak | uniq || logfail $LINENO mason-gui-text: YYYY 0017) >/dev/null ; then wrap No changes made. rm -f ${MASONDIR}masonrc.bak || : else if [ -f $MASONCONF ]; then . $MASONCONF fi checkconf if [ -n "$MASONPID$MASONTAILPID" ]; then wrap Changes made, signalling mason to reread configuration. kill -USR1 $MASONPID 2>/dev/null || : else wrap Changes made. fi fi fi ;; [Ll][Cc]) if ! type -path vlock >/dev/null 2>/dev/null ; then wrap ${WARN}The vlock utility is not on this system. It is required to be able to lock the console. Once installed, this option will be available again.${NORM} sleep 15 else showstate 'Mason-gui-text: Locked console' if [ -n "$MASONPID$MASONTAILPID" ]; then #tail -f --lines=0 $PACKETLOGFILE $NEWRULEFILE & #FIXME - 'set +e' here? tail -f --lines=0 $NEWRULEFILE & VIEWTAILPID="$VIEWTAILPID $!" else wrap Mason is not currently learning, but I will lock this terminal anyways. fi vlock || : if [ -n "$VIEWTAILPID" ]; then kill -TERM $VIEWTAILPID 2>/dev/null || : ; VIEWTAILPID="" ; fi fi ;; [Qq]) showstate 'Mason-gui-text: Exiting' if [ -n "`cat $NEWRULEFILE | sed -e 's/#.*//' | grep -v '^[[:space:]]*$' | grep -v '^export' || :`" ]; then #formerly YYYY 0018 echo -n $ENH You may still have unmerged rules in $NEWRULEFILE. Would you like to process these now? ${KEY}Y${NORM}/${KEY}N${NORM} if askYN ; then reprocess-newrules ; fi fi EXITCONTROL="YES" wrap Exiting. Returning to the standard firewall. if [ -n "$VIEWTAILPID" ]; then kill -TERM $VIEWTAILPID 2>/dev/null || : ; VIEWTAILPID="" ; fi killrunningmason flushfirewall runfirewall STANDARD ;; *) wrap ${WARN}Unknown choice. Please enter the one or two character code.${NORM} ;; esac sleep 2 done CKPTMGT="" showstate '' mason-1.0.0.orig/mason-gui-text.10100644000765700007640000000150706706452675015426 0ustar martinedv.TH MASON-GUI-TEXT 1 .\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection .\" other parms are allowed: see man(7), man(1) .SH NAME mason\-gui\-text \- front end to mason .SH SYNOPSIS .B mason\-gui\-text .SH "DESCRIPTION" .B mason\-gui\-text is a "textual GUI" front end to mason, the interactive firewall builder. When it is run, it allows you to control mason's behavior through simple keystroke commands. It can start and stop mason, allow you to edit the rules generated (and re-merge them into the currently running rule set), and change mason's settings. It also has a "console lock" setting for locking the console down if necessary. .SH "SEE ALSO" .B "QuickStart, mason(1)" .SH AUTHOR This manual page was written by Jeff Licquia , for the Debian GNU/Linux system (but may be used by others). mason-1.0.0.orig/mason.10100644000765700007640000000410606706452675013660 0ustar martinedv.TH MASON 1 .\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection .\" other parms are allowed: see man(7), man(1) .SH NAME mason \- interactively create a firewall .SH SYNOPSIS .B mason .I "< logfile > rulefile" .br .SH "DESCRIPTION" This manual page briefly documents the .BR mason command. .PP .B mason interactively generates a set of firewall rules for a Linux\-based firewall. This is done by turning on full IP logging, watching the logs for connections, and generating rules describing the connections seen. .B mason is familiar with most of the quirks of various connection types (such as ftp and IRC), and can output rules for 2.0.x ipfwadm, 2.2.x ipchains, and Cisco packet filters. .PP .B mason operates by reading in log file information from standard input and writing firewall rules to standard output. This allows .B mason to work offline or on a separate system. Real-time firewall generation can be achieved with a command like tail(1). .PP Most users will want to run mason with a user\-friendly interface such as mason\-gui\-text(1). .SH ENVIRONMENT .B mason is configured using the following environment variables. .TP .B ECHOCOMMAND Sets the type of firewall rules that .B mason should output to standard out. Allowed values include "ipfwadm" and "ipchains". By default, .B mason outputs whatever kind of rules are supported by the currently running Linux kernel. .TP .B DOCOMMAND Sets the type of firewall rules that .B mason should run immediately when a rule is generated. Allowed values include "ipfwadm" and "ipchains". By default, .B mason outputs whatever kind of rules are supported by the currently running Linux kernel. .TP .B HEARTBEAT If set to "yes", .B mason will output a "+" or "-" to standard error whenever a rule generated by .B mason has been triggered. .TP .B DYNIP Set this to the list of interfaces that have dynamically assigned addresses, separated by spaces. .SH "SEE ALSO" .B "mason.txt, mason\-gui\-text(1)" .SH AUTHOR This manual page was written by Jeff Licquia , for the Debian GNU/Linux system (but may be used by others). mason-1.0.0.orig/mason.html0100644000765700007640000001131507467640611014456 0ustar martinedv The Mason HOWTO Next Previous Contents

    The Mason HOWTO

    William Stearns wstearns@pobox.com

    v1.0.0, May 2002

    This describes the basic operation of Mason and its use in creating firewalls under Linux.

    1. Formalities

    2. Introduction

    3. Quickstart

    4. Special considerations

    5. Configuring Mason

    6. IP protocols and their firewall characteristics

    7. Version summary (out of date, sorry)

    8. Advanced scenarios

    9. Notes about Mason itself

    10. Additional resources

    11. Authors, credits, feedback, copyright, how to help!

    Next Previous Contents mason-1.0.0.orig/mason.lsm0100644000765700007640000000127107467513520014303 0ustar martinedvBegin3 Title: mason Version: 1.0.0 Entered-date: 12MAY02 Description: Interactively creates a Linux packet filtering firewall. Keywords: automate mason packet filter firewall interactive ipchains ipfwadm Author: wstearns@pobox.com (William Stearns) Maintained-by: wstearns@pobox.com (William Stearns) Primary-site: http://www.pobox.com/~wstearns/mason/mason-1.0.0.tar.gz Alternate-site: ftp://buildkernel.ontique.com/pub/mason/mason-1.0.0.tar.gz Original-site: http://www.pobox.com/~wstearns/mason/mason-1.0.0.tar.gz Platforms: Linux, distribution and architecture independent. Tested on RedHat and Caldera Intel, Debian Alpha. Copying-policy: GPL End mason-1.0.0.orig/mason.pdb0100644000765700007640000012412207467640614014263 0ustar martinedvThe Mason HOWTOX@/DDTEXtREAd@o@o @o@oB@o$@o+@o4@o<@oD@o M@o V@o _^@o g@o pZ@oy@o@o@o@oS@o@o;  TheasonOWTO WilliamtearnssK@pobox.com 0v1.0.0,y 2002Thisescribesbasicperati(oftandtssenrengfirewallnderinux.__ORableiContents _O 1.ormalitie@ 1.1isclaimer2xpyleft2.ntroducف2Backgro:motiv2ory53mpbiyrequmt4Ƌur3.uickstar*p3`Make0sym haldyret(secP.2PllZ3page3repa/etc/servic84hos3.5ޓIxҒrfaw.6heckconfigufil7lynownulx0/var/lib/m/eM8un -gui-text-9ePyourosaty'gooeeeweek(ouildpis10mplZBfinalޙr4.pecihsi`"%4 Kernelpfw,2admIchains,zIp4DNSe4ؚr5enliz6ҍpor@nod4Slow chin(fastic8veHwhÍhnnK"9qudOfflJnroot6nHsterr. LebanonH, 03766,SA  Thisode @entirelywnedyilliamtearns (wsS@pobox.com)@andaso atiptoymployorgsponsor project.j2. Introduc!2"Ifou(ve0theck outason,ighremeiȈ4*)ainuxas fwall,P0eikei'XeverEu hort,pnl9ing튙runMtheervicesxernetwishsupp.w('eapshogri1turhematfepatl(Arules.rettyHolh?oCKȍiXtmworryb,"what(tID Again?"decisGEsipylug,@t˖yofgo. :)"j-ChrBr`cbS@soX.PescripYavbuildY() machineFmPtailowxؚd,eanobxground,oofpX!,hquicktaAaddi adocus0tcha's@ .txȕ p_ulbein llto/usr//j-{@}/ !famissBmYsu9st ghttp://www..orgcp`}r t``Q''-18B֦moЦ‘t-iea؎Y;kffawerfuӜFJcanꪙҦ ů1ivariousie0avablؑ/0vi꥙g onfig Atups'tPHblyexplwuǂbʣ"exinclud f0-grx0YdelistжspXbvjwh0tryt?withdefaul)lic*!rSomeook=piNp(Xane`hiB |ipAޠ  pfwadmyx"i_\strxTCP/IP n)&5 iRcur+`0woaunt@!oapxckatttRhPHltwoٔms②dynam:l(Atraffic搠S8ghpexaYS"ptelse꿩qrom|ANϯWwhil)Brunnh,^ЧÍaȽᗁAConyH'loHom!NFSqu#l chsel"""rej("aNW|evo!¹ ݧong1swIdm,p`!JEvpn A񠯹ubrHOWEVER_,agood_/_st_7sؿ0߸I7YtocolOKHMaH1XboPCheHO'ReAssoX (wqora.q')38cengeneraagbdesig OYa'sH1I'η࡝rؤpfalpsenpָ궄_T0y_L ys@ywork/_much_3`nܼ_XCzH@ckgpݫ2.2Bas((oop0zBeyáHԈҽ`knowsshoulHsheH1add8/var/lib/"/٥AI񶀮0requo owsʒP xӜmanownehajus0uildcHؾ9ifrpre(.alsoafaaghHbeeriԙnewhigenl2ч4κays:4A0lohwpscorponbnetSpecijP(0., 127Z1, 255.'5)qPp`prio/ configuredoeave addressesloner `verthemqhostnames. ThisivyouWG 1`MȾ@y0malyhetsec SeLxˠ!si*AdiatoSd`Guiy:infoiع󑰡`8f`ygProocʾx;yy j(rn(20ȕR2IXaAI5QIfou'Qʮrpm-,yX)$G7X -Uvhtp://www.Parns.org/pub/w/n/mason-1.0.0-0.noarch.rpm __O  Otherwise,ownload atestersiono /usr/src,o_`cdtar -xzvf 2....gz݁makenstallowNJgWq3.3. Prepare /etc/servicesqProbablyost8done!9Mqepends aewetuptails)be eprovidirewhatorksHJwayoutedMAsuz71 clude@erortamfor ҆o with,heoscrunninga%chine 0onhsomh2.F0examplif*uqshconnectanCsystem,WʃɁ 22/tcpkiprizmight9misst:iftp-dataʂ0o΃#Secshe:(uxfT98Mquid_ 312ڂO xyXHequX҃30/udIÁ–`tocol,qdy꡻Iti essary!剜aFY't@0hAlsoߍ_laci_cliؕ(čPfile;assuanyreferencہ!artx`veveoughPPf3,010CqwouldDo1sɁcaࡎ?orrQrul2'PQwhichTbe)ast zGBr tR"8t -an "`mma8L/Unix|dook9s2 "LISTEN"4Tshws!YavA,u҈wl)uhmoyeadҫqdoѫ҅h(lea7roocaq|Qipddr(firfH'.KAܱzbrouttBexcept 0.n~nyLb˨t(8peciy?:127Z12lʁ 72.16/uf!-b iD.mydomain.orgZ.13.14.15>0AINSIDE/capdiPnguifromrmalP'g[OUTi6.1Amyisns1߁(G/24.44緘ntϊ:onzЀC/)5j'?8alGoj9setpؾtawafin(runn±onpactulݥboIbexaigd,cextepEdit#mrcdֶ`#Ægۭ ( Pit'e))NETWORKS=". "Ӛquote HollowAq)3cdedHiy /32 TʅQdi ÂXi0e9tiX톑w؋榙?Lyڦe,Ihhad1ɺlO/255.!1G@h,ڐ񎿯ʚ2ʰfbuildCagsƏ)rG16/4 6CheckbazA5nu twanxoustomize?choix!ord dfieldsQ@ke8n|e)toe0bscHȦ$bottere!ewettingouustorasonoorktll: NEWRULEPOLICY,EFAULT}andLUSHED. Ifhaveofirewxcreajone"th@irtime,eachP"ACCEPT"Dur)learnprocess,wixtectiatY(packetssb8ccepted),utte`this h_l(_secu؁ystemtho؋h. (wanoakɈ(littleoPmightonsiderVofspoNY REJECT;bXcommenin /etc/mrc2b.txsinfonxparticular,KbuildPremlyiaXn0(sshssh,onbosomeA1aQseknow(bi׃raffixlmosIguarees;loa*iy7bpbox untiltreboxdrom+oleOu'꜐ru\ry *,HelɇjQthfieldueTڊ,|sYtc9reedb؊*tܓАolicyend3.7pPlacnynvar/lib3/base♁Nx\0peopYڂآdy,Cm fiI FexamF?dSsquerad Re 172.16.0.0/255.!`tI:ʧ4k4 uon'tS Iblem68Run-gui-textT(admedrudntary)0xfhelpB Cho"BL" (beg)w2spT7lpСPܪZ'p#ŪRChectop->220 nut whenۅed! Gisel ЖbxSdogIealreؘgrouAhdouAa*9 D๰KCܩAupporty:pma0Ps@IoughȻY" ` ݹ11pفL߁omrH8ڃ. Ygqha*ǿ`h"ew<" ahzg c9odif麨iHeX)choi:So Ed manuyWcHmakagdli Ӻ*haetلJo~bakX,V߄١acqJpQ@AccepTP춣IWithyZX3_oi@ݍactiI={(ler'*'PostpA@fK'YcoZ3oihaimʁ,)osûT;se "82"Р)X@sȼ|WJto`˰askhl xbԮd5Twwgy2 2`8ly%Blo`dh[ZzaLOCKEDHOSTe㴄Goodsomeone'sttackingoundBwantohunhemntirely. o Noincomake0isortOINCOMINGdelet9eule.8Tgoodorsatouldeverellowed鄘oyr#networkCommitePpermanP`wet.?ۃbatimQu @stpyemainɊ(iOops, (e釛lunch! Us@curr)9)o0rXzqueu@Once'reappyithHFet,topearFrom1enuZcan0EdBa\"EB" ЁZNewRMerge҈gener0yotedpwiXPoved utusion҄3prrʋʖRX_s_coct;nly]toajtoifveablЕݘ8(r"ntsysv"RedHȚ1krvice,aropriasymlink挹/etc/rc.d/t8to0rc3(S92ƚYistributs)T goalɟ(haafiҜha8ofs͌+mptew?Keep`Ȋ?:jnopstart+__s8dIғ2taway7Lautchoo"LC"locknsole)NMason kIhqhQt)se(s, اLvedIY`RipassZreOI  3.9pTeȩ`sggɉڢPweek*builQEneado«uda:xk|0wh{do tsX^Ajɴpenguypʎa8*chairo-sspiciou*grin*-10Implep}n ؏Tbgrou3couidayhfidKTgottraffic!JxmachiiRsup),m񘘫XQPagglIwp,b(Ѕ8 oNEWRULE w@;Aeff0xre!p2\ʿ#nowӼwisjustta&:Ǯm#Խ 7,#IJutomcme|4SpeciX10r@1rnel(Pȹmok s v8*cessary;p'y>saf)e YsXj<2 s.)JPwLloggi21empdJ;񔖂hρȪ,9m:Y__OAs -/c/net/ip_fwnsinpu߄/υo˺sxistحipT߉ӂ6fwadH_hf@nepfŰ8followtrueoooldtpp(䛸uxGsXȾfrom "A"n 1.3.66csom  requ 2.0`iss꿸)sy`m ٜun("z"#VfixlaXr)xly#n'Ԅ76,8ꚧSca؟:d0ri,HichcertدшRighthZ+| םenHeQmregl(97ngQSHOWTOhttp://metalab.unc.edu//B/BXdnrular,⾱qud5Ǥ2.4ipt3doesn'tavelagileike ipfwadmnd`chains. Whenouecomptheernel,ɀme1llfAfollowingnabled:etwork rewhs,vX,acket(loggalwaysefragt,rocsystem,ransparxy0supporpIPasqueradcmpxToeef}sJrtypensg `s:!__OH/sbin/e-a(ny -F -S 127.12.2.3/32 -o -Arward -sǁlǃ~tFORWARDǃjOG?߉/ ("-o"r@l"t"teloQ ȑticular(č(hichhouldveriwp). IfodonoIDI߃xnk_BwganrrorpOnor8nd,I'xhadȆhhasbut.Jpsolutionsame -Ǖ;includbP_8_'z(ooauntRtryyutomat8ۃuilder, "R",cbuahttp://www.0arorg/l/)48ӀII!CurRssMasXY@9$CˑqwiacceptricreʆH thr&Is@$icy #tectskiXruo`k1tghSlo(ridhenviron)ariCsp/etc/Xonrc,t!너descriesield;Makur2K9Ϥ execu@OőDddisؙxs!(µG (2Osʺ(ri@81.3.66bioursuQa:famzagygrpatsomefeQdK˥D1anystyb?31NSAokzhostn0cHXinvolvedC8s(un@y'Eisi`id,+"Xitu0Pwxsxeady8t re@| #eЂnewBٰ㿈turn/mowts... (9easyaR1oP1.serlrs [m;q,ju0lem IP'4RYorȻWh`aneedproc@(ay,war,qexit)Yxsؽ8٦Edecid!eڸPoy9rejP㽰AٿЃstopX#hs[xcPtp1Kfinal<3ȵJaffnce꼐docuBon0vbasic8agIw;[-rrɿybplac̅X*abYHO'Re hssocis⟠;wbhgen@uPhٿQشxIgla#A:ظIpHaclaim5GizZ Ks%data8etwePsp`f 9 Famp'ponfrohFTP< (ux.[.org)Iwi(bMkLAN:I__O/s`/ -iccept -Wpp0 -I -Pcp -SDž/32tDܿHdevel1.goober.net1024:65535 #i/`G7׆ x(possilo蒒o9s)Jrʜڍ,鼑idiculousaarJehzOwazy 72YNv\94:Byfaulp_generalizes_heourcendestinationP addresses. Forxample,Pvel1.goober.net/32seplacedith210.134.12.0/24 (ficti(us workMlockfhich= 1024 (nfs,,xd`rc,doliv.).4懴fou8_Xtcbautp؅(Aincorrectly)eneraliz"ange-65535krav8iȄisn'\ȘydS Qade󔩑ȅ8;o͌The@canccabshowpYp#w uldcd :@XadWell,knowѡfix2,ight? Justele,rltoؠ/Ҡ1rarn0ť_onb"8-ezCli`l(whicusujɏȡbetweeni@éways)1Ԫ؝ficEhsomeJ،,0missѤȐshϝ+lx_0Xacct3rurew0a@ /H䮇b(&hoٚXhɲNInternetgnedhNsDIANAAʅiat:Itp://0.isdu/in-@es/iana/azs/i-ks (lud e 0(nup-to-d ef;yib/mA/nmap-Rnynkڻf q2nhtHappendJpfwadm@wo 齂:beginnyЊu+("-i"), 䃀eM a"yzY9crez(lu3exhЪYe8sy@xordPÁhp9eie9Fo څлH,+piouotdQ ""yXi+phXrip[needСAkqXololdyagpackeYnyLBIat!c@J5Un tun`lyxmeaniQ s) ͂_`new7ӁAӵqw༔+iϴpgst4hptrick.t'laadhoabecaqrtmHyy,@esn't ÌheiTe< /HffecTis8r2hȷzwu{(afiib H5dÜu3 avoire8gaHmaj dX+ҽ hro sУmeP '$ lmoc _X_夻p'@anP}n(P8shZciٻ"ĥ@a˖ cn;orr(hBApchh#absupҚRdePX,(thr0iemxaЁ (cJinHNutKwardN;r"N0tPso$s2;g8uPdM~3All(0sus`XjDurcourмקآaquitHRIοȹvcreatorightantopendomei(workingithraffic typeshate/shHollow,8thenchver orcWWUreject deny (seeanpfwadmoJsubtleifferenceetwe҄ak). Ifouhange@ysett8syoos"CS"nson-gui-text,illautomaticyignalunnMɆ-dsonfiguronfileYPdoaxif^"YuZ0"kh -USR1s". jYtargefaruAccepD,Ҍ",(queradebonВYmenundqouthav"ooackaьmglobX%p4.14inpu0OutBForwardPTomplet0ter,LinuxerneleedBin`eachܗleasȇ for8s: ˙Ȅ0erѕystemPs)passrougX8"wa8hts9xiafacesCvڃ AC{os?+ecie/xTh4jstaP-it'sș(leg to,aaQobe!ed,ujXloX`lsedXHh9p!rewcoulёedjussaip(* !!cox橽Kaٝ󉂐sefulWhfromth0ٚ؞جQop-3r1no`2Krdrestric)ﻓY2򾲻҃SbeيbѺK,SmakHuR*up1rebo ! Loggɬa+hcolevierminals_requCP/IPXȂ1nev@)selfyRiddc"siworkenonundtrdQditions",idn'tou? AreQtillu|want toereatingirewaPnotHrectlynderrontrolJust)hought... 4.16.cklagLet'sooktomeandardules ȃows0telnetanIYservPwhe(these0onPtwofe 6ossible#) # AN_IP's,0rts 1024-65535 ->utside_worldGt 23'775)@Itsrettyafe,i`HmmmsaAonpf@achin0runsquiddPThisi8waiRfoZs3128dd@onPy,qrili‹qrouY'#=riteIprogramianfrom_ZtUȑݒoFrrAwithsuhent`UghTw1pvo œ(m aؒntif_0_nhichRG!redWqnٝ%:Oto_]:23,ubloWW3יnTCPCKJmQoescuee`packءo__av؏ seEyaftV_߁ߤ0IfiHɄ38om)BDeirh,qcatop2bogugEb9ڙ hy`PhinMo_tsreeesOYឈs`so hò(jeĖz=icmpXdp(sѭinSe dDNSy5cpma transfhlargnqesAp 535depend@wAsoftwɺH'0usFTP-dat'do28caeyTie(A8\issЕsshw$if /etc/1ichas riupnearY3bMasautticI /(liI܄pecif Y"-b" (bial) qIpuld"-k"lںpt1Bt! aoK)ofXhhlJboOI'denerzenra|P"-X--CESTABLISHED,RELATED"@)bau1doLnы anyiv`typraf;o42aoa\Pa4.17LimiX,defutuencemso groupeignchD9ddؐ? (Docuow.)yliviheNFS 5PConfigurBoׁ 򾙝via@vironvariyoZermancge`try9__OexVARIE=valu)_O#h0imttjuu{kmZbeXlgra 1example:ډ'wNJgail -f8b=0 /`/log/messsCHOCOMMAND=ipihmrǎgW}a""zrc,H@nbrcؖHdž|ipfwadm|n#AdetfninidRWkish)display? do_(_2;@PAfwAurrakelplS+ TF0Tk9-versa(RmbhiM'aka@cross$‰Hfol"wjsиspiЙȅa>-,et8ly,{ainp:a1/log/messagesrep '='hECHOCOMMAND=ipfwadmason >-wallat /var/Âchains CBothindsfirentrihavenhem;0is a[reablyood(lteroeMfromQingproc߆_unk. o DG||none #AutodetectedfnsetrvalidRWhicsicommaXshouldDru0evtypeid?F=FragmoffT=TTL(8-kthcoodirecڿwhinZhdUntunlySftp-adoe"ho1imu;suc 8asequencfASV8"active?"tp openingheataonne8onnnirofBohr. Hmmm...KThisaseleasedoworld 0.7.9. o r0a8(6/21/98) 20%peimprovementyhangIread(mmand Local[nameacPaddeOnflyolicGC(sPMajordocuaupeAnperforceGBreplacsoh'ithashternalatQ䉘6%oreus${#..}st@wc --byAsiz8trPyCutim4xessaryqon-fwallin@xthird&&+ -a.66/4 DB5Barode,lmostЌ'9,pfwadmupportly8dv9dcenarios8.1Gener8apXOyou'vethrough Quicktart,haiw? Nowe hhowؖus񗰗Hmatchrpcurit(irlXؘsabohpacketlЗ2uH 1щYfulfQa`aix accept ny (equivalAtorejtsscuss)Ȟ`nkitPI@)"defaulalsoc,setup!ifferafromXLll;2sy(m@peIbA+8ctrumwg77elltgooeetha@z1TCP/IP4:-)meand(loXsX(𿈃s8aeoyas8po,󢺾e_ϣBnyqnkW zynam("Q ;sڼ,tuia()ἰSecondHmypphew9l@Brhlyn(sirbhhusb₀ieEvAHeha翑uy(I;qɒRugges@mideal(atc,yhatr,'d@ks[ nin)we,fht!My manemaihddqs@pobox9jeb(softwт.&/~/on/Jeffcquia0s d8off zp8aup njDebiaa ,0rZؼ؛q aaXtgram1dribuDKnuds(wroniceru,HwrapPcrhBrɔ᜺`#X(newz"ipusx@ordៃلatxasiУreviewecur؅xn!du8"Hndal"dN.ࡩT鹉ėayZy "bugs",`Pain'imrmca`. JxzȲ9actuawhalsvi|ed.ȝfunchoPߌ+iZ@t3/pL؜،Qaxne;a`repla3sthqbirgenlI@nH( ơ8exa:ж__Oy{|Hd -e 's@22.33.44/32@fw-s8@'ܿ/292.168.1.1ipׁ0/24@-`|>$.Ԉ'wljgb-84ȸaumbsdolpsject: o Sendnugeports.߀suggestionsrixe&Organizeheocumentaa5DesignogoTakeverannounceroces.Helptegrateasonoouristribuqck,ustettingeHknowndwhich߆ʂworkss胸ful!??Webih:aoresesce'tpaililxs0developers,zdyrKTfilen2packagCopyright (c) 1998-2002yilliam`StearwsK@pobox.comefficquiaHy␨leaseᑨQGNUPL,\includ84IfYPdot(cia cflicense,Xctutha(seop+scriptB-inmҌKFrSoftwFdb)dalsorildkernel,oLinuxSerSorinsl911.1anksChrBrHXdePvhypalpyJndIan nwithؚcussInumbquI'veadbouetterakiyo`َledpwhimpizzaometi:-)_hwritte`xc@inetAtex-Zhalfwayrough΁˧cuؗ`82imp@:+;dҧ@:ultitocol&ԃbhooa,9plzed,8Xs QdLNa£0whXookredX ɰPerlodul'cad#doon£atz6HTML::LciouslPgБnaqporManyMxDa@(rnooffdnPtoIq`betaز@HsI`MaybᕱdayHt ؊`$.5peo ꀡ t0S1fiyyNickogn,ʠF0ZM`؀8kлpc *-&,uySApnh ttp://www.SorIaȅqolɆuI@t lyoesch@cl.!AϯA!rDImcode8returmunmмpayˏA!b(נpbeeAѫפQifebbiwmazpencUylJXjxPlo] mason-1.0.0.orig/mason.sgml0100644000765700007640000022460007467611365014463 0ustar martinedv
    The Mason HOWTO <author>William Stearns <tt><htmlurl url="mailto:wstearns@pobox.com" name="wstearns@pobox.com"></tt> <date>v1.0.0, May 2002 <abstract> This describes the basic operation of Mason and its use in creating firewalls under Linux. </abstract> <toc> <sect>Formalities <sect1>Disclaimer <p>---------------If you read nothing else, please read this---------------- This program offers an aid to creating firewall rules. It offers ABSOLUTELY NO intelligence in deciding what should be allowed or disallowed. It has ABSOLUTELY NO ability to understand your security policy and implement it. YOU are responsible for reviewing the rules and massaging them to fit your needs. While this documentation attempts to provide some general guidelines on how to use Mason, please remember: the author has no knowledge of what you want your firewall to do and has not tailored the documentation or program to specially fit your needs. If there is ever a discrepancy between your needs and the program output or your needs and the documentation, the program and/or documentation are _dead_ _wrong_. <sect1>Copyleft <p> Mason interactively creates a Linux packet filtering firewall. Copyright (C) 1998-2002 William Stearns <htmlurl url="mailto:wstearns@pobox.com" name="wstearns@pobox.com"> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. The author can also be reached at: <descrip> <tag>email</tag><htmlurl url="mailto:wstearns@pobox.com" name="wstearns@pobox.com"> (preferred) <tag>web</tag><htmlurl url="http://www.stearns.org/mason/" name="http://www.stearns.org/mason/"> <tag>snail</tag><verb> William Stearns 6 Manchester Dr. Lebanon NH, 03766, USA </verb> </descrip> This code is entirely owned by William Stearns (<htmlurl url="mailto:wstearns@pobox.com" name="wstearns@pobox.com">) and has no relation to any employer or employer sponsored project. <sect>Introduction <p><quote> "If you have not checked out Mason, I highly recommend it. Mason is a Linux based firewall, but none like you've ever used. In short, you put Mason into learning mode and run the services to the Internet you wish to support. Mason will then take these log entries and turn them into a set of packet filtering rules. Pretty cool eh? No ACK compliment rules to worry about, no "what was that service port again?" decisions to worry about, simply plug it in, let it learn and off you go. :)"</quote> - - Chris Brenton, <htmlurl url="mailto:cbrenton@sover.net" name="cbrenton@sover.net"> <p> The Mason script interactively builds a (fire)wall on a Linux machine. For more details about how this is done, please read on for background, theory of operation, a quick start, and additional documentation on firewalls and firewall gotcha's. mason.txt and related documentation should have been installed to /usr/doc/mason-{version}/ . If they are missing or you would like to make sure you have the latest version, please go to <htmlurl url="http://www.stearns.org/mason/" name="http://www.stearns.org/mason/"> . The impatient should go right to the <ref id="quickstart" Name="Quickstart">. <sect1>Background and motivation <p> The built-in firewall features of the Linux kernel offer a powerful set of packet filtering features that can be used to build a firewall. The various pieces of available documentation provide an introduction on how to configure the firewall for simple setups, but can't possibly explain how to configure a firewall for more complex setups, including fine-grained allow and deny lists. This is especially obvious when trying to create a firewall with a default policy of deny. Someone looking to configure a linux firewall is simultaneously hit with the complexity of trying to understand the ipfwadm syntax, trying to understand the structure of TCP/IP connections, and trying to create and implement a security policy. No wonder firewalls are daunting! The Mason application attempts to handle the first two problems by dynamically creating the firewall based on the traffic flowing through it. For example, if you start up a telnet session through your firewall from a machine on your LAN to a machine out on the WAN while mason is running, mason will create all the rules necessary to allow this traffic. Conversely, if you're looking to block incoming NFS requests, simply launch mason, select a "deny" or "reject" policy, and make the NFS connection. When the firewall is restarted, voila! No more incoming NFS. Creating a firewall no longer requires understanding the ipfwadm, ipchains or iptables syntax. Even novices can create a firewall under Linux. _HOWEVER_, creating a _good_ firewall _still_ requires some understanding of TCP/IP protocols and packet filtering. Many good books cover this. Check out O'Reilly and Associates ( <htmlurl url="http://www.ora.com" name="http://www.ora.com"> or <htmlurl url="http://www.oreilly.com" name="http://www.oreilly.com"> ) for some excellent general coverage of firewall designs. One last novice's mistake I'd like to see Mason users avoid is the false sense of security that a firewall can provide. _Truly_ securing a system or network requires _much_ more than simply filtering packets. The aforementioned books provide a great background in general security. <sect1>Basic theory of operation <p> Before starting, if the user has some rules that he or she knows should be used in this machine, these can be added to /var/lib/mason/baserules. As part of the process of running Mason, we'll add rules that log all other packets to /var/log/messages. The "tail" command is used to feed these log messages into Mason, which converts each log entry into the corresponding command necessary to allow that kind of traffic. In the previous telnet example, 6 different firewall rules would be created on the firewall, three for the original request packet, 3 for the response back from the server (just 1 or 2 in iptables firewalls): <verb> pkt 1: Allow telnet request in from LAN pkt 1: Forward request through firewall pkt 1: Allow request to exit to WAN pkt 2: Allow telnet response back into firewall from WAN pkt 2: Forward response through system pkt 2: Allow response to exit back to the original machine on the LAN. </verb> All packets from 3 on are handled by these rules. There may be a short delay in the initial connection as the rules are created. The script creates the actual ipfwadm/ipchains/iptables commands to accomodate the packet flow. When the command is executed the new rule is inserted at the head of the existing rules so that future packets of this type no longer reach the logging rule at the bottom. The rules are also echoed to the console so that you can see the rules as they are executed or redirect them to a file. This process is handled automatically by mason-gui-text. If any of this is unclear, take a look at the <ref id="quickstart" Name="Quickstart"> which walks you through actually running it. It'll make more sense when you see it in action. <sect1>Compatibility and requirements <p> <itemize> <item>Distributions <itemize> <item>Heavily tested on RedHat 5.x, 6.x, and 7.x <item>Compatible with Debian 2.x <item>Probably works with Slackware <item>Probably works with Suse, but you need to choose between the default /etc/rc.d/init.d/firewall and the one included with Mason </itemize> <item>Requirements <itemize> <item>Bash 1.x or 2.x <item>Standard system utilities: awk, cat, chmod, cut, grep, head, ifconfig, mkdir, ps, route, sed, sleep, sort, tail, touch, tr, true, uniq and wc <item>A kernel that supports packet filtering and packet logging (kernel 2.0's ipfwadm, kernel 2.2's ipchains, or 2.4's iptables) <item>The ipchains, ipfwadm or iptables binaries. </itemize> <item>Things Mason doesn't care about <itemize> <item>Hardware architecture (i386, Axp, Sparc...) <item>Number or type of interfaces <item>Whether the machine is a router or end-node (a normal server or workstation). </itemize> </itemize> <sect1>Features <p>Mason supports the following: (see the release notes for additional features) <itemize> <item>It accepts any mix of ipchains, ipfwadm or iptables log entries as input. <item>It can run on an ipfwadm, ipchains or iptables kernel. <item>It can spit out ipfwadm, ipchains or iptables output. <item>In theory, the above 3 are independent from each other. Mason can, for example, accept ipchains and ipfwadm log entries, run on an ipfwadm host, and output ipchains rules. Unfortunately, the structure and design of an iptables firewall is sufficiently different from ipfwadm and ipchains firewalls that you can't automatically convert back and forth. <item>It will run on the firewall machine or on another machine, using the firewall's packet logs as input. <item>It can run as the traffic is flowing through the machine or be fed the firewall logs later. <item>While there are some advantages to running as root, it can be run as a non-root user. <item>Mason will put in a macro for dynamic IP addresses, usually for your ppp link. <item>It supports any kind of interface that can carry TCP/IP traffic. <item>It recognizes any protocol listed in /etc/services and commonly used icmp protocols. <item>It automatically handles setups such as cable modem or satellite where the packets go out on one interface and come back on another. <item>It automatically handles masquerading on the firewall and the strange rules that can require. <item>It allows you to put in any rules you may know you need and fills in the rest, or just builds the entire thing for you if you prefer. It can also be used after a firewall has been created to fill in some new rules or new protocols. <item>It automatically generalizes the firewall rules in the following ways: <itemize> <item>Any local IP addresses are converted to the corresponding local network. Special IP's (0.0.0.0, 127.0.0.1, 255.255.255.255) are handled appropriately. Mason can also be configured to leave addresses alone or convert them to hostnames. This gives you the ability to either treat all machines in a subnet as having equal access rights or create fine-grained access rules for individual servers, as you choose. <item>Non-local IP's are converted to 0/0 (anywhere). <item>Port numbers in /etc/services are converted to the corresponding service name. <item>High port numbers are generalized to 1024:65535. The special port needs of ssh, traceroute, nfs, ip masquerading, irc, x, openwindows, and vnc are handled automatically. </itemize> <item>The ack flag is set for all tcp connections except for ftp. <item>The TOS (type Of Service) flag is set for ftp, ftp-data, imap, irc, nntp, pop, ssh, snmp, and telnet to improve interactive performance by queuing interactive packets ahead of bulk transfer packets. <item>Each output line is commented to give you an idea of what it's for and allow for easy grouping via sort. <item>The rule policy can be changed on the fly without having to stop Mason. <item>Because Mason is a shell script, it can run on any system with bash and basic GNU tools (sed, awk, grep, etc.). Actually creating the firewall log entries, interactively building the firewall, or implementing the finished firewall needs requires a Linux system with appropriate kernel (generally 2.0.0 and up, including 2.1.x and 2.2.x) with firewalling and firewall packet logging built in. <item>Thanks to Don Howard <htmlurl url="mailto:howarddj@bigvax.alfred.edu" name="howarddj@bigvax.alfred.edu">, Mason 0.12.0 and above have initial support for creating Cisco ACL's. The support is not truly complete, and hence untested. It needs someone that's interested in working with me on the project before it's complete. <item>A rather extensive manual/howto/notes file covers operating Mason and some issued associated with packet filtering firewalls. Good reading for anyone trying to understand some of the more advanced topics in packet filtering firewalls. <item>automatically makes masq rules for reserved addresses <item>icmp subcodes <item>support for ip tunneling, cipe and a number of other protocols <item>removal of the namecache (no longer needed) <item>mason now stops logging packets quickly while it does the main processing <item>stop using ipcalc to calculate broadcast <item>don't touch /etc/hosts or /etc/services <item>more Debian integration and two man pages (Thanks, Jeff!) <item>support for ipchains-save output format <item>support for --sport and --dport (Thanks, Rusty!) <item>major documentation updates <item>the ability to add packet counts to each rule, sorting the most commonly used rules to the top (ipfwadm and ipchains only; iptables no longer requires this). <item>misc. bug fixes and performance improvements <item>fixes to the Cisco output format <item>the ability to generalize the ack rules for tcp connections, cutting 25%-35% of the rules <item>an internal checkpointing ability to help in debugging <item>Mason can find the smallest subnet that encompasses the ips found on a dynamic interface <item>and no_outgoing_ protocols </itemize> <sect>Quickstart<label id="quickstart"> <p> This document is designed to help people who are unfamiliar with Mason build a firewall using it. A novice user should be able to start building a basic firewall using these instructions in 20 minutes. <code> #include <disclaimer.h> </code> <sect1>Make sure the system is already pretty secure. <p> See the Linux security sites and the Linux Administrators Security Guide for more info. A strict packet filtering firewall is useless if someone can get root access somehow; they can just turn off the firewall. <!-- #FIXME add urls to security references --> <sect1> Install the Mason package <p> 5 minutes or less. If you're using an rpm-based system, type just <code> rpm -Uvh ftp://www.stearns.org/pub/wstearns/mason/mason-1.0.0-0.noarch.rpm </code> Otherwise, download the latest version to /usr/src, <code> cd /usr/src<Enter> tar -xzvf mason...tar.gz<Enter> cd mason...<Enter> make install<Enter> </code> <sect1> Prepare /etc/services <p> Probably mostly done! Mason depends on a few setup details to be able to provide a firewall that works in the way you intended. Make sure that /etc/services includes the server port names for all services you intend to work with, whether those services are running on the firewall machine or on some other machine. For example, if you intend to use ssh to connect to another system, make sure that the line <verb> ssh 22/tcp </verb> is in /etc/services. Entries that might be missing include: <verb> ftp-data 20/tcp ssh 22/tcp #Secure shell linuxconf 98/tcp squid 3128/tcp #Squid proxy cache requests icp 3130/udp #Inter Cache Protocol, used in squid </verb> It is not necessary to include entries for services that you don't use. Also, do _not_ place entries for _client_ ports in this file; Mason assumes anything referenced in this file is a server port. For example, even though one of the client ports used for ssh is 1022/tcp, you would _not_ place this in /etc/services. Doing so would cause Mason to provide incorrect rules. If you're not sure which ports are being used as servers on the firewall or on other machines on your network, use the "netstat -an | less" command on Linux/Unix systems and look for lines with "LISTEN". <sect1> Prepare /etc/hosts <p> Probably mostly done! Try to place short names first. You don't have to do this, but the firewall will be much more readable in the end if you do. Make sure that your /etc/hosts file has at least entries for: <itemize> <item>locahost <item>the ip addresses of all interfaces on your firewall <item>all the networks in your routing table except 0.0.0.0. <item>all dns servers <item>any other hosts that Mason might treat specially </itemize> For example: <verb> 127.0.0.1 localhost 172.16.0.1 fwall-inside bastion bastion.mydomain.org 12.13.14.15 fwall-outside 172.16.0.0 INSIDE #I use all caps to distinguish networks from normal IP's. 12.13.14.0 OUTSIDE 12.13.16.10 myisp-dns1 12.13.16.11 myisp-dns2 12.13.14.44 ntp bonzo bonzo.mydomain.org </verb> <sect1>Prepare the routing table and interfaces <p> Probably already done! Mason assumes that the routing table and interfaces are set up to match the way the final firewall will run. If you're running this on the actual firewall machine and all the interfaces and networks have been configured, proceed to the next step. Edit /etc/masonrc on the machine on which Mason will run. Edit the line (or add it if it's not there) <verb> NETWORKS="....." </verb> Inside the quotes, place the following: <itemize> <item>All ip addresses of all interfaces for the firewall, each followed by /32 . <item>The ip's of any hosts that shouldn't be treated identically to the other machines on their respective networks. <item>All networks whose machines the firewall should treat identically. </itemize> For example, if the firewall had IP address 172.16.0.1 on network 172.16.0.0/255.255.0.0 and IP address 12.13.14.15 on network 12.13.14.0/255.255.255.0, I would add the following line to /etc/networks if I was building the firewall on another machine: <verb> NETWORKS="127.0.0.1/32 172.16.0.1/32 12.13.14.15/32 172.16.0.0/16 12.13.14.0/24" </verb> <sect1>Check the configuration file <p> 5 minutes, more if you want to customize. The configuration choices in /etc/masonrc are ordered so that the fields you'll most likely need to edit are at the top and the really obscure ones are at the bottom. There are a few setting you must set for Mason to work at all: NEWRULEPOLICY, DEFAULTPOLICY, and FLUSHEDPOLICY. If you have no firewall at all and are creating one for the first time, set each to "ACCEPT". During the learning process, you will have no protection at all (all packets will be accepted), but note that this is no _less_ secure than a system without a firewall. If you want to make the creation process a little more secure, you might consider setting one of these to DENY or REJECT; see the comments in /etc/masonrc and mason.txt for more info on this. In particular, if you are building this remotely via a telnet or ssh session, note that setting one of the above to something other than ACCEPT before Mason knows about the telnet or ssh traffic almost guarantees that you will lose the ability to telnet or ssh to the box until it is rebooted from the console. If you're in a rush to try out Mason, feel free to set just these three fields and continue. The more of the settings you set to match your needs, the better the firewall will be at matching your security policy in the end. <sect1>Place any known rules in /var/lib/mason/baserules <p> No time for most people. If you know some rules you'll need already, put them in this file. For example, if you know you'll need to masquerade all traffic from the 172.16.0.0/255.255.0.0 network, a sample rule for this is already in baserules. If you don't know of any, no problem. <sect1>Run mason-gui-text <p> This (admittedly rudimentary) interface helps you build the firewall. Choose "BL" (begin learning) and watch mason start to spit out the firewall rules that perfectly match your system's network traffic. Check that stopwatch - you're building a firewall less than 20 minutes from when you started! Give yourself a pat on the back. Mason will do a great deal of the rest in the background while you're doing your day to day work. Do all of the things you want this firewall to support. If you want to allow mail to be sent through it, send mail through it. if you want to be able to ping it, ping it. If you want to be able to traceroute from it, traceroute from it.... You get the idea. Mason will present the new rules that match your networks traffic. For each rule you'll be given the chance to modify the rule or commit the rule. Here are the modify choices: <itemize> <item>Edit manually Edit the rule. You can make any changes you'd like to the rule before committing it to the permanent ruleset. <item>Jot Jot a note at the end of the rule. You can enter a comment to be placed at the end of the rule. <item>Accept change policy to Accept and commit. Without changing any of the rest of the rule, this changes the rule action to Accept (let the packet pass) and commits it to the permanent ruleset. <item>Deny change policy to Deny and commit. Like the above, but change the policy to Deny (or drop, as appropriate for the firewall type; deny and drop discard the packet without sending any error message back to the original sender). <item>Masq change policy to Masquerade and commit. Like the above, but change the policy to Masquerade. Masquerading allows multiple machines to share a single IP address; the more general term is "many-to-one NAT". <item>Reject change policy to Reject and commit. Like the above, but Reject the packet. Like Deny/Drop, the packet is discarded, but Reject sends back an error message to the original sender. </itemize> <p> Here are the commit choices: <itemize> <item>Postpone Postpone choice. If you can't decide what to do with a rule, or don't have the time to decide, choose postpone. This saves it to the "newrules" file, which is not used in the firewall at boot time. You'll be asked later about any rule choices you postponed. <item>Throw away Throw away line. Forget the rule entirely. <item>Blockedhost make this host a BLOCKEDHOST and delete the rule. Good if someone's attacking you and you want to shun them entirely. <item>Noincoming make this port a NOINCOMING port and delete the rule. This is good for ports that should never be allowed in to your network. <item>Commit Commit to the permanent firewall set. Commit the rule verbatim. <item>Quit postpone any remaining rules and Quit. Oops, time for lunch! Use this to postpone the current rule and any others in the queue. </itemize> Once you're happy with a firewall ruleset, stop learning. From the main menu you can either Edit the Base ruleset with "EB" or Quit. Edit New and Merge Rules are generally not needed and will be removed in a future version. Baserules is reserved for rules that you are _sure_ are correct; only these rules get loaded at boot time if you've enabled the firewall (run "ntsysv" in RedHat and enable the firewall service, or make the appropriate symlink from /etc/rc.d/init.d/firewall to /etc/rc.d/rc3.d/S92firewall for other distributions). The goal is to have a baserules file that has all of the rules you've approved and an empty newrules file. Keep in mind that the firewall that will normally be started at boot time _only_ uses rules from baserules. If you need to step away from the firewall for a minute, choose "LC" (lock console) from the main menu. Mason will keep on learning and you'll still see the new rules, but that console will be locked. You'll need to enter the root password to return to the main menu. <sect1>Tell your boss that you're going to need a few weeks to build this. <p> Then head off to Bermuda and bask in the sun while Mason does its learning. And make sure you have a penguin typing away in your chair so no-one is suspicious. *grin* <sect1>Implement the final firewall. <p> Once you've let Mason run in the background for a couple of days, are confident that you've gotten all of the traffic types this machine needs to support, have merged all of the rules to baserules, and are confident they are what you want, lock down the firewall. In /etc/masonrc, change DEFAULTPOLICY to DENY. If you want to keep Mason running to see if any stragglers show up, you'll probably want to change NEWRULEPOLICY to DENY as well; this has the effect of creating rules for new packet types, but they are DENY rules now. Otherwise, just start the standard firewall with: /etc/rc.d/init.d/firewall start If you've made the symlink in step 7, the firewall will be started automatically at boot time. <sect>Special considerations <sect1>Kernel <p> (Please note that most kernels provide the support necessary; it's probably safe to check back with this section only if you have problems.) IP firewalling and firewall packet logging have to be compiled into the kernel. To see if IP firewalling is compiled into your kernel, type the command: <code> ls -al /proc/net/ip_fwchains /proc/net/ip_input </code> If ip_fwchains exists, you have ipchains compiled into your kernel. If ip_input exists, you have ipfwadmin firewalling compiled into your kernel. If neither file exists, one of the following is true: <itemize> <item>Your kernel is too old. It appears that linux firewalling switched from the old "ipfw" firewalling in 1.3.66, but some features require 2.0.0. <item>Your kernel is missing the proc filesystem or it's not mounted ("mount /proc" will probably fix the latter). If your kernel truly doesn't support the proc filesystem, reboot into the kernel that came with your distribution, which almost certainly does. <item>You have the right version of the kernel, but firewalling is not enabled. You must recompile the kernel and turn on firewalling. See the HOWTO's at <htmlurl url="http://metalab.unc.edu/linux/HOWTO/" name="http://metalab.unc.edu/linux/HOWTO/"> to see how this is done. In particular, see the masquerading and kernel HOWTO's. <item>Your 2.4 kernel has iptables, which doesn't have a flag file like ipfwadm and ipchains. </itemize> When you recompile the kernel, I recommend you have all of the following enabled: network firewalls, ip firewalling, firewall packet logging, always defragment, proc filesystem, transparent proxy support, IP masquerading, and icmp masquerading. To see if firewall packet logging is enabled in your kernel, type one of the following commands: <code> /sbin/ipfwadm -a deny -F -S 127.12.2.3/32 -o <Enter> /sbin/ipchains -A forward -s 127.12.2.3/32 -l <Enter> /sbin/iptables -A FORWARD -s 127.12.2.3/32 -j LOG<Enter> </code> The "-o" or "-l" at the end tells the kernel to log this particular packet type (one which should never show up). If your kernel does not support logging, I _think_ you would get an error. On the other hand, I've never had a kernel that has firewalling but does not have logging. The solution is the same - recompile your kernel to include both firewalling _and_ firewall packet logging. (If recompiling a kernel is too daunting, try my automated kernel builder, "buildkernel", which can be found at <htmlurl url="http://www.stearns.org/buildkernel/" name="http://www.stearns.org/buildkernel/">). <sect1>Ipfw, Ipfwadm, Ipchains, and Iptables <p> Current versions of Mason handle ipfwadm, ipchains and iptables. It will accept log entries created under all three firewall types automatically. Mason automatically detects which kind of rule to create, although this can be overridden with environment variables set in /etc/masonrc. The masonrc file has comments describing these fields. Make sure you have the ipfwadm, ipchains or iptables executable - one of these should be included with your distribution. Mason has no support for ipfw firewalls (the firewalling used in kernels prior to 1.3.66). I don't intend to pursue this type of firewalling, but am not against integrating a patch if someone feels like adding the support. Does anyone still use this? <sect1>DNS <p> Mason does not try to look up the hostnames of any machines involved in DNS requests (unless they're in /etc/hosts). If it did, Mason could enter a situation where it issues a steady flow of DNS requests to resolve the machine names and each DNS request requires a new rule, which in turn requires more DNS requests... ugh. The easy way to get machine names into your DNS rules is to make sure all your DNS servers are listed in /etc/hosts . If they're not listed there, Mason will just leave them as IP's. <sect1>Rule order <p> When a packet needs to be processed (at entry, forwarding, or exit), the firewall scans the existing list of rules to decide whether to allow, deny or reject the packet. As this scans stops at the first rule that matches the packet, the order in which your final firewall rules are executed can make a difference. This document only provides basic coverage of how to order your rules - sorry. The best place to find out more about this is in the O'Reilly and associates books. (If anyone would like to provide additional general guidelines as to how this is done, I would be glad to place them here with the appropriate disclaimers). <sect1>Generalization <p> The packets Mason processes are data transfers between specific ports on specific machines. For example, here's a response packet from a specific FTP server (linux.kernel.org) to what is probably a machine on your LAN: <code> /sbin/ipfwadm -i accept -W ppp0 -I -P tcp -S linux.kernel.org/32 ftp -D \ devel1.goober.net/32 1024:65535 # ftp/tcp </code> The rule above (possibly along with others) would only allow devel1 to reach only linux.kernel.org, making for a ridiculously large ruleset if other machines wanted to ftp out to linux.kernel.org or wanted to reach other ftp servers. By default, Mason _generalizes_ the source and destination IP addresses. For example, devel1.goober.net/32 is replaced with 210.134.12.0/24 (the fictitious network address block of which devel1 is a part). Since linux.kernel.org is not a part of any local network blocks, linux.kernel.org is replaced with 0/0 (which matches any machine anywhere). This automatic generalization can be disabled by setting IPCONV="HOST" in /etc/masonrc. Mason also does some generalization on the source and destination ports. Irc, X, realaudio, traceroute, and others use ranges of ports; Mason knows how to generalize many protocols to the appropriate range. For the standard tcp and udp services, Mason generalizes the client port to 1024:65535. The connection that prompted this rule might have been, for example, port 1745 on devel1. As Mason didn't recognize 1745 as some special server, it assumed that the next connection might be from, say, port 1788. By using the entire range of high ports ("1024:65535" in the above rule), Mason uses a pretty standard approach to packet filtering to reduce the number of rules. <sect1>Router or end node <p> This program was originally intended for use on a traditional firewall - a packet filtering router (linux box that connects 2 or more networks through one or more interfaces). It works equally well on Linux boxes with only one interface. These could be workstations on a LAN, servers outside of your firewall, or even slip or ppp connected workstations. The number of interfaces and their type and speed are irrelevant to the firewall creation process. This would be great for locking down a web or mail server outside your firewall, for example. Start up Mason and make sure you make one of every kind of connection you want to that machine. Mason will create the corresponding rules. Generalize these and add a default policy of "deny". _Only_ the connection types you specified will be allowed to that machine. The difficulty of setting up the rules has been the major impediment to this kind of hardened end node in the past. Now that Mason is here, there's no reason why every machine on your LAN can't have packet filtering enabled and active. Note that on an end node (Linux box with a single NIC connected to a single IP network) you should never see forwarding rules created - this makes sense if you think about it. You could technically create a firewall on a machine with only the loopback interface, but this would be more for instructional value about internal tcp connections than for any security goal. On the other hand, if you wanted to stop shell account users from getting to an internal Web server, you certainly could; just make sure you put in blocking rules for all interfaces, not just the loopback interface. <sect1>Slow machines or fast nics <p> As a shell script, Mason is much less efficient at its work than a C app would be. On a slow machine, it can take a couple of seconds from the time the log entry is fed into it until the firewall rule is implemented. If the system is slow, if it has a lot of packets traveling through it, or if it simply has a great deal of log file traffic it can take Mason a long time to catch up. If this is the case, start slow. Try one connection type at a time and give the system a chance to settle before you move on. If Mason _cannot_ catch up, choose the "EL" (End Learning) option in mason-gui-text. Wait until Mason stops, then restart learning. <sect1>Active hacking while mason running <p> If at all possible, try to set up these rules in a controlled environment. Hook up your firewall to machines that simulate the routers and networks that will be used in its final location. It is not a good idea to create a firewall in an environment not completely under your control. If you must create the firewall rules in a live environment, be warned: Mason simply creates rules based on what traffic is passing through it. IT CANNOT DISTINGUISH BETWEEN THE TRAFFIC YOU'RE CREATING TO TEACH IT AND SOMEONE ACTIVELY TRYING TO HACK THROUGH YOUR FIREWALL. IF THIS HAPPENS, MASON WILL CREATE RULES THAT _SPECIFICALLY_ _ALLOW_ PEOPLE TO GET BACK IN LATER. _Please_ read and try to understand the rules before you put them to use in a production environment. (I hate all caps too, but the "boldface" button on my keyboard is jammed :-). The "hacker" mentioned above does not need to be a computer criminal in a far-off country looking to crash your machines. This individual could be someone in accounting that is (without malicious intent) connecting to an Internet IRC server, when this doesn't fit in the security policy you're trying to implement. If you don't read and understand the rules Mason spits out, you may very well leave an explicit opening for this user's future IRC use. One more time: Mason _does_ _not_ understand the traffic flowing through your firewall; it just creates the rules that you can later use to specifically allow or disallow this traffic. This is why it is a good idea to delete any rules that look even vaguely suspicious. If it turns out these rules are needed for normal operation, they will be relearned when you restart Mason. <sect1>Masquerading <p> One of the common uses for Linux firewalling is to act not only as a packet filter but also as a masquerading host, allowing multiple machines to share a single IP address. As of Mason 0.13.0, Mason will automatically masquerade traffic from RFC 1918 (also called "reserved") addresses. Since you probably don't want to masquerade between internal lans, you need to list all the interfaces leading _out_ to the real world (_not_ the interfaces that use these reserved addresses). <sect1>Offline and non-root creation <p> If you are especially cautious, you might not want Mason actively creating rules on your production server. Or maybe you think you've created a good firewall, but keep getting log messages and don't know how to keep your log files from filling your disk. Or perhaps your CPU can't keep up. Or maybe you just don't trust Mason's author - no offense taken :-). In all of the above circumstances, Mason can create the commands without actually being fed the log messages live. For example, if you have packet logging entries in /var/log/messages, try this: <code> cat /var/log/messages | grep ' I=' | DOCOMMAND="none" mason <Enter> </code> The output can, of course, be tee'd, redirected to a file, piped to less, etc. "... | sort | uniq" can be useful too when you're not converting it live. Obviously, the source file can be one that has been transferred from another machine. There is one caveat to the offline approach. The specific case is when one has a "deny" or "reject" policy in place for the input logging rule. Let's say I try to telnet through the firewall. My packet arrives at the firewall, is stopped and logged (so Mason can successfully create the correct input rule later). The firewall never has a rule implemented that allows me to get any further than that, however, so there is never a log entry created for any of the remaining 5 packet checks. One way around this might be to use a policy of "accept" on your logging rules while you're creating /var/log/messages for later consumption by Mason. I'm not saying this is appropriate for you, but might be one way to handle this. Be warned; this can create very large log files as every packet passing through the system can create 6 log entries! One final use for this technique is creating the rules when you're not root. Simply edit /etc/masonrc to set DOCOMMAND="NO" and the script will still output the appropriate ipfwadm/ipchains commands but won't try to execute them, allowing non-root users to create the firewall rules. Note that you still need to be root long enough to turn on some kind of logging, or /var/log/messages will never contain any entries to convert. Root privileges are also required to implement the rules once you've created them. <sect1>/etc/services and special ports <p> Mason converts the protocol number and type (i.e. 53, udp) into the more common name (domain, in this example). It uses the /etc/services file to do make this conversion. Before you start, make sure all the protocols you will work with are listed there. If a particular protocol is not in that file, Mason will have serious problems producing accurate rules. Having this entry is especially important if you are working with services whose ports are >= 1024 (nfs, X, squid, irc, vdolive, etc.). If a service >= 1024 is not found in /etc/services, it will be automatically (and incorrectly) generalized to the port range of 1024-65535. If your favourite service isn't in there, simply edit the file and add it in the same format as the other entries. These services whose ports are >=1024 can occasionally show up in your rules where Mason should have used 1024:65535 instead. Well, you know how to fix this, right? Just delete the rule, add the service to /etc/services, and relearn it. The entries in /etc/services should only be for well-known server ports. Client ports (which are usually just random ports between 1024 and 65535 anyways) should not be listed in here. The specific example of something that should be missing is the ssh client port. If you plan to do the conversion on one machine and actually run the firewall on another, make sure all of the protocols used are listed in the /etc/services on both machines. The authoritative source for these ports is the Internet Assigned Numbers Authority (IANA). A list of these ports can be found at: ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers . Mason includes what seems to be an even more up-to-date reference; see /var/lib/mason/nmap-services. Many thanks to the authors of nmap. <sect1>Insert vs. append <p> Ipfwadm has two ways of adding rules: at the beginning of the rule list using insert ("-i"), or at the end of the list using append ("-a"). The usual way of creating the firewall is to flush the existing rules and then add each of the rules using append so they will be scanned in the same order in which they were implemented. For this reason, the rules that Mason spits out to stdout use "append" so they can easily be put in a shell script. Mason needs some way to tell the kernel to not log already logged packets anymore. The way to do this is to put a matching rule before the logging rule. Unfortunately, that means one of two things: deleting the logging rule at the end, implementing the new rule at the end, and reinstating the logging rule, or simply inserting the new rule at the top of the list. The first option is tricky to do well. It's also a bad choice because the user using Mason may not be logging everything, so mason doesn't know what logging rule to reinstate. That leaves using "-i" to insert the rule at the very top of the list. The end effect is that the rules that Mason displays use "-a" to match how that would be put into a rule file, but the rules that are actually implemented while Mason is running use "-i" to avoid relogging those packets again in this Mason run. The major side effect of this approach is that the rule set in memory as Mason is running is almost certainly _not_ in the order you'd want. The final firewall rule set you put in place should flush whatever is in memory before starting so as to clean out these incorrectly ordered rules. As ipchains and iptables support additional user defined chains, we can throw all the temporary rules in user defined chains (called inputN, outputN, and forwardN; the "N" stands for Nolog). These chains get called just before the logging rules. <sect1>Allow versus deny and reject <p> During the course of a Mason run, it's quite reasonable that the firewall creator might want to spend some time working with traffic types that he/she wants to allow, and then switch over to other traffic types that he/she wants to reject or deny (see man ipfwadm for the subtle difference between deny and reject). If you change any settings by choosing "Change Settings" in mason-gui-text, it will automatically signal a running Mason to re-read its configuration file. You can do the same if running mason manually by typing "killall -USR1 mason". Changing the target of a single rule to Accept, Deny, Reject, or Masquerade can be done right in the menu under that rule without having to go back to the main menu and changing the global settings. <sect1>Input, Output, and Forwarding <p> To implement packet filtering, the Linux kernel needs to inspect each packet at at least one of the following three times: when the packet enters the system, as it passes through the system on the way to its exit interface, and as it leaves the system. At each of those three times, the kernel can decide to allow or deny/reject the packet. The rules can be different at each stage - it's perfectly legal to, for example, allow it in, allow it to be forwarded, but then block it at the last second before it leaves the system. A simple firewall could be implemented using just, say, input rules(*). It's when you get complex firewalls that having rules at all three stages is useful. You might want to allow hosts from eth0 to get to a pop-3 server on eth1, but not allow hosts from eth2 to get to the same server. This kind of restriction might be impossible to do without forwarding rules, especially if eth2 hosts _should_ be allowed to get to a pop-3 server on eth0. For simpler firewalls, or if you want less than the imposing grandeur of a firewall ruleset that goes on for pages and pages, Mason can accomodate you. If you just want input rules, add the following to /var/lib/mason/baserules : <code> if [ -f /proc/net/ip_fwchains ]; then /sbin/ipchains -A forward -j ACCEPT /sbin/ipchains -A output -j ACCEPT elif [ -f /proc/net/ip_input ]; then /sbin/ipfwadm -F -a accept /sbin/ipfwadm -O -a accept fi </code> Place any general traffic types you don't care about in baserules. Please note that I am _not_ advocating the above, but pointing out that the technique is available for those that feel the reduced security is appropriate for them. (*) The exceptions to this are the special rules for redirecting packets (which must be done as an input rule), and masquerading packets, (which must be done as a forwarding rule). Even in the cases where you wish to use these facilities, it's still legal to implement packet filtering using another rule type. Please note that the above does not apply to iptables. In iptables, packets are not inspected multiple times in multiple chains. <sect1>Remote firewall creation - Telnet/ssh lockout <p> If you're creating this firewall rule set and you're telnetting, ssh'ing, or rsh'ing (collectively, "telnetting") in to the firewall, be careful. Some of the first rules to be created will be for the telnet packet flow you're using. If you are so unfortunate as to start this process with a policy of deny, guess what packet flow will be stopped almost immediately? That's right, your telnet session(s). Your machine will be completely locked down with no way to remotely reach it. (Now where were my car keys? <grrrr>) If you want to put the rules allowing your remote access before starting Mason, great. If not, just make sure that your startup policy is allow or it's remote reboot time! Logging in on any of the console's virtual terminals does not require TCP/IP packets, so you can never lock yourself out completely. You did read the section above on "simulating the working environment under controlled conditions", didn't you? Are you still sure you want to be creating a firewall not directly under your control? Just a thought... <sect1>Ack flag <p> Let's look at some standard rules that allows a telnet connection to a server somewhere (these are only two of the 6 possible rules). <verb> allow LAN_IP's, ports 1024-65535 -> Outside_world_IP's, port 23 allow Outside_world_IP's, port 23 -> LAN_IP's, ports 1024-65535 </verb> It looks pretty safe, right? Hmmm.... Let's say that one of your LAN machines runs a squid server. This sits waiting for connections on port 3128. Additionally, consider the possibility that the root user on some Outside_world_IP machine writes some program that starts a connection _from_ port 23. This user starts this program and connects to your LANs squid server. All with your firewalls full consent. Ugh. The way to avoid this problem is to be able to identify the _direction_ in which the connection is created. We want to allow connections that start _from_ LAN:1024-65535 _to_ Outside:23, but block connections that start _from_ Outside:23 _to_ LAN:1024-65535. The TCP ACK flag comes to the rescue. The first packet in a connection does _not_ have this flag set. Every packet after the first _does_ have this flag set. If we require all packets coming from the server port have their ACK flag set, we can stop the bogus connection from port 23 back to port 3128. In short, by requiring all packets from a server port have their ACK flag set, we block connections that originate from those server ports. Three notes. Only TCP uses ACK flags, so we can't use this to control the direction in which icmp or udp conversations are initiated. Secondly, DNS may be a problem. Tcp domain transfers and large dns requests can be from port 53 to port 53, depending on what dns software you're using. FTP-data connections do not have their ACK flag set because they can be created in either direction. Finally, there may be issues from ssh low ports if /etc/services has entries up near 1023. Mason is able to automatically set the ack flag if your /etc/services lists all of the services you use. I specifically avoided the "-b" (bidirectional) flag so that I could use "-k" to control the direction. Iptables uses the state of the connection as a more dependable way of handling the above problem. I'd generally encourage you to use the "-m state --state ESTABLISHED,RELATED" lines in baserules. If you do, then Mason hands you a single rule for any given type of traffic; the opening packet. The ESTABLISHED,RELATED lines handle all the other packets. <sect1>Limitations, Ideas and future enhancements <p> <itemize> <item>group foreign machines into additional rule? (Document how.) <item>Document the living hell of NFS. </itemize> <sect>Configuring Mason <p> Most of the configuration is set via environment variables. For permanent changes, try <code> export VARIABLE=value </code> For one time settings, just put the variables on the command line just before calling the program. For example: <code> tail -f --lines=0 /var/log/messages | ECHOCOMMAND=ipchains mason </code> If you set a variable both on the command line and in /etc/masonrc, be warned that /etc/masonrc wins. <itemize> <item>ECHOCOMMAND=ipchains|ipfwadm|none #Autodetected if unset or invalid <p> Which kind of command should Mason display? This does _not_ have to match the firewalling in the current kernel; this lets you create an ipfwadm firewall ruleset on an ipchains kernel and vice-versa. (Remember that iptables can't take part in this cross-creation.) The following two commands will spit out an ipfwadm firewall and an ipchains firewall, respectively, from the same input: cat /var/log/messages | grep ' L=' | ECHOCOMMAND=ipfwadm mason >ipfwadm-wall cat /var/log/messages | grep ' L=' | ECHOCOMMAND=ipchains mason >ipchains-wall Both kinds of firewall log entries have L= in them; this is a reasonably good filter to keep Mason from having to process _all_ the junk entries. <item>DOCOMMAND=ipchains|ipfwadm|none #Autodetected if unset or invalid <p> Which kind of command should Mason run to prevent that type of traffic from being logged in the future? Set to none if you're processing the log entries later, or on another machine. Unless you're forcing it to "none", probably best to let Mason autodetect. <item>HEARTBEAT=yes|no If yes, mason displays a "." or "-" when it processes an input line that has been handled by one of the recently implemented rules. The heartbeat character is sent to stderr so it doesn't screw up logging to a file or piping to some other program. <item>DYNIF="ppp0 sl0" If your machine has interfaces whose entries change IP address, put the interface name(s) in quotes, separated by spaces. Mason will handle these interfaces specially by handing you a line that will assign that interfaces IP address to an environment variable when executed, and uses that variable throughout the ruleset. If your Ethernet IP address is assigned via DHCP, BOOTP, or RARP, _and_ _changes_ from time to time, you might even want to put your Ethernet interface name(s) in the list. If the addresses are assigned via one of those tools, but _never_ _change_ (those protocols are supposed to try to give you the same address you had last time if at all possible), don't put the Ethernet interface(s) in there. Make sure you re-run your firewall ruleset (or at least the rules with dynamic IP entries) when the address changes. For ppp interfaces, restart your firewall inside /etc/ppp/ip-up. I think DHCP has a similar ability to run commands when the address changes; consult the DHCP documentation. </itemize> The main documentation for all the configurable fields is conveniently in /etc/masonrc . <sect>IP protocols and their firewall characteristics <sect1>Standard TCP and UDP protocols <p>Most of the connections made in tcp/ip follow a standard form. The client machine picks a random port between 1024 and 65535. The packets are sent to a fixed, known port that's below 1024. For example, I need to send an email message from mybox.office.com to mailserver.office.com. Since email goes to tcp port 25 (see /etc/services for some of these), the tcp/ip code on mybox picks a random tcp port, such as 1931. Packets flow from mybox port 1931 to port 25 on mailserver. Packets also flow <em>back</em> from mailserver port 25 to mybox port 1931. Here are some of the protocols that follow this form: <itemize> <item>23/TCP - telnet <item>25/TCP - SMTP <item>80/TCP - HTTP <item>110/TCP - POP3 <item>143/TCP - IMAP <item>512/UDP - BIFF </itemize> <sect1>ICMP <p> ICMP doesn't use source and destination ports, but it has icmp codes and subcodes, each a number between 0 and 15. <sect1>DNS <p> If the firewall or one of the machines behind it is a DNS server, you have a situation where mason issues a steady flow of DNS requests to resolve the machine names and each DNS request requires a new rule, which in turn requires more DNS requests... ugh. Mason no longer does DNS lookups on machines involved in DNS lookups. If you have the names and IP addresses of your DNS servers, add them to /etc/hosts. <sect1>FTP <p> Ahhh, yes, ftp. The scourge of firewall creators everywhere. If you're using iptables, have the ip_conntrack_ftp module loaded and have uncommented the "-m state --state ESTABLISHED,RELATED" lines in baserules, the problem I'm about to describe does not apply to you. Since iptables is a stateful firewall, this problem has been solved in an elegant and now hassle-free way. Ftp starts off well because the client opens a connection from a high port (1024-65535) to the ftp control port 21. This part of the connection follows the same model as other tcp protocols: client uses a random high port and connects to a fixed low port. The problem arises when it's time to actually transmit data. The client and server exchange directory listings and files over additional tcp connections that are between a random high port at the client end and a random high port at the server end. Remember that packet filtering firewalls depend on being able to identify connections by their (fixed and generally low) server port. Here we have connections that need to be allowed if ftp is going to work, but can't be identified this way. It really comes down to a choice: does the firewall allow ftp traffic (leaving at least one high to high rule which is a generally considered a security risk), or do we block ftp? You'll need to decide. Mason creates these rules as transparently as any others. It opens up the ports for the control channel and the high to high rule (called the data channel). A single ftp connection could therefore open 12 rules. You'll need to decide whether these high to high rules are too much of a security risk. If you do choose to open up ftp rules, you might want to do these last. This allows you to put in more specific rules first. <sect1>Netbios <p>For those hoping to come here for a simple set of rules for firewalling netbios, sorry. This one is all over the map. Mason comes in <em>really</em> handy for netbios because it works with whatever netbios throws at it. The netbios ports are 135, 137, 138, and 139 - both tcp and udp. Connections can be from one of these low ports to itself, from a high port to one of these ports, or from a high port to a high port. In short, good luck trying to do this <em>without</em> Mason. By the way, allowing netbios traffic in from and out to the Internet may be a very bad idea. <sect1>NTP <p> NTP is one of the few protocols that uses the same port at both the client and server end. In this case, it is port 123/udp. <sect1>SSH <p> SSH (server port 22/tcp) has one minor note about its operation. When installed by root (setuid), it may not use a random high port between 1024 and 65535 for the client end. The first client session may use port 1023, the next uses 1022, etc. No real problem for Mason, but you might be surprised at the client ports used. These client ports should NOT be listed in /etc/services, even though it might seem to make identification easier. The reason is that Mason uses this file to identify _server_ ports in the process of deciding whether to use the ACK flag check. <sect1>Other IP protocols <p>The other protocols, such as ipip, igmp, ospf, etc (see /etc/protocols), don't use port numbers. For this reason, Mason only creates rules between individual machines for these. <sect>Version summary (out of date, sorry) <p> <itemize> <item>0.9.0 <p> _Lots_ of good new stuff. Mason handles log entries from ipchains or ipfwadm automatically. The command it runs can be either an ipchain or ipfwadm command, and it can output either an ipchain or ipfwadm command. All independently. See the ECHCOMMAND=... and DOCOMMAND=... parameters, above. _Major_ speedup! Keep reading lines until the 7th-13th fields are different from the previous line; this probably quadruples Mason's throughput or better. Bonus points to the readers who can read morse code from the heartbeat output... Oh, and I added heartbeat output to show that Mason hasn't just crashed. :-) Mason handles interfaces whose IP address changes automatically; see the DYNIF=... parameter, above. Note: additional ipchains fields are: <verb> L=Total length S=TOS I=ip->id? F=Fragment offset T=TTL </verb> <item>0.8.0 <p> -k added to control the direction in which connections are made. Unfortunately, the ftp-data port doesn't honor the simple rule for -k; I suspect this is a consequence of PASV vs. "active?" ftp opening the data connection in one direction of the other. Hmmm... This was released to the world as 0.7.9. <item>0.7.0 <p> (6/21/98) 20% speed improvement by changing read command. Local name cache added. On the fly policy changing. Comments. Major documentation updates. Another 20% performance improvement by replacing some sed's with bash internal pattern deletion. 6% more by using ${#..} instead of wc --bytes to size strings. Cut time necessary to process non-firewall lines in third by using && instead of -a. <item>0.6.0 <p> (6/4/98) Documentation added <item>0.5.0 <p> (6/2/98) Bare code, almost no documentation, ipfwadm support only. </itemize> <sect>Advanced scenarios <sect1>General approach <p> Once you've gone through the Quick Start, what now? Now we learn how to use this to match your security policy. The first lesson to learn about packet filtering rules is that they are only useful if you have a mix of accept and deny (equivalent to reject in this discussion) rules. Think about it. If all of your rules are allow rules and your default policy is also allow, this setup is no different from having no rules at all; the system is completely open. At the other end of the spectrum, if all of your rules are deny and the default policy is also deny, well, it's going to be pretty hard to use TCP/IP at all. :-) This means that putting a firewall together involves deciding what should be allowed _and_ what should not be allowed. The first thing for you to decide is what your default policy should be. In the next few minutes we'll be looking at what you specifically want to allow and what you specifically want to disallow. What should the firewall do with the rest of the packets? That depends on how you view your firewall. If you primarily want your firewall to block a relatively small amount of malicious things, but want users on both sides of the firewall to have relatively unencumbered access to the opposite side, you'd probably want to use a default policy of accept. This tends to be a good choice in the case where there are a large number of types of TCP/IP traffic that should be allowed to pass through the firewall. If, on the other hand, you tend more toward the paranoid and want very fine grained control over _exactly_ what passes through your firewall, you'll probably want to use a default policy of deny. This tends to work well when there are a relatively small number of protocols that should be allowed. Choosing a policy becomes difficult when you want fine grained control but there are a large number of protocols used by your users. You'll still choose a default policy of deny, but you'll have to create a large number of rules to accomodate them. Good thing you've got Mason to give you a hand! Now that you've chosen a policy, what goes next? Here's where you can become an artist. With the help of Mason, your job is to decide what should be allowed and what should not be allowed. [More to be added as time allows...] <sect1>Ordering rules <p> Here are a couple of guidelines about how to order your rules. I refer to policy below; for this discussion, there are 6 possible policies: accept, deny, reject, accept and log, deny and log, and reject and log. As there is no way that input rules and output rules could ever overlap, the rulesets for those can be considered seperately. The same logic holds true for input and forwarding and output and forwarding. Effectvely, even though you might have them all mixed together in your firewall creation shell script, you can work with the input rules according to the principles below, then come back and work with the forwarding rules, and then come back one last time for the output rules. <itemize> <item>I suggest placing dns (also called domain; port 53/tcp and 53/udp) rules at the top of your firewall if you're using the default mode of HOSTLOOKUP=FULL. The other rules in your firewall may require dns lookups; if those requests can't get through because the dns rules aren't in place yet, the early rules may not get put in place. <item>If your ruleset contains a block of 2 or more rules with the same policy (accept, deny, or reject) that immediately follow each other, the order of the rules in that block has no functional difference to the operation of the firewall. If you are very concerned about performance, you might want to put the rules that process the largest number of packets at the top of this block and the rules that process the least number of packets near the bottom of this block. See the SORTMODE option in /etc/masonrc (not available in iptables). <item>If two consecutive rules do not have any overlapping cases in the patterns they match, they can appear in either order without affecting the operation of the firewall. As long as no two rules in the set overlap, this can be extended to a set with more than two rules. <item>If two rules overlap in the patterns they match and have different policies, they _cannot_ be reordered without affecting the functional operation of the firewall. Specifically, the packets in the overlapping case will have their policy changed. <item>If two consecutive rules have the same policy and one is subset of the other, the more specific rule can be discarded and the more general rule can be kept without affecting the functional operation of the firewall. One common case of this is when your default policy is, say, accept, and the last rule just before the default policy rule also has a policy of accept. This more specific rule (not the policy, of course) can be discarded. <item>Your default policy always comes at the end. </itemize> I've referred to discarding rules above. One reason why you might _not_ want to discard a particular rule rule is when you're using your firewall to do accounting as well as blocking. You might want to be able to have seperate accounting for the packet traffic in the rule that would have been discarded. <sect1>Tips and tricks <p> The following are tools and techniques I use. They may not be appropriate for you. Please consider whether they are appropriate for you before using them. <itemize> <item>If you want to see which rules in your running firewall are actually carrying traffic, try this: <code> ( ipfwadm -lenI ; ipfwadm -lenF ; ipfwadm -lenO ) | grep -v '^ *0 *0 ' | less -S </code> or <code> ipchains -L -n -x -v | grep -v '^ *0 *0 ' | less -S </code> or <code> iptables -L -n -x -v | grep -v '^ *0 *0 ' | less -S </code> The "grep -v ..." removes all packets with 0's in the count and bytes columns. If the number of rules returned is still too large, flush the firewall and restart it; this clears out all the packet counts. Then you can rerun whatever test you've been doing and run the above command again to see what rules are carrying your traffic. This is especialy useful if you've got a deny rule somewhere blocking a certain connection: <!-- #FIXME - add the egrep format for ipfwadm --> <code> ( ipfwadm -lenI ; ipfwadm -lenF ; ipfwadm -lenO ) | grep -v '^ *0 *0 ' | less -S </code> or <code> ipchains -L -n -x -v | grep -v '^ *0 *0 ' | egrep '(Chain|target|DENY|REJECT)' | less -S </code> <item>If you don't want to go through the above process, but just want to convert a few log entries to rules, you can do the feed yourself. For example: <code> tail --lines=1000 /var/log/messages | grep 'kernel.*I=' | DOCOMMAND="none" mason >afewrules </code> Any other options can be placed on the command line or in /etc/masonrc. <item>If you want rules that will run under ipfwadm and ipchains kernels, you have two good choices. Create ipfwadm rules no matter what kind of kernel you have (put ECHOCOMMAND="ipchains" in /etc/masonrc or on the command line). The first choice is to use the ipfwadm-wrapper (part of the ipchains-scripts package) as a front end to either ipfwadm or ipchains, as appropriate. The second choice is to take all of the ipfwadm rules and create the following file as your real firewall: <code> if [ -f /proc/net/ip_fwchains ]; then #Convert your ipfwadm rules to ipchains rules and place the converted rules here. /sbin/ipchains... elif [ -f /proc/net/ip_input ]; then #Place your ipfwadm rules here: /sbin/ipfwadm.... fi </code> The above conversion is actually darn simple: <code> cat ipfwadmfile | ipfwadm2ipchains >ipchainsfile </code> The ipfwadm2ipchains script is available at <htmlurl url="http://www.stearns.org/i2i/" name="http://www.stearns.org/i2i/"> . This site also holds ipchains2iptables, a similar script that gives a first pass output in iptables format from a given ipchains firewall. Note that this output won't use any of the advanced features of iptables, but you can add these. <item>If you have a number of interfaces that all get the same rules, replace the if0, if1, if2, etc rules with if+ . I believe this is ipchains only. <item>(Diald users only). The packets leaving your system on sl+ (or tap+) may have different source addresses (0.0.0.0/32, some dummy ip address, an old ppp address...). You might want to replace them with 0/0 to say I don't care what the source address is. <item>To see what program is using a particular port, try: <code> ps axf | grep "^ *`fuser port_number/proto | awk '{print $2}'` " </code> </itemize> <sect>Notes about Mason itself <sect1>File descriptions <p> <descrip> <tag>COPYING</tag> The GNU General Public License. <tag>Makefile</tag> Used in packaging and distribution. <tag>baserules</tag> The baserules file is one of two files that hold your firewall rules. baserules holds the rules that you've checked over and are sure should be part of your final firewall. <tag>baserules.sample</tag> A few possible rules for use as a starting point. <tag>firewall</tag> The boot time script for use in /etc/rc.d/init.d. <tag>index.html</tag> The Mason web page. <tag>mason</tag> The actual mason script. <tag>mason-gui-text</tag> The rudimentary interface to running Mason and building a firewall. <tag>mason-gui-text.1</tag> man page for mason-gui-text. <tag>mason.1</tag> man page for mason. <tag>mason.html</tag> The primary documentation for the package, in hypertext. <tag>mason.lsm</tag> The Linux Software Map entry. <tag>mason.sgml</tag> The primary documentation for the package. The sgml format is designed to allow easy conversion to more readable formats. <tag>mason.spec</tag> The RPM spec file. <tag>mason.txt</tag> The primary documentation for the package, in a flat text file. <tag>masonlib</tag> A library of functions used by a number of the other files. <tag>masonrc</tag> The main configuration file. There are intelligent defaults for all of these fields. <tag>moreservices</tag> The services file I use, good as a reference if you don't recognize a protocol. <tag>nmap-services</tag> The additional services file includes with the nmap tool. An even better reference. <tag>newrules</tag> newrules is the other file that holds firewall rules. It holds rules created by mason that you haven't looked over yet. Think about what would happen if you were port scanned while Mason was running; if you only had one file to hold rules, all of these portscan rules you don't want would be mixed in with the rules you do want. An important note - rules in newrules are <em>not</em> part of your regular firewall - they are only used during the learning process. This is why you need to merge rules from newrules to baserules once you're sure of them. </descrip> <!-- #FIXME - add sect1 section of programming notes? --> <sect>Additional resources <p> <itemize> <item><htmlurl url="http://www.netfilter.org" name="http://www.netfilter.org">Netfilter/iptables for 2.4.x kernels. <item><htmlurl url="http://www.rustcorp.com/linux/ipchains" name="http://www.rustcorp.com/linux/ipchains"> Linux IP firewalling chains for 2.2.x kernels. <item><htmlurl url="http://ipmasq.cjb.net" name="http://ipmasq.cjb.net"> The Linux IP Masquerade Resource. <item><htmlurl url="http://www.xos.nl/linux/" name="http://www.xos.nl/linux/"> Experts in Open Systems; specifically, Jos Vos, one of the firewall code authors. <item><htmlurl url="http://metalab.unc.edu/linux/HOWTO/HOWTO-INDEX-3.html" name="http://metalab.unc.edu/linux/HOWTO/HOWTO-INDEX-3.html"> The Linux HOWTO index, part of the: <item><htmlurl url="http://metalab.unc.edu/linux/" name="http://metalab.unc.edu/linux/"> Linux Documentation Project. <item><htmlurl url="http://metalab.unc.edu/linux/HOWTO/mini/IP-Masquerade.html" name="http://metalab.unc.edu/linux/HOWTO/mini/IP-Masquerade.html"> The IP Masquerade HOWTO. Useful information on ipfwadm and masquerading. <item><htmlurl url="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html" name="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html"> David Ranch's <em>excellent</em> networking resource. Check out the "Trinity OS" document and the IP Masquerade Howto, co-authored with Ambrose Au. Both are comprehensive documents about Linux networking - well worth reading. </itemize> <sect>Authors, credits, feedback, copyright, how to help! <p> Once again, the linux kernel and firewall developers deserve all the credit. Mason is simply a front end to a fast, powerful, stable firewall implementation in the linux kernel. Many thanks to all the linux firewall developers. The name "Mason" comes from two sources; first of all, it builds a (fire)wall. Second, it's my nephew's name. Mason lives in Brooklyn with my sister and her husband and my niece Eve. He's a great guy! If you have comments, suggestions, problems, ideas, flames, patches, whatever, I'd like to hear them. I'd even be interested in hearing where Mason fell short for your needs. My permanent email address is <htmlurl url="mailto:wstearns@pobox.com" name="wstearns@pobox.com">. The permanent web site for the software is <htmlurl url="http://www.pobox.com/~wstearns/mason/" name="http://www.pobox.com/~wstearns/mason/">. <htmlurl url="mailto:jeff@luci.org" name="Jeff Licquia"> has kindly offered to package up Mason into a Debian package. The Debian requirements are helping to make a better program for all distributions. <htmlurl url="mailto:jkn@dde.dk" name="Jens Knudsen"> wrote <htmlurl url="http://www.linuxzone.dk/nicerules" name="nicerules">, a wrapper script for Mason. It's a simple script that takes the "newrules" output, sorts and orders the firewall rules in a way that makes it easier to review security, and produces a "standalone" firewall script and a firewall.disable script. The script probably has many "bugs", use it as an aid, but don't blame him for any problems it may cause you. There is more information in the actual script which is also heavily commented. Have fun. If you choose to send me actual mason firewall rules and choose to hide the IP addresses and/or networks for security reason, that's fine, but please replace them with something that describes their general use so I can make sense of them. For example: <code> cat myrules | sed -e 's@11.22.33.44/32@fw-outside@' \ -e 's@192.168.1.1/32@fw-inside@' \ -e 's@192.168.1.0/24@inside-net@' \ >myrules.mailable </code> - or something like that. There are a number of things you can do to help this project: <itemize> <item>Send in bug reports. <item>Send in suggestions or fixes. <item>Organize the documentation. <item>Design a logo. <item>Take over the announcement process. <item>Help integrate Mason into your distribution. Heck, just letting me know under which distributions Mason works is helpful! <item>Organize the Web site into a more useful resource. <item>Set up mailing lists for developers, announcements, and users. </itemize> The files in the Mason package are Copyright (c) 1998-2002 by William Stearns <htmlurl url="mailto:wstearns@pobox.com" name="wstearns@pobox.com"> or <htmlurl url="mailto:jeff@luci.org" name="Jeff Licquia">. They are released under the GNU GPL, which is included in the package. If you did not recieve a copy of this license, please contact the author for a copy (see the top of the Mason script for contact information for the author and the Free Software Foundation). <htmlurl url="http://www.stearns.org/" name="William"> is also the author of <htmlurl url="http://www.stearns.org/buildkernel/" name="buildkernel">, the automated Linux kernel builder, and <htmlurl url="http://www.stearns.org/" name="other minor shell scripts">. <sect1>Thanks <p> Chris Brenton deserves <em>very</em> special thanks for spending an evening with me discussing a number of questions I've had about packet filtering. He was very kind to share his knowledge with me. I owe him a pizza sometime. :-) Chris has written some excellent networking texts - I'm about halfway through Mastering Network Security and am very impressed with the writing and content: <htmlurl url="http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet" name="Multiprotocol Network Design & Troubleshooting">, <htmlurl url="http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet" name="Mastering Network Security">. The above plug was not requested, but is well deserved. Thanks to Nathan Bailey who took the time to remind me that there is a Perl Module that's also called Mason. Thanks also to <htmlurl url="mailto:swartz@transbay.net" name="Jonathan Swartz">, the author of <htmlurl url="http://www.masonhq.com" name="HTML::Mason"> who graciously agreed to share the name and pointers with me. Many thanks to Dave Stern, who has offered suggestions on how to improve Mason and helped with beta testing early versions. Maybe someday I'll tell him they were prerelease versions... :-) Thanks to all of the people who have sent in questions, bug reports, fixes, improvements, and six foot long lizards. The new section of masonrc with a <em>boatload</em> of backdoor ports is courtesy of the authors of and contributors to snort. Specifically, Nick Rogness, Jim Forster and Martin Markgraf are credited with the work on the ports - many thanks, guys. Snort can be found at <htmlurl url="http://www.snort.org" name="http://www.snort.org">. It's a <em>really</em> cool intrusion detection tool. Thanks to Marty <htmlurl url="mailto:roesch@clark.net" name="roesch@clark.net"> for the tool. A special thank you to all the authors in the Linux movement. In a small way, the code I return to the community is my way of paying back my incredible debt to the people who came before me. As always, many thanks to my wife Debbie, who has shown amazing patience with my Linux related projects. Many thanks, my love. </sect> </article> ��������������������������������������������������������������������������������������������������������������������������������mason-1.0.0.orig/mason.txt��������������������������������������������������������������������������0100644�0007657�0000764�00000235412�07467640613�014341� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� The Mason HOWTO William Stearns wstearns@pobox.com v1.0.0, May 2002 This describes the basic operation of Mason and its use in creating firewalls under Linux. ______________________________________________________________________ Table of Contents 1. Formalities 1.1 Disclaimer 1.2 Copyleft 2. Introduction 2.1 Background and motivation 2.2 Basic theory of operation 2.3 Compatibility and requirements 2.4 Features 3. Quickstart 3.1 Make sure the system is already pretty secure. 3.2 Install the Mason package 3.3 Prepare /etc/services 3.4 Prepare /etc/hosts 3.5 Prepare the routing table and interfaces 3.6 Check the configuration file 3.7 Place any known rules in /var/lib/mason/baserules 3.8 Run mason-gui-text 3.9 Tell your boss that you're going to need a few weeks to build this. 3.10 Implement the final firewall. 4. Special considerations 4.1 Kernel 4.2 Ipfw, Ipfwadm, Ipchains, and Iptables 4.3 DNS 4.4 Rule order 4.5 Generalization 4.6 Router or end node 4.7 Slow machines or fast nics 4.8 Active hacking while mason running 4.9 Masquerading 4.10 Offline and non-root creation 4.11 /etc/services and special ports 4.12 Insert vs. append 4.13 Allow versus deny and reject 4.14 Input, Output, and Forwarding 4.15 Remote firewall creation - Telnet/ssh lockout 4.16 Ack flag 4.17 Limitations, Ideas and future enhancements 5. Configuring Mason 6. IP protocols and their firewall characteristics 6.1 Standard TCP and UDP protocols 6.2 ICMP 6.3 DNS 6.4 FTP 6.5 Netbios 6.6 NTP 6.7 SSH 6.8 Other IP protocols 7. Version summary (out of date, sorry) 8. Advanced scenarios 8.1 General approach 8.2 Ordering rules 8.3 Tips and tricks 9. Notes about Mason itself 9.1 File descriptions 10. Additional resources 11. Authors, credits, feedback, copyright, how to help! 11.1 Thanks ______________________________________________________________________ 1. Formalities 1.1. Disclaimer ---------------If you read nothing else, please read this---------------- This program offers an aid to creating firewall rules. It offers ABSOLUTELY NO intelligence in deciding what should be allowed or disallowed. It has ABSOLUTELY NO ability to understand your security policy and implement it. YOU are responsible for reviewing the rules and massaging them to fit your needs. While this documentation attempts to provide some general guidelines on how to use Mason, please remember: the author has no knowledge of what you want your firewall to do and has not tailored the documentation or program to specially fit your needs. If there is ever a discrepancy between your needs and the program output or your needs and the documentation, the program and/or documentation are _dead_ _wrong_. 1.2. Copyleft Mason interactively creates a Linux packet filtering firewall. Copyright (C) 1998-2002 William Stearns wstearns@pobox.com This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. The author can also be reached at: email wstearns@pobox.com (preferred) web http://www.stearns.org/mason/ snail William Stearns 6 Manchester Dr. Lebanon NH, 03766, USA This code is entirely owned by William Stearns (wstearns@pobox.com) and has no relation to any employer or employer sponsored project. 2. Introduction "If you have not checked out Mason, I highly recommend it. Mason is a Linux based firewall, but none like you've ever used. In short, you put Mason into learning mode and run the services to the Internet you wish to support. Mason will then take these log entries and turn them into a set of packet filtering rules. Pretty cool eh? No ACK compliment rules to worry about, no "what was that service port again?" decisions to worry about, simply plug it in, let it learn and off you go. :)" - - Chris Brenton, cbrenton@sover.net The Mason script interactively builds a (fire)wall on a Linux machine. For more details about how this is done, please read on for background, theory of operation, a quick start, and additional documentation on firewalls and firewall gotcha's. mason.txt and related documentation should have been installed to /usr/doc/mason-{version}/ . If they are missing or you would like to make sure you have the latest version, please go to http://www.stearns.org/mason/ . The impatient should go right to the ``Quickstart''. 2.1. Background and motivation The built-in firewall features of the Linux kernel offer a powerful set of packet filtering features that can be used to build a firewall. The various pieces of available documentation provide an introduction on how to configure the firewall for simple setups, but can't possibly explain how to configure a firewall for more complex setups, including fine-grained allow and deny lists. This is especially obvious when trying to create a firewall with a default policy of deny. Someone looking to configure a linux firewall is simultaneously hit with the complexity of trying to understand the ipfwadm syntax, trying to understand the structure of TCP/IP connections, and trying to create and implement a security policy. No wonder firewalls are daunting! The Mason application attempts to handle the first two problems by dynamically creating the firewall based on the traffic flowing through it. For example, if you start up a telnet session through your firewall from a machine on your LAN to a machine out on the WAN while mason is running, mason will create all the rules necessary to allow this traffic. Conversely, if you're looking to block incoming NFS requests, simply launch mason, select a "deny" or "reject" policy, and make the NFS connection. When the firewall is restarted, voila! No more incoming NFS. Creating a firewall no longer requires understanding the ipfwadm, ipchains or iptables syntax. Even novices can create a firewall under Linux. _HOWEVER_, creating a _good_ firewall _still_ requires some understanding of TCP/IP protocols and packet filtering. Many good books cover this. Check out O'Reilly and Associates ( http://www.ora.com or http://www.oreilly.com ) for some excellent general coverage of firewall designs. One last novice's mistake I'd like to see Mason users avoid is the false sense of security that a firewall can provide. _Truly_ securing a system or network requires _much_ more than simply filtering packets. The aforementioned books provide a great background in general security. 2.2. Basic theory of operation Before starting, if the user has some rules that he or she knows should be used in this machine, these can be added to /var/lib/mason/baserules. As part of the process of running Mason, we'll add rules that log all other packets to /var/log/messages. The "tail" command is used to feed these log messages into Mason, which converts each log entry into the corresponding command necessary to allow that kind of traffic. In the previous telnet example, 6 different firewall rules would be created on the firewall, three for the original request packet, 3 for the response back from the server (just 1 or 2 in iptables firewalls): pkt 1: Allow telnet request in from LAN pkt 1: Forward request through firewall pkt 1: Allow request to exit to WAN pkt 2: Allow telnet response back into firewall from WAN pkt 2: Forward response through system pkt 2: Allow response to exit back to the original machine on the LAN. All packets from 3 on are handled by these rules. There may be a short delay in the initial connection as the rules are created. The script creates the actual ipfwadm/ipchains/iptables commands to accomodate the packet flow. When the command is executed the new rule is inserted at the head of the existing rules so that future packets of this type no longer reach the logging rule at the bottom. The rules are also echoed to the console so that you can see the rules as they are executed or redirect them to a file. This process is handled automatically by mason-gui-text. If any of this is unclear, take a look at the ``Quickstart'' which walks you through actually running it. It'll make more sense when you see it in action. 2.3. Compatibility and requirements o Distributions o Heavily tested on RedHat 5.x, 6.x, and 7.x o Compatible with Debian 2.x o Probably works with Slackware o Probably works with Suse, but you need to choose between the default /etc/rc.d/init.d/firewall and the one included with Mason o Requirements o Bash 1.x or 2.x o Standard system utilities: awk, cat, chmod, cut, grep, head, ifconfig, mkdir, ps, route, sed, sleep, sort, tail, touch, tr, true, uniq and wc o A kernel that supports packet filtering and packet logging (kernel 2.0's ipfwadm, kernel 2.2's ipchains, or 2.4's iptables) o The ipchains, ipfwadm or iptables binaries. o Things Mason doesn't care about o Hardware architecture (i386, Axp, Sparc...) o Number or type of interfaces o Whether the machine is a router or end-node (a normal server or workstation). 2.4. Features Mason supports the following: (see the release notes for additional features) o It accepts any mix of ipchains, ipfwadm or iptables log entries as input. o It can run on an ipfwadm, ipchains or iptables kernel. o It can spit out ipfwadm, ipchains or iptables output. o In theory, the above 3 are independent from each other. Mason can, for example, accept ipchains and ipfwadm log entries, run on an ipfwadm host, and output ipchains rules. Unfortunately, the structure and design of an iptables firewall is sufficiently different from ipfwadm and ipchains firewalls that you can't automatically convert back and forth. o It will run on the firewall machine or on another machine, using the firewall's packet logs as input. o It can run as the traffic is flowing through the machine or be fed the firewall logs later. o While there are some advantages to running as root, it can be run as a non-root user. o Mason will put in a macro for dynamic IP addresses, usually for your ppp link. o It supports any kind of interface that can carry TCP/IP traffic. o It recognizes any protocol listed in /etc/services and commonly used icmp protocols. o It automatically handles setups such as cable modem or satellite where the packets go out on one interface and come back on another. o It automatically handles masquerading on the firewall and the strange rules that can require. o It allows you to put in any rules you may know you need and fills in the rest, or just builds the entire thing for you if you prefer. It can also be used after a firewall has been created to fill in some new rules or new protocols. o It automatically generalizes the firewall rules in the following ways: o Any local IP addresses are converted to the corresponding local network. Special IP's (0.0.0.0, 127.0.0.1, 255.255.255.255) are handled appropriately. Mason can also be configured to leave addresses alone or convert them to hostnames. This gives you the ability to either treat all machines in a subnet as having equal access rights or create fine-grained access rules for individual servers, as you choose. o Non-local IP's are converted to 0/0 (anywhere). o Port numbers in /etc/services are converted to the corresponding service name. o High port numbers are generalized to 1024:65535. The special port needs of ssh, traceroute, nfs, ip masquerading, irc, x, openwindows, and vnc are handled automatically. o The ack flag is set for all tcp connections except for ftp. o The TOS (type Of Service) flag is set for ftp, ftp-data, imap, irc, nntp, pop, ssh, snmp, and telnet to improve interactive performance by queuing interactive packets ahead of bulk transfer packets. o Each output line is commented to give you an idea of what it's for and allow for easy grouping via sort. o The rule policy can be changed on the fly without having to stop Mason. o Because Mason is a shell script, it can run on any system with bash and basic GNU tools (sed, awk, grep, etc.). Actually creating the firewall log entries, interactively building the firewall, or implementing the finished firewall needs requires a Linux system with appropriate kernel (generally 2.0.0 and up, including 2.1.x and 2.2.x) with firewalling and firewall packet logging built in. o Thanks to Don Howard howarddj@bigvax.alfred.edu, Mason 0.12.0 and above have initial support for creating Cisco ACL's. The support is not truly complete, and hence untested. It needs someone that's interested in working with me on the project before it's complete. o A rather extensive manual/howto/notes file covers operating Mason and some issued associated with packet filtering firewalls. Good reading for anyone trying to understand some of the more advanced topics in packet filtering firewalls. o automatically makes masq rules for reserved addresses o icmp subcodes o support for ip tunneling, cipe and a number of other protocols o removal of the namecache (no longer needed) o mason now stops logging packets quickly while it does the main processing o stop using ipcalc to calculate broadcast o don't touch /etc/hosts or /etc/services o more Debian integration and two man pages (Thanks, Jeff!) o support for ipchains-save output format o support for --sport and --dport (Thanks, Rusty!) o major documentation updates o the ability to add packet counts to each rule, sorting the most commonly used rules to the top (ipfwadm and ipchains only; iptables no longer requires this). o misc. bug fixes and performance improvements o fixes to the Cisco output format o the ability to generalize the ack rules for tcp connections, cutting 25%-35% of the rules o an internal checkpointing ability to help in debugging o Mason can find the smallest subnet that encompasses the ips found on a dynamic interface o and no_outgoing_ protocols 3. Quickstart This document is designed to help people who are unfamiliar with Mason build a firewall using it. A novice user should be able to start building a basic firewall using these instructions in 20 minutes. ______________________________________________________________________ #include <disclaimer.h> ______________________________________________________________________ 3.1. Make sure the system is already pretty secure. See the Linux security sites and the Linux Administrators Security Guide for more info. A strict packet filtering firewall is useless if someone can get root access somehow; they can just turn off the firewall. 3.2. Install the Mason package 5 minutes or less. If you're using an rpm-based system, type just ______________________________________________________________________ rpm -Uvh ftp://www.stearns.org/pub/wstearns/mason/mason-1.0.0-0.noarch.rpm ______________________________________________________________________ Otherwise, download the latest version to /usr/src, ______________________________________________________________________ cd /usr/src<Enter> tar -xzvf mason...tar.gz<Enter> cd mason...<Enter> make install<Enter> ______________________________________________________________________ 3.3. Prepare /etc/services Probably mostly done! Mason depends on a few setup details to be able to provide a firewall that works in the way you intended. Make sure that /etc/services includes the server port names for all services you intend to work with, whether those services are running on the firewall machine or on some other machine. For example, if you intend to use ssh to connect to another system, make sure that the line ssh 22/tcp is in /etc/services. Entries that might be missing include: ftp-data 20/tcp ssh 22/tcp #Secure shell linuxconf 98/tcp squid 3128/tcp #Squid proxy cache requests icp 3130/udp #Inter Cache Protocol, used in squid It is not necessary to include entries for services that you don't use. Also, do _not_ place entries for _client_ ports in this file; Mason assumes anything referenced in this file is a server port. For example, even though one of the client ports used for ssh is 1022/tcp, you would _not_ place this in /etc/services. Doing so would cause Mason to provide incorrect rules. If you're not sure which ports are being used as servers on the firewall or on other machines on your network, use the "netstat -an | less" command on Linux/Unix systems and look for lines with "LISTEN". 3.4. Prepare /etc/hosts Probably mostly done! Try to place short names first. You don't have to do this, but the firewall will be much more readable in the end if you do. Make sure that your /etc/hosts file has at least entries for: o locahost o the ip addresses of all interfaces on your firewall o all the networks in your routing table except 0.0.0.0. o all dns servers o any other hosts that Mason might treat specially For example: 127.0.0.1 localhost 172.16.0.1 fwall-inside bastion bastion.mydomain.org 12.13.14.15 fwall-outside 172.16.0.0 INSIDE #I use all caps to distinguish networks from normal IP's. 12.13.14.0 OUTSIDE 12.13.16.10 myisp-dns1 12.13.16.11 myisp-dns2 12.13.14.44 ntp bonzo bonzo.mydomain.org 3.5. Prepare the routing table and interfaces Probably already done! Mason assumes that the routing table and interfaces are set up to match the way the final firewall will run. If you're running this on the actual firewall machine and all the interfaces and networks have been configured, proceed to the next step. Edit /etc/masonrc on the machine on which Mason will run. Edit the line (or add it if it's not there) NETWORKS="....." Inside the quotes, place the following: o All ip addresses of all interfaces for the firewall, each followed by /32 . o The ip's of any hosts that shouldn't be treated identically to the other machines on their respective networks. o All networks whose machines the firewall should treat identically. For example, if the firewall had IP address 172.16.0.1 on network 172.16.0.0/255.255.0.0 and IP address 12.13.14.15 on network 12.13.14.0/255.255.255.0, I would add the following line to /etc/networks if I was building the firewall on another machine: NETWORKS="127.0.0.1/32 172.16.0.1/32 12.13.14.15/32 172.16.0.0/16 12.13.14.0/24" 3.6. Check the configuration file 5 minutes, more if you want to customize. The configuration choices in /etc/masonrc are ordered so that the fields you'll most likely need to edit are at the top and the really obscure ones are at the bottom. There are a few setting you must set for Mason to work at all: NEWRULEPOLICY, DEFAULTPOLICY, and FLUSHEDPOLICY. If you have no firewall at all and are creating one for the first time, set each to "ACCEPT". During the learning process, you will have no protection at all (all packets will be accepted), but note that this is no _less_ secure than a system without a firewall. If you want to make the creation process a little more secure, you might consider setting one of these to DENY or REJECT; see the comments in /etc/masonrc and mason.txt for more info on this. In particular, if you are building this remotely via a telnet or ssh session, note that setting one of the above to something other than ACCEPT before Mason knows about the telnet or ssh traffic almost guarantees that you will lose the ability to telnet or ssh to the box until it is rebooted from the console. If you're in a rush to try out Mason, feel free to set just these three fields and continue. The more of the settings you set to match your needs, the better the firewall will be at matching your security policy in the end. 3.7. Place any known rules in /var/lib/mason/baserules No time for most people. If you know some rules you'll need already, put them in this file. For example, if you know you'll need to masquerade all traffic from the 172.16.0.0/255.255.0.0 network, a sample rule for this is already in baserules. If you don't know of any, no problem. 3.8. Run mason-gui-text This (admittedly rudimentary) interface helps you build the firewall. Choose "BL" (begin learning) and watch mason start to spit out the firewall rules that perfectly match your system's network traffic. Check that stopwatch - you're building a firewall less than 20 minutes from when you started! Give yourself a pat on the back. Mason will do a great deal of the rest in the background while you're doing your day to day work. Do all of the things you want this firewall to support. If you want to allow mail to be sent through it, send mail through it. if you want to be able to ping it, ping it. If you want to be able to traceroute from it, traceroute from it.... You get the idea. Mason will present the new rules that match your networks traffic. For each rule you'll be given the chance to modify the rule or commit the rule. Here are the modify choices: o Edit manually Edit the rule. You can make any changes you'd like to the rule before committing it to the permanent ruleset. o Jot Jot a note at the end of the rule. You can enter a comment to be placed at the end of the rule. o Accept change policy to Accept and commit. Without changing any of the rest of the rule, this changes the rule action to Accept (let the packet pass) and commits it to the permanent ruleset. o Deny change policy to Deny and commit. Like the above, but change the policy to Deny (or drop, as appropriate for the firewall type; deny and drop discard the packet without sending any error message back to the original sender). o Masq change policy to Masquerade and commit. Like the above, but change the policy to Masquerade. Masquerading allows multiple machines to share a single IP address; the more general term is "many-to-one NAT". o Reject change policy to Reject and commit. Like the above, but Reject the packet. Like Deny/Drop, the packet is discarded, but Reject sends back an error message to the original sender. Here are the commit choices: o Postpone Postpone choice. If you can't decide what to do with a rule, or don't have the time to decide, choose postpone. This saves it to the "newrules" file, which is not used in the firewall at boot time. You'll be asked later about any rule choices you postponed. o Throw away Throw away line. Forget the rule entirely. o Blockedhost make this host a BLOCKEDHOST and delete the rule. Good if someone's attacking you and you want to shun them entirely. o Noincoming make this port a NOINCOMING port and delete the rule. This is good for ports that should never be allowed in to your network. o Commit Commit to the permanent firewall set. Commit the rule verbatim. o Quit postpone any remaining rules and Quit. Oops, time for lunch! Use this to postpone the current rule and any others in the queue. Once you're happy with a firewall ruleset, stop learning. From the main menu you can either Edit the Base ruleset with "EB" or Quit. Edit New and Merge Rules are generally not needed and will be removed in a future version. Baserules is reserved for rules that you are _sure_ are correct; only these rules get loaded at boot time if you've enabled the firewall (run "ntsysv" in RedHat and enable the firewall service, or make the appropriate symlink from /etc/rc.d/init.d/firewall to /etc/rc.d/rc3.d/S92firewall for other distributions). The goal is to have a baserules file that has all of the rules you've approved and an empty newrules file. Keep in mind that the firewall that will normally be started at boot time _only_ uses rules from baserules. If you need to step away from the firewall for a minute, choose "LC" (lock console) from the main menu. Mason will keep on learning and you'll still see the new rules, but that console will be locked. You'll need to enter the root password to return to the main menu. 3.9. Tell your boss that you're going to need a few weeks to build this. Then head off to Bermuda and bask in the sun while Mason does its learning. And make sure you have a penguin typing away in your chair so no-one is suspicious. *grin* 3.10. Implement the final firewall. Once you've let Mason run in the background for a couple of days, are confident that you've gotten all of the traffic types this machine needs to support, have merged all of the rules to baserules, and are confident they are what you want, lock down the firewall. In /etc/masonrc, change DEFAULTPOLICY to DENY. If you want to keep Mason running to see if any stragglers show up, you'll probably want to change NEWRULEPOLICY to DENY as well; this has the effect of creating rules for new packet types, but they are DENY rules now. Otherwise, just start the standard firewall with: /etc/rc.d/init.d/firewall start If you've made the symlink in step 7, the firewall will be started automatically at boot time. 4. Special considerations 4.1. Kernel (Please note that most kernels provide the support necessary; it's probably safe to check back with this section only if you have problems.) IP firewalling and firewall packet logging have to be compiled into the kernel. To see if IP firewalling is compiled into your kernel, type the command: ______________________________________________________________________ ls -al /proc/net/ip_fwchains /proc/net/ip_input ______________________________________________________________________ If ip_fwchains exists, you have ipchains compiled into your kernel. If ip_input exists, you have ipfwadmin firewalling compiled into your kernel. If neither file exists, one of the following is true: o Your kernel is too old. It appears that linux firewalling switched from the old "ipfw" firewalling in 1.3.66, but some features require 2.0.0. o Your kernel is missing the proc filesystem or it's not mounted ("mount /proc" will probably fix the latter). If your kernel truly doesn't support the proc filesystem, reboot into the kernel that came with your distribution, which almost certainly does. o You have the right version of the kernel, but firewalling is not enabled. You must recompile the kernel and turn on firewalling. See the HOWTO's at http://metalab.unc.edu/linux/HOWTO/ to see how this is done. In particular, see the masquerading and kernel HOWTO's. o Your 2.4 kernel has iptables, which doesn't have a flag file like ipfwadm and ipchains. When you recompile the kernel, I recommend you have all of the following enabled: network firewalls, ip firewalling, firewall packet logging, always defragment, proc filesystem, transparent proxy support, IP masquerading, and icmp masquerading. To see if firewall packet logging is enabled in your kernel, type one of the following commands: ______________________________________________________________________ /sbin/ipfwadm -a deny -F -S 127.12.2.3/32 -o <Enter> /sbin/ipchains -A forward -s 127.12.2.3/32 -l <Enter> /sbin/iptables -A FORWARD -s 127.12.2.3/32 -j LOG<Enter> ______________________________________________________________________ The "-o" or "-l" at the end tells the kernel to log this particular packet type (one which should never show up). If your kernel does not support logging, I _think_ you would get an error. On the other hand, I've never had a kernel that has firewalling but does not have logging. The solution is the same - recompile your kernel to include both firewalling _and_ firewall packet logging. (If recompiling a kernel is too daunting, try my automated kernel builder, "buildkernel", which can be found at http://www.stearns.org/buildkernel/). 4.2. Ipfw, Ipfwadm, Ipchains, and Iptables Current versions of Mason handle ipfwadm, ipchains and iptables. It will accept log entries created under all three firewall types automatically. Mason automatically detects which kind of rule to create, although this can be overridden with environment variables set in /etc/masonrc. The masonrc file has comments describing these fields. Make sure you have the ipfwadm, ipchains or iptables executable - one of these should be included with your distribution. Mason has no support for ipfw firewalls (the firewalling used in kernels prior to 1.3.66). I don't intend to pursue this type of firewalling, but am not against integrating a patch if someone feels like adding the support. Does anyone still use this? 4.3. DNS Mason does not try to look up the hostnames of any machines involved in DNS requests (unless they're in /etc/hosts). If it did, Mason could enter a situation where it issues a steady flow of DNS requests to resolve the machine names and each DNS request requires a new rule, which in turn requires more DNS requests... ugh. The easy way to get machine names into your DNS rules is to make sure all your DNS servers are listed in /etc/hosts . If they're not listed there, Mason will just leave them as IP's. 4.4. Rule order When a packet needs to be processed (at entry, forwarding, or exit), the firewall scans the existing list of rules to decide whether to allow, deny or reject the packet. As this scans stops at the first rule that matches the packet, the order in which your final firewall rules are executed can make a difference. This document only provides basic coverage of how to order your rules - sorry. The best place to find out more about this is in the O'Reilly and associates books. (If anyone would like to provide additional general guidelines as to how this is done, I would be glad to place them here with the appropriate disclaimers). 4.5. Generalization The packets Mason processes are data transfers between specific ports on specific machines. For example, here's a response packet from a specific FTP server (linux.kernel.org) to what is probably a machine on your LAN: ______________________________________________________________________ /sbin/ipfwadm -i accept -W ppp0 -I -P tcp -S linux.kernel.org/32 ftp -D \ devel1.goober.net/32 1024:65535 # ftp/tcp ______________________________________________________________________ The rule above (possibly along with others) would only allow devel1 to reach only linux.kernel.org, making for a ridiculously large ruleset if other machines wanted to ftp out to linux.kernel.org or wanted to reach other ftp servers. By default, Mason _generalizes_ the source and destination IP addresses. For example, devel1.goober.net/32 is replaced with 210.134.12.0/24 (the fictitious network address block of which devel1 is a part). Since linux.kernel.org is not a part of any local network blocks, linux.kernel.org is replaced with 0/0 (which matches any machine anywhere). This automatic generalization can be disabled by setting IPCONV="HOST" in /etc/masonrc. Mason also does some generalization on the source and destination ports. Irc, X, realaudio, traceroute, and others use ranges of ports; Mason knows how to generalize many protocols to the appropriate range. For the standard tcp and udp services, Mason generalizes the client port to 1024:65535. The connection that prompted this rule might have been, for example, port 1745 on devel1. As Mason didn't recognize 1745 as some special server, it assumed that the next connection might be from, say, port 1788. By using the entire range of high ports ("1024:65535" in the above rule), Mason uses a pretty standard approach to packet filtering to reduce the number of rules. 4.6. Router or end node This program was originally intended for use on a traditional firewall - a packet filtering router (linux box that connects 2 or more networks through one or more interfaces). It works equally well on Linux boxes with only one interface. These could be workstations on a LAN, servers outside of your firewall, or even slip or ppp connected workstations. The number of interfaces and their type and speed are irrelevant to the firewall creation process. This would be great for locking down a web or mail server outside your firewall, for example. Start up Mason and make sure you make one of every kind of connection you want to that machine. Mason will create the corresponding rules. Generalize these and add a default policy of "deny". _Only_ the connection types you specified will be allowed to that machine. The difficulty of setting up the rules has been the major impediment to this kind of hardened end node in the past. Now that Mason is here, there's no reason why every machine on your LAN can't have packet filtering enabled and active. Note that on an end node (Linux box with a single NIC connected to a single IP network) you should never see forwarding rules created - this makes sense if you think about it. You could technically create a firewall on a machine with only the loopback interface, but this would be more for instructional value about internal tcp connections than for any security goal. On the other hand, if you wanted to stop shell account users from getting to an internal Web server, you certainly could; just make sure you put in blocking rules for all interfaces, not just the loopback interface. 4.7. Slow machines or fast nics As a shell script, Mason is much less efficient at its work than a C app would be. On a slow machine, it can take a couple of seconds from the time the log entry is fed into it until the firewall rule is implemented. If the system is slow, if it has a lot of packets traveling through it, or if it simply has a great deal of log file traffic it can take Mason a long time to catch up. If this is the case, start slow. Try one connection type at a time and give the system a chance to settle before you move on. If Mason _cannot_ catch up, choose the "EL" (End Learning) option in mason-gui-text. Wait until Mason stops, then restart learning. 4.8. Active hacking while mason running If at all possible, try to set up these rules in a controlled environment. Hook up your firewall to machines that simulate the routers and networks that will be used in its final location. It is not a good idea to create a firewall in an environment not completely under your control. If you must create the firewall rules in a live environment, be warned: Mason simply creates rules based on what traffic is passing through it. IT CANNOT DISTINGUISH BETWEEN THE TRAFFIC YOU'RE CREATING TO TEACH IT AND SOMEONE ACTIVELY TRYING TO HACK THROUGH YOUR FIREWALL. IF THIS HAPPENS, MASON WILL CREATE RULES THAT _SPECIFICALLY_ _ALLOW_ PEOPLE TO GET BACK IN LATER. _Please_ read and try to understand the rules before you put them to use in a production environment. (I hate all caps too, but the "boldface" button on my keyboard is jammed :-). The "hacker" mentioned above does not need to be a computer criminal in a far-off country looking to crash your machines. This individual could be someone in accounting that is (without malicious intent) connecting to an Internet IRC server, when this doesn't fit in the security policy you're trying to implement. If you don't read and understand the rules Mason spits out, you may very well leave an explicit opening for this user's future IRC use. One more time: Mason _does_ _not_ understand the traffic flowing through your firewall; it just creates the rules that you can later use to specifically allow or disallow this traffic. This is why it is a good idea to delete any rules that look even vaguely suspicious. If it turns out these rules are needed for normal operation, they will be relearned when you restart Mason. 4.9. Masquerading One of the common uses for Linux firewalling is to act not only as a packet filter but also as a masquerading host, allowing multiple machines to share a single IP address. As of Mason 0.13.0, Mason will automatically masquerade traffic from RFC 1918 (also called "reserved") addresses. Since you probably don't want to masquerade between internal lans, you need to list all the interfaces leading _out_ to the real world (_not_ the interfaces that use these reserved addresses). 4.10. Offline and non-root creation If you are especially cautious, you might not want Mason actively creating rules on your production server. Or maybe you think you've created a good firewall, but keep getting log messages and don't know how to keep your log files from filling your disk. Or perhaps your CPU can't keep up. Or maybe you just don't trust Mason's author - no offense taken :-). In all of the above circumstances, Mason can create the commands without actually being fed the log messages live. For example, if you have packet logging entries in /var/log/messages, try this: ______________________________________________________________________ cat /var/log/messages | grep ' I=' | DOCOMMAND="none" mason <Enter> ______________________________________________________________________ The output can, of course, be tee'd, redirected to a file, piped to less, etc. "... | sort | uniq" can be useful too when you're not converting it live. Obviously, the source file can be one that has been transferred from another machine. There is one caveat to the offline approach. The specific case is when one has a "deny" or "reject" policy in place for the input logging rule. Let's say I try to telnet through the firewall. My packet arrives at the firewall, is stopped and logged (so Mason can successfully create the correct input rule later). The firewall never has a rule implemented that allows me to get any further than that, however, so there is never a log entry created for any of the remaining 5 packet checks. One way around this might be to use a policy of "accept" on your logging rules while you're creating /var/log/messages for later consumption by Mason. I'm not saying this is appropriate for you, but might be one way to handle this. Be warned; this can create very large log files as every packet passing through the system can create 6 log entries! One final use for this technique is creating the rules when you're not root. Simply edit /etc/masonrc to set DOCOMMAND="NO" and the script will still output the appropriate ipfwadm/ipchains commands but won't try to execute them, allowing non-root users to create the firewall rules. Note that you still need to be root long enough to turn on some kind of logging, or /var/log/messages will never contain any entries to convert. Root privileges are also required to implement the rules once you've created them. 4.11. /etc/services and special ports Mason converts the protocol number and type (i.e. 53, udp) into the more common name (domain, in this example). It uses the /etc/services file to do make this conversion. Before you start, make sure all the protocols you will work with are listed there. If a particular protocol is not in that file, Mason will have serious problems producing accurate rules. Having this entry is especially important if you are working with services whose ports are >= 1024 (nfs, X, squid, irc, vdolive, etc.). If a service >= 1024 is not found in /etc/services, it will be automatically (and incorrectly) generalized to the port range of 1024-65535. If your favourite service isn't in there, simply edit the file and add it in the same format as the other entries. These services whose ports are >=1024 can occasionally show up in your rules where Mason should have used 1024:65535 instead. Well, you know how to fix this, right? Just delete the rule, add the service to /etc/services, and relearn it. The entries in /etc/services should only be for well-known server ports. Client ports (which are usually just random ports between 1024 and 65535 anyways) should not be listed in here. The specific example of something that should be missing is the ssh client port. If you plan to do the conversion on one machine and actually run the firewall on another, make sure all of the protocols used are listed in the /etc/services on both machines. The authoritative source for these ports is the Internet Assigned Numbers Authority (IANA). A list of these ports can be found at: ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers . Mason includes what seems to be an even more up-to-date reference; see /var/lib/mason/nmap-services. Many thanks to the authors of nmap. 4.12. Insert vs. append Ipfwadm has two ways of adding rules: at the beginning of the rule list using insert ("-i"), or at the end of the list using append ("-a"). The usual way of creating the firewall is to flush the existing rules and then add each of the rules using append so they will be scanned in the same order in which they were implemented. For this reason, the rules that Mason spits out to stdout use "append" so they can easily be put in a shell script. Mason needs some way to tell the kernel to not log already logged packets anymore. The way to do this is to put a matching rule before the logging rule. Unfortunately, that means one of two things: deleting the logging rule at the end, implementing the new rule at the end, and reinstating the logging rule, or simply inserting the new rule at the top of the list. The first option is tricky to do well. It's also a bad choice because the user using Mason may not be logging everything, so mason doesn't know what logging rule to reinstate. That leaves using "-i" to insert the rule at the very top of the list. The end effect is that the rules that Mason displays use "-a" to match how that would be put into a rule file, but the rules that are actually implemented while Mason is running use "-i" to avoid relogging those packets again in this Mason run. The major side effect of this approach is that the rule set in memory as Mason is running is almost certainly _not_ in the order you'd want. The final firewall rule set you put in place should flush whatever is in memory before starting so as to clean out these incorrectly ordered rules. As ipchains and iptables support additional user defined chains, we can throw all the temporary rules in user defined chains (called inputN, outputN, and forwardN; the "N" stands for Nolog). These chains get called just before the logging rules. 4.13. Allow versus deny and reject During the course of a Mason run, it's quite reasonable that the firewall creator might want to spend some time working with traffic types that he/she wants to allow, and then switch over to other traffic types that he/she wants to reject or deny (see man ipfwadm for the subtle difference between deny and reject). If you change any settings by choosing "Change Settings" in mason-gui-text, it will automatically signal a running Mason to re-read its configuration file. You can do the same if running mason manually by typing "killall -USR1 mason". Changing the target of a single rule to Accept, Deny, Reject, or Masquerade can be done right in the menu under that rule without having to go back to the main menu and changing the global settings. 4.14. Input, Output, and Forwarding To implement packet filtering, the Linux kernel needs to inspect each packet at at least one of the following three times: when the packet enters the system, as it passes through the system on the way to its exit interface, and as it leaves the system. At each of those three times, the kernel can decide to allow or deny/reject the packet. The rules can be different at each stage - it's perfectly legal to, for example, allow it in, allow it to be forwarded, but then block it at the last second before it leaves the system. A simple firewall could be implemented using just, say, input rules(*). It's when you get complex firewalls that having rules at all three stages is useful. You might want to allow hosts from eth0 to get to a pop-3 server on eth1, but not allow hosts from eth2 to get to the same server. This kind of restriction might be impossible to do without forwarding rules, especially if eth2 hosts _should_ be allowed to get to a pop-3 server on eth0. For simpler firewalls, or if you want less than the imposing grandeur of a firewall ruleset that goes on for pages and pages, Mason can accomodate you. If you just want input rules, add the following to /var/lib/mason/baserules : ______________________________________________________________________ if [ -f /proc/net/ip_fwchains ]; then /sbin/ipchains -A forward -j ACCEPT /sbin/ipchains -A output -j ACCEPT elif [ -f /proc/net/ip_input ]; then /sbin/ipfwadm -F -a accept /sbin/ipfwadm -O -a accept fi ______________________________________________________________________ Place any general traffic types you don't care about in baserules. Please note that I am _not_ advocating the above, but pointing out that the technique is available for those that feel the reduced security is appropriate for them. (*) The exceptions to this are the special rules for redirecting packets (which must be done as an input rule), and masquerading packets, (which must be done as a forwarding rule). Even in the cases where you wish to use these facilities, it's still legal to implement packet filtering using another rule type. Please note that the above does not apply to iptables. In iptables, packets are not inspected multiple times in multiple chains. 4.15. Remote firewall creation - Telnet/ssh lockout If you're creating this firewall rule set and you're telnetting, ssh'ing, or rsh'ing (collectively, "telnetting") in to the firewall, be careful. Some of the first rules to be created will be for the telnet packet flow you're using. If you are so unfortunate as to start this process with a policy of deny, guess what packet flow will be stopped almost immediately? That's right, your telnet session(s). Your machine will be completely locked down with no way to remotely reach it. (Now where were my car keys? <grrrr>) If you want to put the rules allowing your remote access before starting Mason, great. If not, just make sure that your startup policy is allow or it's remote reboot time! Logging in on any of the console's virtual terminals does not require TCP/IP packets, so you can never lock yourself out completely. You did read the section above on "simulating the working environment under controlled conditions", didn't you? Are you still sure you want to be creating a firewall not directly under your control? Just a thought... 4.16. Ack flag Let's look at some standard rules that allows a telnet connection to a server somewhere (these are only two of the 6 possible rules). allow LAN_IP's, ports 1024-65535 -> Outside_world_IP's, port 23 allow Outside_world_IP's, port 23 -> LAN_IP's, ports 1024-65535 It looks pretty safe, right? Hmmm.... Let's say that one of your LAN machines runs a squid server. This sits waiting for connections on port 3128. Additionally, consider the possibility that the root user on some Outside_world_IP machine writes some program that starts a connection _from_ port 23. This user starts this program and connects to your LANs squid server. All with your firewalls full consent. Ugh. The way to avoid this problem is to be able to identify the _direction_ in which the connection is created. We want to allow connections that start _from_ LAN:1024-65535 _to_ Outside:23, but block connections that start _from_ Outside:23 _to_ LAN:1024-65535. The TCP ACK flag comes to the rescue. The first packet in a connection does _not_ have this flag set. Every packet after the first _does_ have this flag set. If we require all packets coming from the server port have their ACK flag set, we can stop the bogus connection from port 23 back to port 3128. In short, by requiring all packets from a server port have their ACK flag set, we block connections that originate from those server ports. Three notes. Only TCP uses ACK flags, so we can't use this to control the direction in which icmp or udp conversations are initiated. Secondly, DNS may be a problem. Tcp domain transfers and large dns requests can be from port 53 to port 53, depending on what dns software you're using. FTP-data connections do not have their ACK flag set because they can be created in either direction. Finally, there may be issues from ssh low ports if /etc/services has entries up near 1023. Mason is able to automatically set the ack flag if your /etc/services lists all of the services you use. I specifically avoided the "-b" (bidirectional) flag so that I could use "-k" to control the direction. Iptables uses the state of the connection as a more dependable way of handling the above problem. I'd generally encourage you to use the "-m state --state ESTABLISHED,RELATED" lines in baserules. If you do, then Mason hands you a single rule for any given type of traffic; the opening packet. The ESTABLISHED,RELATED lines handle all the other packets. 4.17. Limitations, Ideas and future enhancements o group foreign machines into additional rule? (Document how.) o Document the living hell of NFS. 5. Configuring Mason Most of the configuration is set via environment variables. For permanent changes, try ______________________________________________________________________ export VARIABLE=value ______________________________________________________________________ For one time settings, just put the variables on the command line just before calling the program. For example: ______________________________________________________________________ tail -f --lines=0 /var/log/messages | ECHOCOMMAND=ipchains mason ______________________________________________________________________ If you set a variable both on the command line and in /etc/masonrc, be warned that /etc/masonrc wins. o ECHOCOMMAND=ipchains|ipfwadm|none #Autodetected if unset or invalid Which kind of command should Mason display? This does _not_ have to match the firewalling in the current kernel; this lets you create an ipfwadm firewall ruleset on an ipchains kernel and vice- versa. (Remember that iptables can't take part in this cross- creation.) The following two commands will spit out an ipfwadm firewall and an ipchains firewall, respectively, from the same input: cat /var/log/messages | grep ' L=' | ECHOCOMMAND=ipfwadm mason >ipfwadm-wall cat /var/log/messages | grep ' L=' | ECHOCOMMAND=ipchains mason >ipchains-wall Both kinds of firewall log entries have L= in them; this is a reasonably good filter to keep Mason from having to process _all_ the junk entries. o DOCOMMAND=ipchains|ipfwadm|none #Autodetected if unset or invalid Which kind of command should Mason run to prevent that type of traffic from being logged in the future? Set to none if you're processing the log entries later, or on another machine. Unless you're forcing it to "none", probably best to let Mason autodetect. o HEARTBEAT=yes|no If yes, mason displays a "." or "-" when it processes an input line that has been handled by one of the recently implemented rules. The heartbeat character is sent to stderr so it doesn't screw up logging to a file or piping to some other program. o DYNIF="ppp0 sl0" If your machine has interfaces whose entries change IP address, put the interface name(s) in quotes, separated by spaces. Mason will handle these interfaces specially by handing you a line that will assign that interfaces IP address to an environment variable when executed, and uses that variable throughout the ruleset. If your Ethernet IP address is assigned via DHCP, BOOTP, or RARP, _and_ _changes_ from time to time, you might even want to put your Ethernet interface name(s) in the list. If the addresses are assigned via one of those tools, but _never_ _change_ (those protocols are supposed to try to give you the same address you had last time if at all possible), don't put the Ethernet interface(s) in there. Make sure you re-run your firewall ruleset (or at least the rules with dynamic IP entries) when the address changes. For ppp interfaces, restart your firewall inside /etc/ppp/ip-up. I think DHCP has a similar ability to run commands when the address changes; consult the DHCP documentation. The main documentation for all the configurable fields is conveniently in /etc/masonrc . 6. IP protocols and their firewall characteristics 6.1. Standard TCP and UDP protocols Most of the connections made in tcp/ip follow a standard form. The client machine picks a random port between 1024 and 65535. The packets are sent to a fixed, known port that's below 1024. For example, I need to send an email message from mybox.office.com to mailserver.office.com. Since email goes to tcp port 25 (see /etc/services for some of these), the tcp/ip code on mybox picks a random tcp port, such as 1931. Packets flow from mybox port 1931 to port 25 on mailserver. Packets also flow back from mailserver port 25 to mybox port 1931. Here are some of the protocols that follow this form: o 23/TCP - telnet o 25/TCP - SMTP o 80/TCP - HTTP o 110/TCP - POP3 o 143/TCP - IMAP o 512/UDP - BIFF 6.2. ICMP ICMP doesn't use source and destination ports, but it has icmp codes and subcodes, each a number between 0 and 15. 6.3. DNS If the firewall or one of the machines behind it is a DNS server, you have a situation where mason issues a steady flow of DNS requests to resolve the machine names and each DNS request requires a new rule, which in turn requires more DNS requests... ugh. Mason no longer does DNS lookups on machines involved in DNS lookups. If you have the names and IP addresses of your DNS servers, add them to /etc/hosts. 6.4. FTP Ahhh, yes, ftp. The scourge of firewall creators everywhere. If you're using iptables, have the ip_conntrack_ftp module loaded and have uncommented the "-m state --state ESTABLISHED,RELATED" lines in baserules, the problem I'm about to describe does not apply to you. Since iptables is a stateful firewall, this problem has been solved in an elegant and now hassle-free way. Ftp starts off well because the client opens a connection from a high port (1024-65535) to the ftp control port 21. This part of the connection follows the same model as other tcp protocols: client uses a random high port and connects to a fixed low port. The problem arises when it's time to actually transmit data. The client and server exchange directory listings and files over additional tcp connections that are between a random high port at the client end and a random high port at the server end. Remember that packet filtering firewalls depend on being able to identify connections by their (fixed and generally low) server port. Here we have connections that need to be allowed if ftp is going to work, but can't be identified this way. It really comes down to a choice: does the firewall allow ftp traffic (leaving at least one high to high rule which is a generally considered a security risk), or do we block ftp? You'll need to decide. Mason creates these rules as transparently as any others. It opens up the ports for the control channel and the high to high rule (called the data channel). A single ftp connection could therefore open 12 rules. You'll need to decide whether these high to high rules are too much of a security risk. If you do choose to open up ftp rules, you might want to do these last. This allows you to put in more specific rules first. 6.5. Netbios For those hoping to come here for a simple set of rules for firewalling netbios, sorry. This one is all over the map. Mason comes in really handy for netbios because it works with whatever netbios throws at it. The netbios ports are 135, 137, 138, and 139 - both tcp and udp. Connections can be from one of these low ports to itself, from a high port to one of these ports, or from a high port to a high port. In short, good luck trying to do this without Mason. By the way, allowing netbios traffic in from and out to the Internet may be a very bad idea. 6.6. NTP NTP is one of the few protocols that uses the same port at both the client and server end. In this case, it is port 123/udp. 6.7. SSH SSH (server port 22/tcp) has one minor note about its operation. When installed by root (setuid), it may not use a random high port between 1024 and 65535 for the client end. The first client session may use port 1023, the next uses 1022, etc. No real problem for Mason, but you might be surprised at the client ports used. These client ports should NOT be listed in /etc/services, even though it might seem to make identification easier. The reason is that Mason uses this file to identify _server_ ports in the process of deciding whether to use the ACK flag check. 6.8. Other IP protocols The other protocols, such as ipip, igmp, ospf, etc (see /etc/protocols), don't use port numbers. For this reason, Mason only creates rules between individual machines for these. 7. Version summary (out of date, sorry) o 0.9.0 _Lots_ of good new stuff. Mason handles log entries from ipchains or ipfwadm automatically. The command it runs can be either an ipchain or ipfwadm command, and it can output either an ipchain or ipfwadm command. All independently. See the ECHCOMMAND=... and DOCOMMAND=... parameters, above. _Major_ speedup! Keep reading lines until the 7th-13th fields are different from the previous line; this probably quadruples Mason's throughput or better. Bonus points to the readers who can read morse code from the heartbeat output... Oh, and I added heartbeat output to show that Mason hasn't just crashed. :-) Mason handles interfaces whose IP address changes automatically; see the DYNIF=... parameter, above. Note: additional ipchains fields are: L=Total length S=TOS I=ip->id? F=Fragment offset T=TTL o 0.8.0 -k added to control the direction in which connections are made. Unfortunately, the ftp-data port doesn't honor the simple rule for -k; I suspect this is a consequence of PASV vs. "active?" ftp opening the data connection in one direction of the other. Hmmm... This was released to the world as 0.7.9. o 0.7.0 (6/21/98) 20% speed improvement by changing read command. Local name cache added. On the fly policy changing. Comments. Major documentation updates. Another 20% performance improvement by replacing some sed's with bash internal pattern deletion. 6% more by using ${#..} instead of wc --bytes to size strings. Cut time necessary to process non-firewall lines in third by using && instead of -a. o 0.6.0 (6/4/98) Documentation added o 0.5.0 (6/2/98) Bare code, almost no documentation, ipfwadm support only. 8. Advanced scenarios 8.1. General approach Once you've gone through the Quick Start, what now? Now we learn how to use this to match your security policy. The first lesson to learn about packet filtering rules is that they are only useful if you have a mix of accept and deny (equivalent to reject in this discussion) rules. Think about it. If all of your rules are allow rules and your default policy is also allow, this setup is no different from having no rules at all; the system is completely open. At the other end of the spectrum, if all of your rules are deny and the default policy is also deny, well, it's going to be pretty hard to use TCP/IP at all. :-) This means that putting a firewall together involves deciding what should be allowed _and_ what should not be allowed. The first thing for you to decide is what your default policy should be. In the next few minutes we'll be looking at what you specifically want to allow and what you specifically want to disallow. What should the firewall do with the rest of the packets? That depends on how you view your firewall. If you primarily want your firewall to block a relatively small amount of malicious things, but want users on both sides of the firewall to have relatively unencumbered access to the opposite side, you'd probably want to use a default policy of accept. This tends to be a good choice in the case where there are a large number of types of TCP/IP traffic that should be allowed to pass through the firewall. If, on the other hand, you tend more toward the paranoid and want very fine grained control over _exactly_ what passes through your firewall, you'll probably want to use a default policy of deny. This tends to work well when there are a relatively small number of protocols that should be allowed. Choosing a policy becomes difficult when you want fine grained control but there are a large number of protocols used by your users. You'll still choose a default policy of deny, but you'll have to create a large number of rules to accomodate them. Good thing you've got Mason to give you a hand! Now that you've chosen a policy, what goes next? Here's where you can become an artist. With the help of Mason, your job is to decide what should be allowed and what should not be allowed. [More to be added as time allows...] 8.2. Ordering rules Here are a couple of guidelines about how to order your rules. I refer to policy below; for this discussion, there are 6 possible policies: accept, deny, reject, accept and log, deny and log, and reject and log. As there is no way that input rules and output rules could ever overlap, the rulesets for those can be considered seperately. The same logic holds true for input and forwarding and output and forwarding. Effectvely, even though you might have them all mixed together in your firewall creation shell script, you can work with the input rules according to the principles below, then come back and work with the forwarding rules, and then come back one last time for the output rules. o I suggest placing dns (also called domain; port 53/tcp and 53/udp) rules at the top of your firewall if you're using the default mode of HOSTLOOKUP=FULL. The other rules in your firewall may require dns lookups; if those requests can't get through because the dns rules aren't in place yet, the early rules may not get put in place. o If your ruleset contains a block of 2 or more rules with the same policy (accept, deny, or reject) that immediately follow each other, the order of the rules in that block has no functional difference to the operation of the firewall. If you are very concerned about performance, you might want to put the rules that process the largest number of packets at the top of this block and the rules that process the least number of packets near the bottom of this block. See the SORTMODE option in /etc/masonrc (not available in iptables). o If two consecutive rules do not have any overlapping cases in the patterns they match, they can appear in either order without affecting the operation of the firewall. As long as no two rules in the set overlap, this can be extended to a set with more than two rules. o If two rules overlap in the patterns they match and have different policies, they _cannot_ be reordered without affecting the functional operation of the firewall. Specifically, the packets in the overlapping case will have their policy changed. o If two consecutive rules have the same policy and one is subset of the other, the more specific rule can be discarded and the more general rule can be kept without affecting the functional operation of the firewall. One common case of this is when your default policy is, say, accept, and the last rule just before the default policy rule also has a policy of accept. This more specific rule (not the policy, of course) can be discarded. o Your default policy always comes at the end. I've referred to discarding rules above. One reason why you might _not_ want to discard a particular rule rule is when you're using your firewall to do accounting as well as blocking. You might want to be able to have seperate accounting for the packet traffic in the rule that would have been discarded. 8.3. Tips and tricks The following are tools and techniques I use. They may not be appropriate for you. Please consider whether they are appropriate for you before using them. o If you want to see which rules in your running firewall are actually carrying traffic, try this: ___________________________________________________________________ ( ipfwadm -lenI ; ipfwadm -lenF ; ipfwadm -lenO ) | grep -v '^ *0 *0 ' | less -S ___________________________________________________________________ or ______________________________________________________________________ ipchains -L -n -x -v | grep -v '^ *0 *0 ' | less -S ______________________________________________________________________ or ______________________________________________________________________ iptables -L -n -x -v | grep -v '^ *0 *0 ' | less -S ______________________________________________________________________ The "grep -v ..." removes all packets with 0's in the count and bytes columns. If the number of rules returned is still too large, flush the firewall and restart it; this clears out all the packet counts. Then you can rerun whatever test you've been doing and run the above command again to see what rules are carrying your traffic. This is especialy useful if you've got a deny rule somewhere blocking a certain connection: ______________________________________________________________________ ( ipfwadm -lenI ; ipfwadm -lenF ; ipfwadm -lenO ) | grep -v '^ *0 *0 ' | less -S ______________________________________________________________________ or ______________________________________________________________________ ipchains -L -n -x -v | grep -v '^ *0 *0 ' | egrep '(Chain|target|DENY|REJECT)' | less -S ______________________________________________________________________ o If you don't want to go through the above process, but just want to convert a few log entries to rules, you can do the feed yourself. For example: ___________________________________________________________________ tail --lines=1000 /var/log/messages | grep 'kernel.*I=' | DOCOMMAND="none" mason >afewrules ___________________________________________________________________ Any other options can be placed on the command line or in /etc/masonrc. o If you want rules that will run under ipfwadm and ipchains kernels, you have two good choices. Create ipfwadm rules no matter what kind of kernel you have (put ECHOCOMMAND="ipchains" in /etc/masonrc or on the command line). The first choice is to use the ipfwadm- wrapper (part of the ipchains-scripts package) as a front end to either ipfwadm or ipchains, as appropriate. The second choice is to take all of the ipfwadm rules and create the following file as your real firewall: ___________________________________________________________________ if [ -f /proc/net/ip_fwchains ]; then #Convert your ipfwadm rules to ipchains rules and place the converted rules here. /sbin/ipchains... elif [ -f /proc/net/ip_input ]; then #Place your ipfwadm rules here: /sbin/ipfwadm.... fi ___________________________________________________________________ The above conversion is actually darn simple: ______________________________________________________________________ cat ipfwadmfile | ipfwadm2ipchains >ipchainsfile ______________________________________________________________________ The ipfwadm2ipchains script is available at http://www.stearns.org/i2i/ . This site also holds ipchains2iptables, a similar script that gives a first pass output in iptables format from a given ipchains firewall. Note that this output won't use any of the advanced features of iptables, but you can add these. o If you have a number of interfaces that all get the same rules, replace the if0, if1, if2, etc rules with if+ . I believe this is ipchains only. o (Diald users only). The packets leaving your system on sl+ (or tap+) may have different source addresses (0.0.0.0/32, some dummy ip address, an old ppp address...). You might want to replace them with 0/0 to say I don't care what the source address is. o To see what program is using a particular port, try: ___________________________________________________________________ ps axf | grep "^ *`fuser port_number/proto | awk '{print $2}'` " ___________________________________________________________________ 9. Notes about Mason itself 9.1. File descriptions COPYING The GNU General Public License. Makefile Used in packaging and distribution. baserules The baserules file is one of two files that hold your firewall rules. baserules holds the rules that you've checked over and are sure should be part of your final firewall. baserules.sample A few possible rules for use as a starting point. firewall The boot time script for use in /etc/rc.d/init.d. index.html The Mason web page. mason The actual mason script. mason-gui-text The rudimentary interface to running Mason and building a firewall. mason-gui-text.1 man page for mason-gui-text. mason.1 man page for mason. mason.html The primary documentation for the package, in hypertext. mason.lsm The Linux Software Map entry. mason.sgml The primary documentation for the package. The sgml format is designed to allow easy conversion to more readable formats. mason.spec The RPM spec file. mason.txt The primary documentation for the package, in a flat text file. masonlib A library of functions used by a number of the other files. masonrc The main configuration file. There are intelligent defaults for all of these fields. moreservices The services file I use, good as a reference if you don't recognize a protocol. nmap-services The additional services file includes with the nmap tool. An even better reference. newrules newrules is the other file that holds firewall rules. It holds rules created by mason that you haven't looked over yet. Think about what would happen if you were port scanned while Mason was running; if you only had one file to hold rules, all of these portscan rules you don't want would be mixed in with the rules you do want. An important note - rules in newrules are not part of your regular firewall - they are only used during the learning process. This is why you need to merge rules from newrules to baserules once you're sure of them. 10. Additional resources o http://www.netfilter.orgNetfilter/iptables for 2.4.x kernels. o http://www.rustcorp.com/linux/ipchains Linux IP firewalling chains for 2.2.x kernels. o http://ipmasq.cjb.net The Linux IP Masquerade Resource. o http://www.xos.nl/linux/ Experts in Open Systems; specifically, Jos Vos, one of the firewall code authors. o http://metalab.unc.edu/linux/HOWTO/HOWTO-INDEX-3.html The Linux HOWTO index, part of the: o http://metalab.unc.edu/linux/ Linux Documentation Project. o http://metalab.unc.edu/linux/HOWTO/mini/IP-Masquerade.html The IP Masquerade HOWTO. Useful information on ipfwadm and masquerading. o http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html David Ranch's excellent networking resource. Check out the "Trinity OS" document and the IP Masquerade Howto, co-authored with Ambrose Au. Both are comprehensive documents about Linux networking - well worth reading. 11. Authors, credits, feedback, copyright, how to help! Once again, the linux kernel and firewall developers deserve all the credit. Mason is simply a front end to a fast, powerful, stable firewall implementation in the linux kernel. Many thanks to all the linux firewall developers. The name "Mason" comes from two sources; first of all, it builds a (fire)wall. Second, it's my nephew's name. Mason lives in Brooklyn with my sister and her husband and my niece Eve. He's a great guy! If you have comments, suggestions, problems, ideas, flames, patches, whatever, I'd like to hear them. I'd even be interested in hearing where Mason fell short for your needs. My permanent email address is wstearns@pobox.com. The permanent web site for the software is http://www.pobox.com/~wstearns/mason/. Jeff Licquia has kindly offered to package up Mason into a Debian package. The Debian requirements are helping to make a better program for all distributions. Jens Knudsen wrote nicerules, a wrapper script for Mason. It's a simple script that takes the "newrules" output, sorts and orders the firewall rules in a way that makes it easier to review security, and produces a "standalone" firewall script and a firewall.disable script. The script probably has many "bugs", use it as an aid, but don't blame him for any problems it may cause you. There is more information in the actual script which is also heavily commented. Have fun. If you choose to send me actual mason firewall rules and choose to hide the IP addresses and/or networks for security reason, that's fine, but please replace them with something that describes their general use so I can make sense of them. For example: ______________________________________________________________________ cat myrules | sed -e 's@11.22.33.44/32@fw-outside@' \ -e 's@192.168.1.1/32@fw-inside@' \ -e 's@192.168.1.0/24@inside-net@' \ >myrules.mailable ______________________________________________________________________ - or something like that. There are a number of things you can do to help this project: o Send in bug reports. o Send in suggestions or fixes. o Organize the documentation. o Design a logo. o Take over the announcement process. o Help integrate Mason into your distribution. Heck, just letting me know under which distributions Mason works is helpful! o Organize the Web site into a more useful resource. o Set up mailing lists for developers, announcements, and users. The files in the Mason package are Copyright (c) 1998-2002 by William Stearns wstearns@pobox.com or Jeff Licquia. They are released under the GNU GPL, which is included in the package. If you did not recieve a copy of this license, please contact the author for a copy (see the top of the Mason script for contact information for the author and the Free Software Foundation). William is also the author of buildkernel, the automated Linux kernel builder, and other minor shell scripts. 11.1. Thanks Chris Brenton deserves very special thanks for spending an evening with me discussing a number of questions I've had about packet filtering. He was very kind to share his knowledge with me. I owe him a pizza sometime. :-) Chris has written some excellent networking texts - I'm about halfway through Mastering Network Security and am very impressed with the writing and content: Multiprotocol Network Design & Troubleshooting, Mastering Network Security. The above plug was not requested, but is well deserved. Thanks to Nathan Bailey who took the time to remind me that there is a Perl Module that's also called Mason. Thanks also to Jonathan Swartz, the author of HTML::Mason who graciously agreed to share the name and pointers with me. Many thanks to Dave Stern, who has offered suggestions on how to improve Mason and helped with beta testing early versions. Maybe someday I'll tell him they were prerelease versions... :-) Thanks to all of the people who have sent in questions, bug reports, fixes, improvements, and six foot long lizards. The new section of masonrc with a boatload of backdoor ports is courtesy of the authors of and contributors to snort. Specifically, Nick Rogness, Jim Forster and Martin Markgraf are credited with the work on the ports - many thanks, guys. Snort can be found at http://www.snort.org. It's a really cool intrusion detection tool. Thanks to Marty roesch@clark.net for the tool. A special thank you to all the authors in the Linux movement. In a small way, the code I return to the community is my way of paying back my incredible debt to the people who came before me. As always, many thanks to my wife Debbie, who has shown amazing patience with my Linux related projects. Many thanks, my love. ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������mason-1.0.0.orig/masonlib���������������������������������������������������������������������������0100755�0007657�0000764�00000353173�07467513555�014226� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/bash #A library of functions and subroutines for Mason #Copyright 1999-2001, William Stearns <wstearns@pobox.com> #See the main Mason script for license and copyright information. #Notes to myself: #Safe to remove curly braces if char following variable is not letter, digit, or underscore. #${ONENET%%/*} = stuff before / #${ONENET##*/} = stuff after / #ipchains -L -n -v -x: bytes 1-8 are the count, 10-19 are bytes, 66-75 is the mark. #export BBB="bbb" ; export ADDCOUNTSCRIPT="-e s/aa/bbbb/ -e s/$BBB/z/" ; echo "aa" | sed $ADDCOUNTSCRIPT # | sed -e 's/\^ [0-9]*//' # ? Expands to the status of the most recently executed foreground pipeline. # - Expands to the current option flags as specified upon invocation, by the set builtin command, or # those set by the shell itself (such as the -i flag). # $ Expands to the process ID of the shell. In a () subshell, it expands to the process ID of the cur- # rent shell, not the subshell. # ! Expands to the process ID of the most recently executed background (asynchronous) command. # For a single background task, this is the PID. # For a backgrounded pipe, this is the PID of the last object in the pipe. # For a ( X | Y | Z... ) & , this is the pid of the encapsulating shell. Killing $! kills that shell, but not inhabitants who get orphaned but keep running. #FIXME - figure out how to add counts to NOINCOMING and BLOCKEDHOSTS rules? #A="`echo | tr '\012' '\001' `" #Produces a Ctrl-A unlikely to exist in normal text #Class A 0-127, Class B 128-191, Class C 192-223, Class D 224-254. #A long time ago that would have been a good way to calculate the netmask automatically. Unfortunately, CIDR makes that useless now. # || logfail $LINENO masonlib: YYYY #### the_command_that_was_supposed_to_run #Last YYYY code used: 0149, use 0150 next if [ -f /usr/lib/samlib/samlib ]; then . /usr/lib/samlib/samlib else echo "/usr/lib/samlib/samlib is missing - please get it from" >/dev/stderr echo "http://www.stearns.org/samlib/" >/dev/stderr echo "Exiting." >/dev/stderr exit 1 fi for ONEFUNC in askYN encompassingnetworkof ipeq iple iplt ipof isdigits \ isnumericip mask2bits mask2cisco networksoverlap seqfunc wrap ; do if ! type $ONEFUNC >/dev/null 2>/dev/null ; then echo "Missing $ONEFUNC , please update samlib from" >/dev/stderr echo "http://www.stearns.org/samlib/" >/dev/stderr echo "Exiting." >/dev/stderr exit 1 fi done MASONVER="1.0.0, 5/12/2002" #------------------------------------------------------------------------- # addcounts procedure, adds the packet counts to the rules in a file. #------------------------------------------------------------------------- addcounts () { #SUDO checked #Params: $* is/are the filespec(s) for the files that need counts added. CKPTADDCOUNTS=" addcounts: Start $*" ; #ckpt $CKPTADDCOUNTS #FIXME - test for iptables || [ -n "`lsmod | grep '^ip_tables '`" ] #Hmmm... will iptables have mark values? if [ -f /proc/net/ip_fwchains ] && [ "$SORTMODE" = "PACKETCOUNTS" ]; then #We can only match up counts to rules if we have mark values, i.e. ipchains. updatecounts HEXMARKS="" ; DECMARKS="" #FIXME - $* instead of $1? for ONEMARK in `grep ' -m ' $1 | sed -e 's/.* -m \([^ ]*\) .*/\1/' || logfail $LINENO masonlib: 0001 grep ' -m ' $1 pipe sed -e 's/.* -m \([^ ]*\) .*/\1/'` ; do case $ONEMARK in 0x*) HEXMARKS="YES" ;; [0-9]*) DECMARKS="YES" ;; esac done CKPTADDCOUNTS=" addcounts: hexmarks $HEXMARKS decmarks $DECMARKS" ; #ckpt $CKPTADDCOUNTS if [ -n "$HEXMARKS$DECMARKS" ]; then #Only do the work if some of the rules have mark values. ADDCOUNTSCRIPT="-e s/[[:space:]]*#\^[[:space:]][0-9]*//" #Erase any old counts ( #^ 12345 ) ADDCOUNTSCRIPT="$ADDCOUNTSCRIPT -e s/[[:space:]]*$//" #Erase any trailing spaces for ONECOUNT in `sed -e 's@ 0x@/0x@' $PACKETCOUNTFILE | grep '/0x'` ; do #packetcount/markvalue pairs if [ "$HEXMARKS" = "YES" ]; then #In short: Add " #^ packetcount" at the end of a line that has " -m 0xmarkvalue " in it. The /../ at the beginning tells sed to only apply this substitution to lines matching this pattern. ADDCOUNTSCRIPT="$ADDCOUNTSCRIPT -e /-m[[:space:]]${ONECOUNT##*/}/s@^\(.*[[:space:]]-m[[:space:]]${ONECOUNT##*/}[[:space:]].*\)@\1SpAcE#^SpAcE${ONECOUNT%%/*}SpAcE@" fi if [ "$DECMARKS" = "YES" ]; then #As above, but match the decimal version "$[0xmarkvalue]". ADDCOUNTSCRIPT="$ADDCOUNTSCRIPT -e /-m[[:space:]]$[${ONECOUNT##*/}]/s@^\(.*[[:space:]]-m[[:space:]]$[${ONECOUNT##*/}][[:space:]].*\)@\1SpAcE#^SpAcE${ONECOUNT%%/*}SpAcE@" fi done CKPTADDCOUNTS=" addcounts: script created, processing files" ; #ckpt $CKPTADDCOUNTS for ONEFILE in $* ; do DUPMARKS=`grep '[[:space:]]-m[[:space:]]' $ONEFILE | sed -e 's/^.*[[:space:]]-m[[:space:]]*\([x0-9]*\).*$/\1/' | uniq -d || logfail $LINENO masonlib: YYYY 0002` if [ -n "$DUPMARKS" ]; then wrap ${WARN}Warning - the following marks are used more than once in $ONEFILE:${NORM} >/dev/stderr for ONEMARK in $DUPMARKS ; do case $ONEMARK in 0x*) echo -n "$ONEMARK = $[ $ONEMARK ] " >/dev/stderr ;; *) echo -n "$ONEMARK " >/dev/stderr ;; esac done echo >/dev/stderr wrap ${WARN}This will give incorrect packet counts.${NORM} >/dev/stderr fi sed $ADDCOUNTSCRIPT -e 's/SpAcE/ /g' $ONEFILE >$ONEFILE.temp || logfail $LINENO masonlib: YYYY 0003 #I couldn't figure out the quoting to allow actual spaces in the ADDCOUNTSCRIPT variable. cat $ONEFILE.temp >$ONEFILE || logfail $LINENO masonlib: YYYY 0004 rm -f $ONEFILE.temp || logfail $LINENO masonlib: YYYY 0005 done fi fi CKPTADDCOUNTS="" } #End of addcounts #------------------------------------------------------------------------- # bits2mask function, returns the netmask for the number of bits parameter. #------------------------------------------------------------------------- bits2mask () { #SUDO checked case $1 in 32|*/32) echo 255.255.255.255 ;; 31|*/31) echo 255.255.255.254 ;; 30|*/30) echo 255.255.255.252 ;; 29|*/29) echo 255.255.255.248 ;; 28|*/28) echo 255.255.255.240 ;; 27|*/27) echo 255.255.255.224 ;; 26|*/26) echo 255.255.255.192 ;; 25|*/25) echo 255.255.255.128 ;; 24|*/24) echo 255.255.255.0 ;; 23|*/23) echo 255.255.254.0 ;; 22|*/22) echo 255.255.252.0 ;; 21|*/21) echo 255.255.248.0 ;; 20|*/20) echo 255.255.240.0 ;; 19|*/19) echo 255.255.224.0 ;; 18|*/18) echo 255.255.192.0 ;; 17|*/17) echo 255.255.128.0 ;; 16|*/16) echo 255.255.0.0 ;; 15|*/15) echo 255.254.0.0 ;; 14|*/14) echo 255.252.0.0 ;; 13|*/13) echo 255.248.0.0 ;; 12|*/12) echo 255.240.0.0 ;; 11|*/11) echo 255.224.0.0 ;; 10|*/10) echo 255.192.0.0 ;; 9|*/9) echo 255.128.0.0 ;; 8|*/8) echo 255.0.0.0 ;; 7|*/7) echo 254.0.0.0 ;; 6|*/6) echo 252.0.0.0 ;; 5|*/5) echo 248.0.0.0 ;; 4|*/4) echo 240.0.0.0 ;; 3|*/3) echo 224.0.0.0 ;; 2|*/2) echo 192.0.0.0 ;; 1|*/1) echo 128.0.0.0 ;; 0|*/0) echo 0.0.0.0 ;; *) echo 255.255.255.255 ;; esac } #End of bits2mask #------------------------------------------------------------------------- # broadcastof function, returns the broadcast of the given ip and netmask. #------------------------------------------------------------------------- broadcastof () { #SUDO checked #The broadcast is (ip bitwise-or (255.255.255.255-netmask)) CKPTBROADCASTOF=" broadcastof: Start $1 mask $2" ; #ckpt $CKPTBROADCASTOF case $2 in 32|255.255.255.255) echo $1 ;; 0|0.0.0.0) echo 255.255.255.255 ;; *) SPLITIP=$1 I1O1=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O2=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O3=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O4=$SPLITIP case $2 in [0-9]|[1-2][0-9]|3[0-2]) SPLITIP=`bits2mask $2` ;; *) SPLITIP=$2 ;; esac I2O1=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O2=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O3=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O4=$SPLITIP echo $[ $I1O1 | (255-$I2O1) ].$[ $I1O2 | (255-$I2O2) ].$[ $I1O3 | (255-$I2O3) ].$[ $I1O4 | (255-$I2O4) ] ;; esac CKPTBROADCASTOF="" } #End of broadcastof #------------------------------------------------------------------------- # catchall procedure. Catch every darn signal. Because I'm _really_ # tired of getting random children nuked. #------------------------------------------------------------------------- catchall () { #SUDO checked #All signals except SIGKILL are caught. trap 'logger SIGHUP' SIGHUP trap 'logger SIGINT' SIGINT trap 'logger SIGQUIT' SIGQUIT trap 'logger SIGILL' SIGILL trap 'logger SIGTRAP' SIGTRAP #Warning. BIG Sandbox talk. #Who the &(%@ decided that SIGIOT needed to be renamed? #Renamed? You've _got_ to be kidding me. #We now have to poll for the name of signal 6. #I absolutely refuse to apologize for the following kludge; trap should accept #both the old and the new name. #GRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR! # trap 'logger SIGIOT' SIGIOT #OK, this is overkill, just use the "trap on 6 that follows # trap 'logger SIGIOT' `kill -l | grep '\W6)' | sed -e 's/.*\W6)//' | awk '{print $1}'` trap 'logger SIGIOT' 6 trap 'logger SIGBUS' SIGBUS trap 'logger SIGFPE' SIGFPE trap 'logger SIGUSR1' SIGUSR1 trap 'logger SIGSEGV' SIGSEGV trap 'logger SIGUSR2' SIGUSR2 trap 'logger SIGPIPE' SIGPIPE trap 'logger SIGALRM' SIGALRM trap 'logger SIGTERM' SIGTERM trap 'logger SIGCHLD' SIGCHLD trap 'logger SIGCONT' SIGCONT trap 'logger SIGSTOP' SIGSTOP trap 'logger SIGTSTP' SIGTSTP trap 'logger SIGTTIN' SIGTTIN trap 'logger SIGTTOU' SIGTTOU trap 'logger SIGURG' SIGURG trap 'logger SIGXCPU' SIGXCPU trap 'logger SIGXFSZ' SIGXFSZ trap 'logger SIGVTALRM' SIGVTALRM trap 'logger SIGPROF' SIGPROF trap 'logger SIGWINCH' SIGWINCH trap 'logger SIGIO' SIGIO trap 'logger SIGPWR' SIGPWR } #End of catchall #------------------------------------------------------------------------- # chainnameof function, returns the form of the chain appropriate for the given DOCOMMAND #------------------------------------------------------------------------- chainnameof () { #SUDO checked if [ "$1" = "" ]; then wrap ${WARN}Missing chain name in chainnameof.${NORM} >/dev/stderr else case $DOCOMMAND in [Ii][Pp][Ff][Ww][Aa][Dd][Mm]) case $1 in [Ii]*) echo "-I" ;; [Ff]*) echo "-F" ;; [Oo]*) echo "-O" ;; esac ;; [Ii][Pp][Cc][Hh][Aa][Ii][Nn][Ss]) case $1 in [Ii][Nn][Pp][Uu][Tt]) echo "input" ;; [Ff][Oo][Rr][Ww][Aa][Rr][Dd]) echo "forward" ;; [Oo][Uu][Tt][Pp][Uu][Tt]) echo "output" ;; *) echo "$1" ;; esac ;; [Ii][Pp][Tt][Aa][Bb][Ll][Ee][Ss]) case $1 in [Ii][Nn][Pp][Uu][Tt]) echo "INPUT" ;; [Ff][Oo][Rr][Ww][Aa][Rr][Dd]) echo "FORWARD" ;; [Oo][Uu][Tt][Pp][Uu][Tt]) echo "OUTPUT" ;; *) echo "$1" ;; esac ;; [Nn][Oo][Nn][Ee]) : ;; esac #Case docommand fi } #End of chainnameof #------------------------------------------------------------------------- #After loading /etc/masonrc, this procedure puts sane values in for everything. #------------------------------------------------------------------------- checkconf () { CKPTCHECKCONF=" checkconf: Start" ; #ckpt $CKPTCHECKCONF echo -n "Check vars..." >/dev/stderr MASONDIR=${MASONDIR:-"/var/lib/mason/"} if [ ! -d $MASONDIR ]; then mkdir --parents $MASONDIR || logfail $LINENO masonlib: 0006 mkdir --parents $MASONDIR chown root.root $MASONDIR || logfail $LINENO masonlib: 0007 chown root.root $MASONDIR chmod 700 $MASONDIR || logfail $LINENO masonlib: 0008 chmod 700 $MASONDIR fi MASONCONF=${MASONCONF:-"/etc/masonrc"} ; if [ ! -f $MASONCONF ]; then touch $MASONCONF || logfail $LINENO masonlib: 0009 touch $MASONCONF ; fi #NAMECACHE support has been disabled #NAMECACHE=${NAMECACHE:-"${MASONDIR}morehosts"} ; if [ ! -f $NAMECACHE ]; then touch $NAMECACHE || logfail $LINENO masonlib: 0010 touch $NAMECACHE ; fi #The NETCACHE file is no longer used; place any customized values in the NETWORKS variable. #NETCACHE=${NETCACHE:-"${MASONDIR}netconvert"} ; if [ ! -f $NETCACHE ]; then touch $NETCACHE || logfail $LINENO masonlib: 0011 touch $NETCACHE ; fi BASERULEFILE=${BASERULEFILE:-"${MASONDIR}baserules"} ; if [ ! -f $BASERULEFILE ]; then touch $BASERULEFILE || logfail $LINENO masonlib: 0012 touch $BASERULEFILE ; fi NEWRULEFILE=${NEWRULEFILE:-"${MASONDIR}newrules"} ; if [ ! -f $NEWRULEFILE ]; then touch $NEWRULEFILE || logfail $LINENO masonlib: 0013 touch $NEWRULEFILE ; fi PACKETCOUNTFILE=${PACKETCOUNTFILE:-"${MASONDIR}packetcounts"} ; if [ ! -f $PACKETCOUNTFILE ]; then touch $PACKETCOUNTFILE || logfail $LINENO masonlib: 0014 touch $PACKETCOUNTFILE ; fi #SYSTEMRULEFILE=${SYSTEMRULEFILE:-"${MASONDIR}systemrules"} ; if [ ! -f $SYSTEMRULEFILE ]; then touch $SYSTEMRULEFILE || logfail $LINENO masonlib: 0015 touch $SYSTEMRULEFILE ; fi PACKETLOGFILE=${PACKETLOGFILE:-"/var/log/messages"} MASONEXE=${MASONEXE:-"/usr/bin/mason"} MASONDECIDE=${MASONDECIDE:-"/usr/bin/mason-decide"} CKPTCHECKCONF=" checkconf: Set up ANSI escape codes" ; #ckpt $CKPTCHECKCONF if [ "$USEANSI" != "NO" ]; then ENH="-e" BLACK="\033[1;30m" RED="\033[1;31m" GREEN="\033[1;32m" YELLOW="\033[1;33m" BLUE="\033[1;34m" PINK="\033[1;35m" TURQUOISE="\033[1;36m" NORM="\033[1;37m" BRIGHT="\033[1;39m" else ENH="" BLACK="" RED="" GREEN="" YELLOW="" BLUE="" PINK="" TURQUOISE="" NORM="" BRIGHT="" fi KEY="$GREEN" WARN="$RED" HEADER="$TURQUOISE" #Ipnatctl isn't used any more. # if [ -z "$IPNATCTLBIN" ]; then # if type -path ipnatctl >/dev/null ; then IPNATCTLBIN=`type -path ipnatctl | head -1` # elif [ -x /sbin/ipnatctl ]; then IPNATCTLBIN='/sbin/ipnatctl' # elif [ -x /usr/local/bin/ipnatctl ]; then IPNATCTLBIN='/usr/local/bin/ipnatctl' # else # IPNATCTLBIN='ipnatctl' # wrap ${WARN}ipnatctl was not found in your path or in /usr/local/bin. You may need to copy it or add an explicit path to it in the following commands.${NORM} >/dev/stderr # fi # fi if [ -z "$IPTABLESBIN" ]; then if type -path iptables >/dev/null ; then IPTABLESBIN=`type -path iptables | head -1` elif [ -x /sbin/iptables ]; then IPTABLESBIN='/sbin/iptables' elif [ -x /usr/local/bin/iptables ]; then IPTABLESBIN='/usr/local/bin/iptables' else IPTABLESBIN='iptables' wrap ${WARN}iptables was not found in your path, in /usr/local/bin or in /sbin. You may need to copy it or add an explicit path to it in the following commands.${NORM} >/dev/stderr fi fi if [ -z "$IPCHAINSBIN" ]; then if type -path ipchains >/dev/null ; then IPCHAINSBIN=`type -path ipchains | head -1` elif [ -x /sbin/ipchains ]; then IPCHAINSBIN='/sbin/ipchains' #elif [ -x /usr/local/bin/ipchains ]; then IPCHAINSBIN='/usr/local/bin/ipchains' else IPCHAINSBIN='ipchains' wrap ${WARN}ipchains was not found in your path or in /sbin. You may need to copy it or add an explicit path to it in the following commands.${NORM} >/dev/stderr fi fi if [ -z "$IPFWADMBIN" ]; then if type -path ipfwadm >/dev/null ; then IPFWADMBIN=`type -path ipfwadm | head -1` elif [ -x /sbin/ipfwadm ]; then IPFWADMBIN='/sbin/ipfwadm' #elif [ -x /usr/local/bin/ipfwadm ]; then IPFWADMBIN='/usr/local/bin/ipfwadm' else IPFWADMBIN='ipfwadm' wrap ${WARN}ipfwadm was not found in your path or in /sbin. You may need to copy it or add an explicit path to it in the following commands.${NORM} >/dev/stderr fi fi if [ ! -d /var/run ]; then mkdir --parents /var/run || logfail $LINENO masonlib: 0016 mkdir --parents /var/run ; fi MASONPIDFILE=${MASONPIDFILE:-"/var/run/mason.pid"} if [ -z "$SERVICES" ]; then SERVICES="/etc/services" #I used to add in the following 2 files. I do not now because I got too many false matches from nmap-services. #if [ -f ${MASONDIR}moreservices ]; then SERVICES="$SERVICES ${MASONDIR}moreservices" ; fi #if [ -f ${MASONDIR}nmap-services ]; then SERVICES="$SERVICES ${MASONDIR}nmap-services" ; fi fi NOLOGSUFFIX=${NOLOGSUFFIX:-"N"} DEBUG=${DEBUG:-"NO"} BLOCKEDHOSTS=${BLOCKEDHOSTS:-""} DYNIF=${DYNIF:-""} AUTOMASQIF=${AUTOMASQIF:-""} SSP=${SSP:-""} SCP=${SCP:-""} NOINCOMING=${NOINCOMING:-""} NOOUTGOING=${NOOUTGOING:-""} VERBOSE=${VERBOSE:-"YES"} DEFROUTEIFS=`/sbin/route -n | grep '^0\.0\.0\.0[ \t]' | awk '{print $8}' | sort | uniq || logfail $LINENO masonlib: YYYY 0017` INCOMINGINTERFACES=${INCOMINGINTERFACES:-$DEFROUTEIFS} OUTGOINGINTERFACES=${OUTGOINGINTERFACES:-$DEFROUTEIFS} CKPTCHECKCONF=" checkconf: Check policies" ; #ckpt $CKPTCHECKCONF case $NEWRULEPOLICY in #Set LCPOLICY (lower case) and UCPOLICY... [Aa][Cc][Cc][Ee][Pp][Tt]) LCPOLICY="accept" ; UCPOLICY="ACCEPT" ;; [Rr][Ee][Jj][Ee][Cc][Tt]) LCPOLICY="reject" ; UCPOLICY="REJECT" ;; [Dd][Ee][Nn][Yy]) LCPOLICY="deny" ; UCPOLICY="DENY" ;; *) wrap ${WARN}WARNING! NEWRULEPOLICY is neither accept, reject, nor deny in $MASONCONF.${NORM} >/dev/stderr while [ "$LCPOLICY" != "accept" ] && [ "$LCPOLICY" != "reject" ] && [ "$LCPOLICY" != "deny" ] ; do wrap Please choose ${KEY}accept${NORM}, ${KEY}reject${NORM}, or ${KEY}deny${NORM}: >/dev/stderr read NEWRULEPOLICY JUNK || : case "$NEWRULEPOLICY" in [Aa][Cc][Cc][Ee][Pp][Tt]) LCPOLICY="accept" ; UCPOLICY="ACCEPT" ;; [Rr][Ee][Jj][Ee][Cc][Tt]) LCPOLICY="reject" ; UCPOLICY="REJECT" ;; [Dd][Ee][Nn][Yy]) LCPOLICY="deny" ; UCPOLICY="DENY" ;; esac done if echo -n $ENH "Shall I write this value to $MASONCONF(${KEY}Y${NORM}/${KEY}N${NORM})" >/dev/stderr ; askYN >/dev/stderr ; then echo "NEWRULEPOLICY=$NEWRULEPOLICY" >>$MASONCONF fi wrap NEWRULEPOLICY is being reset to \"$NEWRULEPOLICY\". >/dev/stderr ;; esac case $DEFAULTPOLICY in [Aa][Cc][Cc][Ee][Pp][Tt]) DEFAULTPOLICY="accept" ;; [Rr][Ee][Jj][Ee][Cc][Tt]) DEFAULTPOLICY="reject" ;; [Dd][Ee][Nn][Yy]) DEFAULTPOLICY="deny" ;; *) wrap ${WARN}WARNING! DEFAULTPOLICY is neither accept, reject, nor deny in $MASONCONF.${NORM} >/dev/stderr while [ "$DEFAULTPOLICY" != "accept" ] && [ "$DEFAULTPOLICY" != "reject" ] && [ "$DEFAULTPOLICY" != "deny" ] ; do wrap Please choose ${KEY}accept${NORM}, ${KEY}reject${NORM}, or ${KEY}deny${NORM}: >/dev/stderr read DEFAULTPOLICY JUNK || : case "$DEFAULTPOLICY" in [Aa][Cc][Cc][Ee][Pp][Tt]) DEFAULTPOLICY="accept" ;; [Rr][Ee][Jj][Ee][Cc][Tt]) DEFAULTPOLICY="reject" ;; [Dd][Ee][Nn][Yy]) DEFAULTPOLICY="deny" ;; esac done if echo -n $ENH "Shall I write this value to $MASONCONF(${KEY}Y${NORM}/${KEY}N${NORM})" ; askYN ; then echo "DEFAULTPOLICY=$DEFAULTPOLICY" >>$MASONCONF fi wrap DEFAULTPOLICY is being reset to \"$DEFAULTPOLICY\". >/dev/stderr ;; esac CKPTCHECKCONF=" checkconf: Post default policy" ; #ckpt $CKPTCHECKCONF case $LOGGINGPOLICY in [Aa][Cc][Cc][Ee][Pp][Tt]) LOGGINGPOLICY="accept" ;; [Rr][Ee][Jj][Ee][Cc][Tt]) LOGGINGPOLICY="reject" ;; [Dd][Ee][Nn][Yy]) LOGGINGPOLICY="deny" ;; *) LOGGINGPOLICY=$NEWRULEPOLICY ;; esac case $FLUSHEDPOLICY in [Aa][Cc][Cc][Ee][Pp][Tt]) FLUSHEDPOLICY="accept" ;; [Rr][Ee][Jj][Ee][Cc][Tt]) FLUSHEDPOLICY="reject" ;; [Dd][Ee][Nn][Yy]) FLUSHEDPOLICY="deny" ;; *) FLUSHEDPOLICY="accept" ;; esac case $ECHOCOMMAND in [Ii][Pp][Ff][Ww][Aa][Dd][Mm]) ECHOCOMMAND="ipfwadm" ;; [Ii][Pp][Cc][Hh][Aa][Ii][Nn][Ss]) ECHOCOMMAND="ipchains" ;; [Ii][Pp][Cc][Hh][Aa][Ii][Nn][Ss]-[Ss][Aa][Vv][Ee]) ECHOCOMMAND="ipchains-save" ;; [Ii][Pp][Tt][Aa][Bb][Ll][Ee][Ss]) ECHOCOMMAND="iptables" ;; [Cc][Ii][Ss][Cc][Oo]) ECHOCOMMAND="cisco" ;; [Nn][Oo]|[Nn][Oo][Nn][Ee]) ECHOCOMMAND="none" ;; *) if [ -f /proc/net/ip_fwchains ]; then ECHOCOMMAND="ipchains" elif [ -f /proc/net/ip_input ]; then ECHOCOMMAND="ipfwadm" elif [ -n "`lsmod | grep '^ip_tables '`" ]; then ECHOCOMMAND="iptables" else ECHOCOMMAND="ipchains" #Set default here fi ;; esac CKPTCHECKCONF=" checkconf: pre docommand" ; #ckpt $CKPTCHECKCONF case $DOCOMMAND in [Ii][Pp][Ff][Ww][Aa][Dd][Mm]) DOCOMMAND="ipfwadm" if [ ! -f /proc/net/ip_input ]; then wrap ${WARN}WARNING! User has requested ipfwadm, but it appears to be unavailable. Proceeding, but this is not likely to work.${NORM} >/dev/stderr sleep 10 fi if [ ! -x "$IPFWADMBIN" ]; then wrap ${WARN}WARNING! User has requested ipfwadm, but $IPFWADMBIN is not executable. Proceeding, but this is not likely to work.${NORM} >/dev/stderr sleep 10 fi ;; [Ii][Pp][Cc][Hh][Aa][Ii][Nn][Ss]) DOCOMMAND="ipchains" if [ ! -f /proc/net/ip_fwchains ]; then wrap ${WARN}WARNING! User has requested ipchains, but it appears to be unavailable. Proceeding, but this is not likely to work.${NORM} >/dev/stderr sleep 10 fi if [ ! -x "$IPCHAINSBIN" ]; then wrap ${WARN}WARNING! User has requested ipchains, but $IPCHAINSBIN is not executable. Proceeding, but this is not likely to work.${NORM} >/dev/stderr sleep 10 fi ;; [Ii][Pp][Tt][Aa][Bb][Ll][Ee][Ss]) DOCOMMAND="iptables" #FIXME - how to reliably test for kernel iptables support #if [ -z "`lsmod | grep '^ip_tables '`" ]; then # wrap ${WARN}WARNING! User has requested iptables, but it appears to be unavailable. Proceeding, but this is not likely to work.${NORM} >/dev/stderr # sleep 10 #fi if [ ! -x "$IPTABLESBIN" ]; then wrap ${WARN}WARNING! User has requested iptables, but $IPTABLESBIN is not executable. Proceeding, but this is not likely to work.${NORM} >/dev/stderr sleep 10 fi ;; [Nn][Oo]|[Nn][Oo][Nn][Ee]) DOCOMMAND="none" ;; *) if [ -f /proc/net/ip_fwchains ]; then DOCOMMAND="ipchains" if [ ! -x "$IPCHAINSBIN" ]; then wrap ${WARN}WARNING! This kernel uses ipchains, but $IPCHAINSBIN is not executable. Proceeding, but this is not likely to work. Please get a copy of the ipchains binary and place it in /sbin .${NORM} >/dev/stderr sleep 10 fi elif [ -f /proc/net/ip_input ]; then DOCOMMAND="ipfwadm" if [ ! -x "$IPFWADMBIN" ]; then wrap ${WARN}WARNING! This kernel uses ipfwadm, but $IPFWADMBIN is not executable. Proceeding, but this is not likely to work. Please get a copy of the ipfwadm binary and place it in /sbin .${NORM} >/dev/stderr sleep 10 fi #FIXME - find reliable test for kernel iptables support. #elif [ -n "`lsmod | grep '^ip_tables '`" ]; then else DOCOMMAND="iptables" if [ ! -x "$IPTABLESBIN" ]; then wrap ${WARN}WARNING! This kernel uses iptables, but $IPTABLESBIN is not executable. Proceeding, but this is not likely to work. Please get a copy of the iptables binary and place it in /sbin .${NORM} >/dev/stderr sleep 10 fi #else # DOCOMMAND="none" #Well, we cant _do_ any! # wrap ${WARN}WARNING! ipchains, ipfwadm and iptables appear to be unavailable. Proceeding anyways.${NORM} >/dev/stderr # sleep 10 fi ;; esac CKPTCHECKCONF=" checkconf: check heartbeat" ; #ckpt $CKPTCHECKCONF case $HEARTBEAT in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) HEARTBEAT="YES" ;; [Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]) HEARTBEAT="NO" ;; *) HEARTBEAT="YES" ;; esac case $DOBEEP in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) DOBEEP="YES" ;; [Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]) DOBEEP="NO" ;; *) DOBEEP="YES" ;; esac case $SPOOFBLOCKS in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) if [ "$DOCOMMAND" = "ipchains" ] || [ "$DOCOMMAND" = "iptables" ]; then SPOOFBLOCKS="YES" #I believe that the spoof blocking is now safe even in the case of overlapping routes. #The only dangerous case is where packets arrive from a network not in the routing table #for that interface - including asymmetric routing setups like one way satellite/cable. #Even in that case, you can add a specific or default route to that network by hand... #if routesoverlap ; then # wrap ${WARN}Warning! - Spoof blocking has been requested, but the following entries in your routing table overlap and point to different interfaces:${NORM} >/dev/stderr # echo $OVERLAPPINGROUTES >/dev/stderr # wrap ${WARN}Continuing, but communication from machines in the overlapping portion will be disrupted.${NORM} >/dev/stderr # sleep 20 #fi else wrap Spoof blocking is only available under ipchains and iptables. >/dev/stderr SPOOFBLOCKS="YES" fi ;; [Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]) SPOOFBLOCKS="NO" ;; *) SPOOFBLOCKS="YES" #See above note. #if routesoverlap ; then # SPOOFBLOCKS="NO" #else # SPOOFBLOCKS="YES" #fi ;; esac case $LOGBLOCKS in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|-[Ll]|-[Oo]) LOGBLOCKS="-l" ;; [Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]) LOGBLOCKS="" ;; *) LOGBLOCKS="" ;; esac case $SORTMODE in [Pp][Rr][Oo][Tt][Oo][Cc][Oo][Ll]) SORTMODE="PROTOCOL" ;; [Pp][Aa][Cc][Kk][Ee][Tt][Cc][Oo][Uu][Nn][Tt][Ss]) SORTMODE="PACKETCOUNTS" ;; *) SORTMODE="PROTOCOL" ;; esac case $IPCONV in [Hh][Oo][Ss][Tt][Nn][Aa][Mm][Ee]|[Hh][Oo][Ss][Tt]) IPCONV="HOST" ;; [Nn][Ee][Tt][Ww][Oo][Rr][Kk]|[Nn][Ee][Tt]) IPCONV="NETWORK" ;; [Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]) IPCONV="NONE" ;; #[Cc][Uu][Ss][Tt][Oo][Mm]) IPCONV="CUSTOM" ;; *) IPCONV="NETWORK" ;; esac case $HOSTLOOKUP in [Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]) HOSTLOOKUP="NONE" ;; [Ff][Ii][Ll][Ee][Ss]|[Ff][Ii][Ll][Ee][Ss][Oo][Nn][Ll][Yy]) HOSTLOOKUP="FILESONLY" ;; [Ff][Uu][Ll][Ll]|[Yy][Ee][Ss]) HOSTLOOKUP="FULL" ;; *) HOSTLOOKUP="FULL" ;; esac if ! type -path host >/dev/null 2>/dev/null ; then if [ "$HOSTLOOKUP" = "FULL" ]; then wrap ${WARN}The \"host\" utility is not available for resolving IP addresses into hostnames. Until this is available, Mason will only use /etc/hosts for resolution. This warning can be disabled by setting HOSTLOOKUP=\"FILESONLY\" in /etc/masonrc .${NORM} >/dev/stderr HOSTLOOKUP="FILESONLY" fi fi case $GENERALIZETCPACK in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) GENERALIZETCPACK="YES" ;; [Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]) GENERALIZETCPACK="NO" ;; *) GENERALIZETCPACK="NO" ;; esac case $DYNIFMODE in [Aa][Nn][Yy][Aa][Dd][Dd][Rr][Ee][Ss][Ss]) DYNIFMODE="ANYADDRESS" ;; [Ss][Mm][Aa][Ll][Ll][Ee][Ss][Tt][Rr][Aa][Nn][Gg][Ee]) DYNIFMODE="SMALLESTRANGE" ;; [Ss][Pp][Ee][Cc][Ii][Ff][Ii][Cc][Ii][Pp]) DYNIFMODE="SPECIFICIP" ;; *) DYNIFMODE="SMALLESTRANGE" ;; esac CKPTCHECKCONF=" checkconf: Check networks" ; #ckpt $CKPTCHECKCONF TEMPNETWORKS="$NETWORKS" NETWORKS="" #FIXME - sort with the most specific up top? Ugh. for ONENET in $TEMPNETWORKS ; do case $ONENET in #convert /m netmasks over to /n.n.n.n */[0-9]|*/[1-2][0-9]|*/3[0-2]) ONENET="${ONENET%%/*}/`bits2mask ${ONENET##*/}`" ;; esac case $ONENET in RUNTIME.NETWORKS) for RUNTIMENET in `route -n | grep -v '^127\.' | grep -v '^0\.0\.0\.0' | grep '^[0-9]' | awk '{print $1 "/" $3}' || logfail $LINENO masonlib: YYYY 0019` ; do case $RUNTIMENET in */255.255.255.255|*/255.255.255.254|*/255.255.255.252|*/0.0.0.0) : ;; *) NETWORKS="$NETWORKS ${RUNTIMENET%%/*}-`broadcastof ${RUNTIMENET%%/*} ${RUNTIMENET##*/}`/${RUNTIMENET##*/}" ;; esac done ;; */0.0.0.0|*/0) wrap ${WARN}$ONENET is not a valid network for generalization.${NORM} >/dev/stderr ;; *-*/*) NETWORKS="$NETWORKS $ONENET" ;; */*) NETWORKS="$NETWORKS ${ONENET%%/*}-`broadcastof ${ONENET%%/*} ${ONENET##*/}`/${ONENET##*/}" ;; 0|0.*) NETWORKS="$NETWORKS 0.0.0.0-0.255.255.255/255.0.0.0" ;; 127|127.*) NETWORKS="$NETWORKS 127.0.0.0-127.255.255.255/255.0.0.0" ;; *) ROUTEMASK=`route -n | grep "^$ONENET[[:space:]]" | awk '{print $3}' | uniq || logfail $LINENO masonlib: YYYY 0020` if [ `echo "$ROUTEMASK" | wc -l` -eq 1 ]; then NETWORKS="$NETWORKS $ONENET-`broadcastof $ONENET $ROUTEMASK`/$ROUTEMASK" else wrap ${WARN}Unable to determine the netmask for $ONENET. Please put an entry in the form network-broadcast/netmask in the NETWORKS variable in $MASONCONF .${NORM} >/dev/stderr fi ;; esac done unset TEMPNETWORKS if [ -z "$NETWORKS" ]; then #load the NETWORKS variable with all non-trivial networks in the routing table. for RUNTIMENET in `route -n | grep -v '^127\.' | grep -v '^0\.0\.0\.0' | grep '^[0-9]' | awk '{print $1 "/" $3}' || logfail $LINENO masonlib: YYYY 0021` ; do case $RUNTIMENET in */255.255.255.255|*/255.255.255.254|*/255.255.255.252|*/0.0.0.0) : ;; *) NETWORKS="$NETWORKS ${RUNTIMENET%%/*}-`broadcastof ${RUNTIMENET%%/*} ${RUNTIMENET##*/}`/${RUNTIMENET##*/}" ;; #network-broadcast/netmask esac done fi CKPTCHECKCONF=" checkconf: Check ports" ; #ckpt $CKPTCHECKCONF PORT_MASQ_BEGIN=${PORT_MASQ_BEGIN:-61000} ; PORT_MASQ_END=${PORT_MASQ_END:-65096} TRACEROUTE_BEGIN=${TRACEROUTE_BEGIN:-33434} ; TRACEROUTE_END=${TRACEROUTE_END:-33524} IRC_BEGIN=${IRC_BEGIN:-6666} ; IRC_END=${IRC_END:-6671} MAXDISPLAYS=${MAXDISPLAYS:-6} X_BEGIN=${X_BEGIN:-6000} ; X_END=${X_END:-$[ $X_BEGIN + $MAXDISPLAYS -1 ]} OPENWIN_BEGIN=${OPENWIN_BEGIN:-2000} ; OPENWIN_END=${OPENWIN_END:-$[ $OPENWIN_BEGIN + $MAXDISPLAYS -1 ]} VNCJAVA_BEGIN=${VNCJAVA_BEGIN:-5800} ; VNCJAVA_END=${VNCJAVA_END:-$[ $VNCJAVA_BEGIN + $MAXDISPLAYS -1 ]} VNC_BEGIN=${VNC_BEGIN:-5900} ; VNC_END=${VNC_END:-$[ $VNC_BEGIN + $MAXDISPLAYS -1 ]} CKPTCHECKCONF=" checkconf: Check minmark" ; #ckpt $CKPTCHECKCONF #FIXME - do this for iptables once iptables supports mark values. if [ -n "$MINMARK" ] && [ -f /proc/net/ip_fwchains ]; then MINMARK=$[ $MINMARK ] #Or should we use `echo $MINMARK | tr -d -c '[0-9]\n'` ? for ONEMARK in `ipchains -L -n -x -v | cut -b 66-75 - | grep '0x' || :` ; do #Formerly YYYY 0022 if [ $MINMARK -le $[ $ONEMARK ] ]; then MINMARK=$[ $ONEMARK + 1 ] ; fi done fi #Remove duplicates CKPTCHECKCONF=" checkconf: Remove dups" ; #ckpt $CKPTCHECKCONF if [ -n "$SSP" ]; then SSP=`echo "$SSP" | tr ' ' '\012' | sort | uniq || logfail $LINENO masonlib: YYYY 0023` ; fi if [ -n "$SCP" ]; then SCP=`echo "$SCP" | tr ' ' '\012' | sort | uniq || logfail $LINENO masonlib: YYYY 0024` ; fi if [ -n "$BLOCKEDHOSTS" ]; then BLOCKEDHOSTS=`echo "$BLOCKEDHOSTS" | tr ' ' '\012' | sort | uniq || logfail $LINENO masonlib: YYYY 0025` ; fi if [ -n "$DYNIF" ]; then DYNIF=`echo "$DYNIF" | tr ' ' '\012' | sort | uniq || logfail $LINENO masonlib: YYYY 0026` ; fi if [ -n "$NOINCOMING" ]; then NOINCOMING=`echo "$NOINCOMING" | tr ' ' '\012' | sort | uniq || logfail $LINENO masonlib: YYYY 0027` ; fi if [ -n "$NOOUTGOING" ]; then NOOUTGOING=`echo "$NOOUTGOING" | tr ' ' '\012' | sort | uniq || logfail $LINENO masonlib: YYYY 0028` ; fi if [ -n "$POISONPROTOCOLS" ]; then POISONPROTOCOLS=`echo "$POISONPROTOCOLS" | tr ' ' '\012' | sort | uniq || logfail $LINENO masonlib: YYYY 0029` ; fi #We can't dedupe this because we need the most specific nets first; a "sort" may destroy this order. #if [ -n "$NETWORKS" ]; then NETWORKS=`echo "$NETWORKS" | tr ' ' '\012' | sort | uniq || logfail $LINENO masonlib: YYYY 0030` ; fi LOWSSHPORT=${LOWSSHPORT:-"1010"} CKPTCHECKCONF=" checkconf: Check editor" ; #ckpt $CKPTCHECKCONF if [ -z "$EDITOR" ]; then for TRYEDITOR in `type -path mcedit || :` `type -path pico || :` `type -path vi || :` `type -path jove || :` `type -path nedit || :` `type -path emacs || :` ; do if [ -z "$EDITOR" ]; then EDITOR=$TRYEDITOR wrap Editor default of $EDITOR taken. >/dev/stderr fi done unset TRYEDITOR || : if [ -z "$EDITOR" ]; then wrap ${WARN}No editor was specified by the EDITOR= variable and this script was unable to find mcedit, pico, vi, jove, nedit or emacs on your system. Please set EDITOR=the_name_of_an_editor in $MASONCONF or your environment and re-start.${NORM} >/dev/stderr sleep 15 fi #no suitable editor found fi if [ "$ECHOCOMMAND" = "cisco" ]; then SINGLEMACHSPEC=" 0.0.0.0" ; CMNT='!' else SINGLEMACHSPEC="/32" ; CMNT="#" fi CKPTCHECKCONF="" } #End of checkconf #------------------------------------------------------------------------- # checksys procedure. Perform some basic checks on the system. #------------------------------------------------------------------------- checksys () { CKPTCHECKSYS=" checksys: Start" ; #ckpt $CKPTCHECKSYS if [ ! -d /proc/1 ]; then wrap ${WARN}WARNING! Proc filesystem not supported or not mounted. Please fix and restart.${NORM} >/dev/stderr sleep 10 exit 0 fi if [ ! -f /proc/net/ip_fwchains ] && [ ! -f /proc/net/ip_input ] && [ -z "`lsmod | grep '^ip_tables '`" ]; then wrap ${WARN}This kernel does not support ipchains, ipfwadm or iptables!${NORM} >/dev/stderr #DOCOMMAND="none" #Should we force to none? fi #A misconstructed path will probably make the checks for basic utils and path fail; make sure the big 4 are in for these tests. PREMASONPATH="$PATH" PATH="/sbin:/usr/sbin:/bin:/usr/bin:$PATH" MISSINGUTILS="" #I don't test for rm (it's an alias on rh), shell builtins, or ipfwadm, ipchains, iptables or host (we test for them later). #LSB compliant distributions provide all of the following except: bash(but sh is required), ifconfig, and route (ps?). is lsmod in LSB? #FIXME - fall back on "ip route", etc.? for ONEUTIL in awk bash cat chmod cut grep head ifconfig lsmod mkdir ps route sed sleep sort tail touch tr uniq wc ; do if ! type -path $ONEUTIL >/dev/null 2>/dev/null ; then MISSINGUTILS="$MISSINGUTILS $ONEUTIL" fi done if [ -n "$MISSINGUTILS" ]; then wrap ${WARN}The following tool/tools do not appear to be available on this system:${NORM} >/dev/stderr wrap $MISSINGUTILS >/dev/stderr wrap ${NORM}You should try to get these before continuing. Press Ctrl-C to fix this, or wait 10 seconds if you want to try continuing anyways - cross your fingers.${NORM} >/dev/stderr sleep 10 fi #Now add in the main 4 bin/sbin path elements if missing. for ONEPATH in `set | grep '^PATH=' | sed -e 's/^PATH=/ /' -e 's/:/ /g' || logfail $LINENO masonlib: YYYY 0031` ; do if [ "$ONEPATH" = "/bin" ]; then BINOK="YES" ; fi if [ "$ONEPATH" = "/sbin" ]; then SBINOK="YES" ; fi if [ "$ONEPATH" = "/usr/bin" ]; then USRBINOK="YES" ; fi if [ "$ONEPATH" = "/usr/sbin" ]; then USRSBINOK="YES" ; fi done PATH=$PREMASONPATH ; unset PREMASONPATH MISSINGPATH="" if [ "$USRBINOK" != "YES" ]; then MISSINGPATH="/usr/bin:$MISSINGPATH" ; fi if [ "$BINOK" != "YES" ]; then MISSINGPATH="/bin:$MISSINGPATH" ; fi if [ "$USRSBINOK" != "YES" ]; then MISSINGPATH="/usr/sbin:$MISSINGPATH" ; fi if [ "$SBINOK" != "YES" ]; then MISSINGPATH="/sbin:$MISSINGPATH" ; fi if [ -n "$MISSINGPATH" ]; then export PATH="$MISSINGPATH$PATH" wrap ${WARN}Note: The following directory/directories was/were not included in your PATH variable: \"$MISSINGPATH\"${NORM} >/dev/stderr fi unset MISSINGPATH #Keep track of all IP's in use every time this is run. for ONEIF in `ifconfig | grep 'Link encap' | awk '{print $1}' || logfail $LINENO masonlib: YYYY 0032` ; do NEWIP=`ipof $ONEIF || logfail $LINENO masonlib: YYYY 0033` if [ ! -f $MASONDIR$ONEIF-ips ]; then touch $MASONDIR$ONEIF-ips ; fi if [ -z "`cat $MASONDIR$ONEIF-ips | grep ^$NEWIP\$`" ]; then if [ -z "$MASONDIR" ]; then wrap ${WARN}Warning - MASONDIR unset in masonlib in checksys.${NORM} >/dev/stderr fi echo $NEWIP >>$MASONDIR$ONEIF-ips fi done #FIXME - add iptables CKPTCHECKSYS=" checksys: Create logchains" ; #ckpt $CKPTCHECKSYS if [ "$DOCOMMAND" = "ipchains" ]; then if [ ! -f /proc/net/ip_fwchains ]; then wrap ${WARN}WARNING! User has requested ipchains, but it appears to be unavailable. Proceeding, but this is not likely to work.${NORM} >/dev/stderr sleep 10 fi if [ ! -x "$IPCHAINSBIN" ]; then wrap ${WARN}WARNING! User has requested ipchains, but $IPCHAINSBIN is not executable. Proceeding, but this is not likely to work.${NORM} >/dev/stderr sleep 10 fi if [ -n "$NOLOGSUFFIX" ]; then for ONECHAIN in `chainnameof input` `chainnameof output` `chainnameof forward` ; do #Was `$IPCHAINSBIN -L -n | grep '^Chain ' | awk '{print $2}'` #case $ONECHAIN in #*$NOLOGSUFFIX) : ;; #*) # For each chain (except for the nolog chains themselves) check that a corresponding nolog chain exists. #Do not use -n - it does not work for this. if ! $IPCHAINSBIN -L $ONECHAIN$NOLOGSUFFIX >/dev/null 2>/dev/null ; then #If nolog chain does not exist #LOGCHAINSEXIST="no" #In the process of being removed; just placing NOLOGSUFFIX="" below is all that's needed. #REMOVEME NOLOGSUFFIX="" wrap ${WARN}The $ONECHAIN chain exists without a corresponding $ONECHAIN$NOLOGSUFFIX chain. For the moment, the \"nolog\" feature will revert to sticking the rules at the top of the original chain.${NORM} >/dev/stderr fi # ;; #esac done #if [ "$LOGCHAINSEXIST" = "no" ]; then NOLOGSUFFIX="" ; fi #In the process of being removed. #REMOVEME fi fi CKPTCHECKSYS=" checksys: Check promisc" ; #ckpt $CKPTCHECKSYS if [ -n "`ifconfig | grep MTU | grep PROMISC`" ]; then wrap ${WARN}Warning: at least one of your interfaces is in promiscuous mode. You are likely to create a lot of rules you did not want. Unless you know this is what you want, you should turn off promiscuous mode on all interfaces. Press Ctrl-c now or this will continue in 15 seconds.${NORM} >/dev/stderr sleep 15 fi CKPTCHECKSYS="" } #End of checksys #------------------------------------------------------------------------- # ckpt (checkpoint) procedure. Logs where we are in Mason in case bash # kills us so we can know where to look for a command with a non-zero # return value. I had hoped to use #trap "echo $LINENO" 0 # but this seems to return the line on which the trap command is placed, # not the line being executed when we exit. # This is only intended for use by developers. #------------------------------------------------------------------------- ckpt () { if [ -f ${MASONDIR}ckpt ]; then echo $* >>${MASONDIR}ckpt ; fi #echo $* >/dev/stderr } #End of ckpt #------------------------------------------------------------------------- # clientportrange function, returns the individual port or range of # ports for the given client port, server port, and protocol parameters. #------------------------------------------------------------------------- clientportrange () { #SUDO checked #I don't make an exception for auth=113/tcp here as we'd never hit this function with a "client" port in /etc/services. CLIENTPORT="$1" ; SERVERPORT="$2" ; PRPROTO="$3" ; ACKFLAG="$4" CPRRETVAL="1024:65535" CKPTCLIENTPORTRANGE=" clientportrange: client $1 server $2 proto $3 ack $4" ; #ckpt $CKPTCLIENTPORTRANGE if [ "$ACKFLAG" = "-k" ]; then ACKFLAG="! -y" ; fi if [ -n "$1" ] && isdigits "$1" ; then #Please use caution if you're trying to group these together! if [ "$GENERALIZETCPACK" = "YES" ] && [ "$PRPROTO" = "tcp" ] && [ "$ACKFLAG" = "! -y" ] && [ "$UCPOLICY" = "ACCEPT" ] && [ $CLIENTPORT -le 1023 ]; then CPRRETVAL="0:1023" elif [ "$GENERALIZETCPACK" = "YES" ] && [ "$PRPROTO" = "tcp" ] && [ "$ACKFLAG" = "! -y" ] && [ "$UCPOLICY" = "MASQ" ] && [ $CLIENTPORT -le 1023 ]; then CPRRETVAL="0:1023" elif [ "$GENERALIZETCPACK" = "YES" ] && [ "$PRPROTO" = "tcp" ] && [ "$ACKFLAG" = "! -y" ] && [ "$UCPOLICY" = "ACCEPT" ] && [ $CLIENTPORT -ge "$PORT_MASQ_BEGIN" ] && [ $CLIENTPORT -le "$PORT_MASQ_END" ]; then CPRRETVAL="$PORT_MASQ_BEGIN:$PORT_MASQ_END" elif [ "$GENERALIZETCPACK" = "YES" ] && [ "$PRPROTO" = "tcp" ] && [ "$ACKFLAG" = "! -y" ] && [ "$UCPOLICY" = "MASQ" ] && [ $CLIENTPORT -ge "$PORT_MASQ_BEGIN" ] && [ $CLIENTPORT -le "$PORT_MASQ_END" ]; then CPRRETVAL="$PORT_MASQ_BEGIN:$PORT_MASQ_END" elif [ "$GENERALIZETCPACK" = "YES" ] && [ "$PRPROTO" = "tcp" ] && [ "$ACKFLAG" = "! -y" ] && [ "$UCPOLICY" = "ACCEPT" ] && [ $CLIENTPORT -ge "1024" ]; then CPRRETVAL="1024:65535" elif [ "$GENERALIZETCPACK" = "YES" ] && [ "$PRPROTO" = "tcp" ] && [ "$ACKFLAG" = "! -y" ] && [ "$UCPOLICY" = "MASQ" ] && [ $CLIENTPORT -ge "1024" ]; then CPRRETVAL="1024:65535" elif [ $CLIENTPORT -ge $PORT_MASQ_BEGIN ] && [ $CLIENTPORT -le $PORT_MASQ_END ]; then CPRRETVAL="$PORT_MASQ_BEGIN:$PORT_MASQ_END" elif [ "$PRPROTO" = "udp" ] && [ $CLIENTPORT -ge $TRACEROUTE_BEGIN ] && [ $CLIENTPORT -le $TRACEROUTE_END ] ; then CPRRETVAL="$TRACEROUTE_BEGIN:$TRACEROUTE_END" elif [ -n "$SERVERPORT" ] && isdigits "$SERVERPORT" && [ $SERVERPORT -ge $TRACEROUTE_BEGIN ] && [ $SERVERPORT -le $TRACEROUTE_END ] && [ "$PRPROTO" = "udp" ]; then if [ $CLIENTPORT -ge 32768 ]; then CPRRETVAL="32768:65535" ; fi #According to the traceroute 1.4a5 source, the source port for a udp traceroute is set to the pid #with the high bit set. This translates into 32768-65535; remember, the pid could be 32768. elif [ -n "$SERVERPORT" ] && isdigits "$SERVERPORT" && [ "$PRPROTO" = "udp" ] && [ $SERVERPORT -ge 6770 ] && [ $SERVERPORT -le 7170 ]; then #RealAudio if [ $CLIENTPORT -ge 6970 ] && [ $CLIENTPORT -le 7170 ]; then CPRRETVAL="6970:7170" elif [ $CLIENTPORT -ge 6770 ] && [ $CLIENTPORT -le 7170 ]; then CPRRETVAL="6770:7170" fi else case "$SERVERPORT/$PRPROTO" in 22/[Tt][Cc][Pp]|[Ss][Ss][Hh]/[Tt][Cc][Pp]) if [ $CLIENTPORT -le 1023 ]; then while [ "$CLIENTPORT" -lt "$LOWSSHPORT" ]; do LOWSSHPORT=$[ $LOWSSHPORT - 10 ] done CPRRETVAL="$LOWSSHPORT:1023" fi ;; #Some nat boxes replace the client port with a port below 1023 on a dns lookup. Ugh. #FIXME - do we need to do this for tcp too? 53/[Uu][Dd][Pp]|[Dd][Oo][Mm][Aa][Ii][Nn]/[Uu][Dd][Pp]|[Nn][Aa][Mm][Ee][Ss][Ee][Rr][Vv][Ee][Rr]/[Uu][Dd][Pp]) if [ $CLIENTPORT -eq 53 ]; then CPRRETVAL="53" elif [ $CLIENTPORT -ge 20 ] && [ $CLIENTPORT -le 1023 ]; then CPRRETVAL="20:1023" elif [ $CLIENTPORT -le 1023 ]; then #We're down into the chargen/echo range. Ugh. CPRRETVAL="$CLIENTPORT" fi ;; 111/[Tt][Cc][Pp]|sunrpc/[Tt][Cc][Pp]|rpcbind/[Tt][Cc][Pp]|111/[Uu][Dd][Pp]|sunrpc/[Uu][Dd][Pp]|rpcbind/[Tt][Cc][Pp]|635/[Tt][Cc][Pp]|mount/[Tt][Cc][Pp]|635/[Uu][Dd][Pp]|mount/[Uu][Dd][Pp]|2049/[Uu][Dd][Pp]|nfs/[Uu][Dd][Pp]) #sunrpc/tcp: 600-1014 viewed with rpcinfo client, sunrpc/udp: 600-1022 viewed with nfs mount and unmount #mount/tcp: 605-1022 viewed with nfs mount and unmount, mount/udp: 601-1022 viewed with nfs mount and unmount #nfs/udp: 610-1014 and nfs viewed if [ $CLIENTPORT -le 1023 ]; then if [ $CLIENTPORT -ge 600 ]; then CPRRETVAL="600:1023" else CPRRETVAL="$CLIENTPORT" fi fi ;; 2049/[Tt][Cc][Pp]|nfs/[Tt][Cc][Pp]) #Starts at 800 and works its way down, may reuse ports? #Probably do a min port like ssh. For the moment, use 760 to 800 if [ $CLIENTPORT -le 1023 ]; then if [ $CLIENTPORT -ge 760 ] && [ $CLIENTPORT -le 800 ]; then CPRRETVAL="760:800" else CPRRETVAL="$CLIENTPORT" fi fi ;; *) if [ $CLIENTPORT -le 1023 ]; then CPRRETVAL="$CLIENTPORT" ; fi ;; esac fi fi echo $CPRRETVAL CKPTCLIENTPORTRANGE="" } #End of clientportrange #------------------------------------------------------------------------- # convicmpcode procedure. Take the icmp (code $1 and subcode $2) parameters # and set COMMENT. In the future, return a readable icmp code name? #------------------------------------------------------------------------- convicmpcode () { #SUDO checked case "$1/$2" in 0/*|echo-reply/*|pong/*) COMMENT="$CMNT Echo reply/icmp ($DIRLETTER)" ;; 3/0|network-unreachable/*) COMMENT="$CMNT Net Unreach/icmp ($DIRLETTER)" ;; 3/1|host-unreachable/*) COMMENT="$CMNT Host Unreach/icmp ($DIRLETTER)" ;; 3/2|protocol-unreachable/*) COMMENT="$CMNT Protocol Unreach/icmp ($DIRLETTER)" ;; 3/3|port-unreachable/*) COMMENT="$CMNT Port Unreach/icmp ($DIRLETTER)" ;; 3/4|fragmentation-needed/*) COMMENT="$CMNT Frag Needed and DF Set/icmp ($DIRLETTER)" ;; 3/5|source-route-failed/*) COMMENT="$CMNT Source Route Failed/icmp ($DIRLETTER)" ;; 3/6|network-unknown/*) COMMENT="$CMNT Dest Net Unknown/icmp ($DIRLETTER)" ;; 3/7|host-unknown/*) COMMENT="$CMNT Dest Host Unknown/icmp ($DIRLETTER)" ;; 3/8) COMMENT="$CMNT Source Host Isolated/icmp ($DIRLETTER)" ;; 3/9|network-prohibited/*) COMMENT="$CMNT Comm with Dest Net Admin Prohib/icmp ($DIRLETTER)" ;; 3/10|host-prohibited/*) COMMENT="$CMNT Comm with Dest Host Admin Prohib/icmp ($DIRLETTER)" ;; 3/11|TOS-network-unreachable/*) COMMENT="$CMNT Dest Net Unreach for TOS/icmp ($DIRLETTER)" ;; 3/12|TOS-host-unreachable/*) COMMENT="$CMNT Dest Host Unreach for TOS/icmp ($DIRLETTER)" ;; 3/13|communication-prohibited/*) COMMENT="$CMNT Comm Admin Prohib/icmp ($DIRLETTER)" ;; 3/14|host-precedence-violation/*) COMMENT="$CMNT Host Precedence Violation/icmp ($DIRLETTER)" ;; 3/15|precedence-cutoff/*) COMMENT="$CMNT Precedence cutoff in effect/icmp ($DIRLETTER)" ;; 3/*|destination-unreachable) COMMENT="$CMNT Dest Unreach/icmp ($DIRLETTER)" ;; 4/*|source-quench/*) COMMENT="$CMNT Source Quench/icmp ($DIRLETTER)" ;; 5/0|network-redirect/*) COMMENT="$CMNT Redir Datagram for (sub)Net/icmp ($DIRLETTER)" ;; 5/1|host-redirect/*) COMMENT="$CMNT Redir Datagram for Host/icmp ($DIRLETTER)" ;; 5/2|TOS-network-redirect/*) COMMENT="$CMNT Redir Datagram for TOS and Net/icmp ($DIRLETTER)" ;; 5/3|TOS-host-redirect/*) COMMENT="$CMNT Redir Datagram for TOS and Host/icmp ($DIRLETTER)" ;; 5/*|redirect/*) COMMENT="$CMNT Redirect/icmp ($DIRLETTER)" ;; 6/*) COMMENT="$CMNT Alt host address/icmp ($DIRLETTER)" ;; 8/*|echo-request/*|ping/*) COMMENT="$CMNT Echo req/icmp ($DIRLETTER)" ;; 9/*|router-advertisement/*) COMMENT="$CMNT Router Advertisement/icmp ($DIRLETTER)" ;; 10/*|router-solicitation/*) COMMENT="$CMNT Router Selection/icmp ($DIRLETTER)" ;; 11/0|ttl-zero-during-transit/*) COMMENT="$CMNT TTL exceeded in Transit/icmp ($DIRLETTER)" ;; 11/1|ttl-zero-during-reassembly/*) COMMENT="$CMNT Frag Reassembly Time Exceeded/icmp ($DIRLETTER)" ;; 11/*|time-exceeded/*|ttl-exceeded/*) COMMENT="$CMNT Time exceeded/icmp ($DIRLETTER)" ;; #FIXME is ip-header-bad a 12/0 (prob) or 12/2? 12/0) COMMENT="$CMNT Pointer indicates error/icmp ($DIRLETTER)" ;; 12/1|required-option-missing/*) COMMENT="$CMNT Missing Required Option/icmp ($DIRLETTER)" ;; 12/2) COMMENT="$CMNT Bad Length/icmp ($DIRLETTER)" ;; 12/*|parameter-problem/*) COMMENT="$CMNT Parameter prob/icmp ($DIRLETTER)" ;; 13/*|timestamp-request/*) COMMENT="$CMNT Timestamp req/icmp ($DIRLETTER)" ;; 14/*|timestamp-reply/*) COMMENT="$CMNT Timestamp reply/icmp ($DIRLETTER)" ;; 15/*) COMMENT="$CMNT Info req/icmp ($DIRLETTER)" ;; 16/*) COMMENT="$CMNT Info reply/icmp ($DIRLETTER)" ;; 17/*|address-mask-request/*) COMMENT="$CMNT Addr Mask req/icmp ($DIRLETTER)" ;; 18/*|address-mask-reply/*) COMMENT="$CMNT Addr Mask reply/icmp ($DIRLETTER)" ;; 30/*) COMMENT="$CMNT Traceroute/icmp ($DIRLETTER)" ;; 31/*) COMMENT="$CMNT Datagram Conv Err/icmp ($DIRLETTER)" ;; 32/*) COMMENT="$CMNT Mobile Host Redir/icmp ($DIRLETTER)" ;; 33/*) COMMENT="$CMNT IPv6 Where-Are-You/icmp ($DIRLETTER)" ;; 34/*) COMMENT="$CMNT IPv6 I-Am-Here/icmp ($DIRLETTER)" ;; 35/*) COMMENT="$CMNT Mobile Registration Req/icmp ($DIRLETTER)" ;; 36/*) COMMENT="$CMNT Mobile Registration Reply/icmp ($DIRLETTER)" ;; 37/*) COMMENT="$CMNT Domain Name Request/icmp ($DIRLETTER)" ;; 38/*) COMMENT="$CMNT Domain Name Reply/icmp ($DIRLETTER)" ;; 39/*) COMMENT="$CMNT SKIP/icmp ($DIRLETTER)" ;; 40/1) COMMENT="$CMNT Photuris unknown SPI/icmp ($DIRLETTER)" ;; 40/2) COMMENT="$CMNT Photuris auth fail/icmp ($DIRLETTER)" ;; 40/3) COMMENT="$CMNT Photuris decrypt fail/icmp ($DIRLETTER)" ;; 40/*) COMMENT="$CMNT Photuris/icmp ($DIRLETTER)" ;; #FIXME - include source and dest IPs for the following? *) COMMENT="$CMNT unknown-$SRCPORT/icmp ($DIRLETTER)" ;; esac } #End of convicmpcode #------------------------------------------------------------------------- # delcounts procedure, deletes the packet counts from the rules in a file. #------------------------------------------------------------------------- delcounts () { #Params: $1 is the filespec for the files that need counts removed. CKPTDELCOUNTS=" delcounts: Start $1" ; #ckpt $CKPTDELCOUNTS for ONEFILE in $1 ; do sed -e 's/[[:space:]]*#\^[[:space:]][0-9]*//' -e 's/[[:space:]]*$//' $ONEFILE >$ONEFILE.temp || logfail $LINENO masonlib: YYYY 0034 cat $ONEFILE.temp >$ONEFILE || logfail $LINENO masonlib: YYYY 0035 rm -f $ONEFILE.temp || logfail $LINENO masonlib: YYYY 0036 done CKPTDELCOUNTS="" } #End of delcounts #------------------------------------------------------------------------- # dorule procedure, adds, inserts, or deletes a rule to/from the running firewall. #------------------------------------------------------------------------- dorule () { #Remember positional parameters >=10 need to be in braces. #Parameters - order is important! : #1. action: AaIiDdFfNnPp (required) (F and N only use $2=chain, P uses $2=chain and ${12}=target) #2. chain or direction (required) #3. interface, or incoming interface for iptables. (optional) #4. null, or outgoing interface for iptables. (optional) #5. protocol lowercase name or number (optional) #6. source address (optional) #7. source port (optional) #8. dest ip (optional) #9. dest port (optional) #10. mark value (optional) #11. ack/syn (optional) #12. target/action (required - or is it? "Accounting" rules?) #13. TOS string (optional, enclose in quotes) #14. log rule (non-null means log, null means don't) #15. special iptables match string (optional) (future: or just additional stuff) #FIXME - specifically check for return code and at least log problems. #FIXME - log anomilies in input parameters. #dorule "AID" "chaindir" "inif" "outif" "proto" "sip" "sport" "dip" "dport" "mark" "synack" "action" "tos" "log" "matchorstuff" #dorule "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" #REMOVEME - DEBUG #echo 1 $1 2 $2 3 $3 4 $4 5 $5 6 $6 7 $7 8 $8 9 $9 10 ${10} 11 ${11} 12 ${12} 13 ${13} 14 ${14} 15 ${15} >>${MASONDIR}masoncrash if [ -d ${MASONDIR}debug ]; then #Internal debugging echo $1 >>${MASONDIR}debug/1 echo $2 >>${MASONDIR}debug/2 echo $3 >>${MASONDIR}debug/3 echo $4 >>${MASONDIR}debug/4 echo $5 >>${MASONDIR}debug/5 echo $6 >>${MASONDIR}debug/6 echo $7 >>${MASONDIR}debug/7 echo $8 >>${MASONDIR}debug/8 echo $9 >>${MASONDIR}debug/9 echo ${10} >>${MASONDIR}debug/10 echo ${11} >>${MASONDIR}debug/11 echo ${12} >>${MASONDIR}debug/12 echo ${13} >>${MASONDIR}debug/13 echo ${14} >>${MASONDIR}debug/14 echo ${15} >>${MASONDIR}debug/15 fi unset CHAINTARGET || : case $DOCOMMAND in #FIXME drop, reject, masq, redirect, return, specific_chain, queue, LOG and other module specific targets? #FIXME - _each_ of the input targets has to be handled in each of the firewall types. [Ii][Pp][Ff][Ww][Aa][Dd][Mm]) #Valid targets: accept, deny, reject, "accept -m", "-r port" case ${12} in [Aa][Cc][Cc][Ee][Pp][Tt]) CHAINTARGET="accept" ;; [Rr][Ee][Jj][Ee][Cc][Tt]) CHAINTARGET="reject" ;; [Dd][Ee][Nn][Yy]|[Dd][Rr][Oo][Pp]) CHAINTARGET="deny" ;; #FIXME - Handle case of $12=INPUTN or other. esac ;; [Ii][Pp][Cc][Hh][Aa][Ii][Nn][Ss]) #Valid targets: ACCEPT, DENY, REJECT, MASQ, REDIRECT, "REDIRECT 0", "REDIRECT port", RETURN, user chains, none at all. case ${12} in [Aa][Cc][Cc][Ee][Pp][Tt]) CHAINTARGET="ACCEPT" ;; [Rr][Ee][Jj][Ee][Cc][Tt]) CHAINTARGET="REJECT" ;; [Dd][Ee][Nn][Yy]|[Dd][Rr][Oo][Pp]) CHAINTARGET="DENY" ;; [Rr][Ee][Tt][Uu][Rr][Nn]) CHAINTARGET="RETURN" ;; esac ;; [Ii][Pp][Tt][Aa][Bb][Ll][Ee][Ss]) #Valid targets: ACCEPT, DROP, QUEUE, RETURN, LOG, none at all. case ${12} in [Aa][Cc][Cc][Ee][Pp][Tt]) CHAINTARGET="ACCEPT" ;; [Rr][Ee][Jj][Ee][Cc][Tt]) CHAINTARGET="REJECT" ;; [Dd][Ee][Nn][Yy]|[Dd][Rr][Oo][Pp]) CHAINTARGET="DROP" ;; [Rr][Ee][Tt][Uu][Rr][Nn]) CHAINTARGET="RETURN" ;; [Ll][Oo][Gg]) CHAINTARGET="LOG" ;; #FIXME - Temporary crutches NoSpoof) CHAINTARGET="NoSpoof" ;; INPUTN) CHAINTARGET="INPUTN" ;; OUTPUTN) CHAINTARGET="OUTPUTN" ;; FORWARDN) CHAINTARGET="FORWARDN" ;; esac ;; [Nn][Oo][Nn][Ee]) : ;; esac #Case docommand case $1 in [Ff]*) case $DOCOMMAND in [Ii][Pp][Ff][Ww][Aa][Dd][Mm]) $IPFWADMBIN `chainnameof $2` -f || logfail $LINENO masonlib: YYYY 0138 ;; [Ii][Pp][Cc][Hh][Aa][Ii][Nn][Ss]) $IPCHAINSBIN -F `chainnameof $2` || logfail $LINENO masonlib: YYYY 0139 ;; [Ii][Pp][Tt][Aa][Bb][Ll][Ee][Ss]) $IPTABLESBIN -F `chainnameof $2` || logfail $LINENO masonlib: YYYY 0140 ;; [Nn][Oo][Nn][Ee]) : ;; esac ;; #Case docommand [Nn]*) case $DOCOMMAND in [Ii][Pp][Ff][Ww][Aa][Dd][Mm]) : ;; #Not possible [Ii][Pp][Cc][Hh][Aa][Ii][Nn][Ss]) $IPCHAINSBIN -N `chainnameof $2` || logfail $LINENO masonlib: YYYY 0141 ;; [Ii][Pp][Tt][Aa][Bb][Ll][Ee][Ss]) $IPTABLESBIN -N `chainnameof $2` || logfail $LINENO masonlib: YYYY 0142 ;; [Nn][Oo][Nn][Ee]) : ;; esac ;; #Case docommand [Pp]*) case $DOCOMMAND in [Ii][Pp][Ff][Ww][Aa][Dd][Mm]) $IPFWADMBIN `chainnameof $2` -p $CHAINTARGET || logfail $LINENO masonlib: YYYY 0143 ;; [Ii][Pp][Cc][Hh][Aa][Ii][Nn][Ss]) $IPCHAINSBIN -P `chainnameof $2` $CHAINTARGET || logfail $LINENO masonlib: YYYY 0144 ;; [Ii][Pp][Tt][Aa][Bb][Ll][Ee][Ss]) $IPTABLESBIN -P `chainnameof $2` $CHAINTARGET || logfail $LINENO masonlib: YYYY 0145 ;; [Nn][Oo][Nn][Ee]) : ;; esac ;; #Case docommand *) case $DOCOMMAND in [Ii][Pp][Ff][Ww][Aa][Dd][Mm]) #FIXME - handle insert if ipfwadm case case $1 in [Aa]*) BUILDRULE="$IPFWADMBIN -a" ;; [Ii]*) BUILDRULE="$IPFWADMBIN -i" ;; [Dd]*) BUILDRULE="$IPFWADMBIN -d" ;; esac BUILDRULE="$BUILDRULE $CHAINTARGET" if [ -n "$3$4" ]; then BUILDRULE="$BUILDRULE -W $3$4" ; fi BUILDRULE="$BUILDRULE `chainnameof $2`" if [ -n "$5" ]; then BUILDRULE="$BUILDRULE -P $5" ; fi if [ -n "$6" ]; then BUILDRULE="$BUILDRULE -S $6 $7" ; else BUILDRULE="$BUILDRULE -S 0/0 $7" ; fi case $5 in #drop icmp subcode in dest port for ipfwadm. [Ii][Cc][Mm][Pp]) if [ -n "$8" ]; then BUILDRULE="$BUILDRULE -D $8" ; fi ;; *) if [ -n "$8" ]; then BUILDRULE="$BUILDRULE -D $8 $9" ; else BUILDRULE="$BUILDRULE -D 0/0 $9" ; fi ;; esac case "${11}" in "-y"|"! -k"|"--syn") BUILDRULE="$BUILDRULE -y" ;; "! -y"|"-k"|"! --syn") BUILDRULE="$BUILDRULE -k" ;; esac if [ -n "${13}" ]; then BUILDRULE="$BUILDRULE -t ${13}" ; fi if [ -n "${14}" ]; then BUILDRULE="$BUILDRULE -o" ; fi eval "$BUILDRULE" || logfail $LINENO masonlib: YYYY 0146 ;; [Ii][Pp][Cc][Hh][Aa][Ii][Nn][Ss]) case $1 in [Aa]*) BUILDRULE="$IPCHAINSBIN -A `chainnameof $2`" ;; [Ii]*) BUILDRULE="$IPCHAINSBIN -I `chainnameof $2` 1" ;; [Dd]*) BUILDRULE="$IPCHAINSBIN -D `chainnameof $2`" ;; esac if [ -n "$3$4" ]; then BUILDRULE="$BUILDRULE -i $3$4" ; fi if [ -n "$5" ]; then BUILDRULE="$BUILDRULE -p $5" ; fi if [ -n "$6$7" ]; then #If either has content if [ -n "$6" ]; then BUILDRULE="$BUILDRULE -s $6 $7" ; else BUILDRULE="$BUILDRULE --sport $7" ; fi fi if [ -n "$8$9" ]; then if [ -n "$8" ]; then BUILDRULE="$BUILDRULE -d $8 $9" ; else BUILDRULE="$BUILDRULE --dport $9" ; fi fi if [ -n "${10}" ]; then BUILDRULE="$BUILDRULE -m ${10}" ; fi case "${11}" in "-y"|"! -k"|"--syn") BUILDRULE="$BUILDRULE -y" ;; "! -y"|"-k"|"! --syn") BUILDRULE="$BUILDRULE ! -y" ;; esac if [ -n "$CHAINTARGET" ]; then BUILDRULE="$BUILDRULE -j $CHAINTARGET" ; fi if [ -n "${13}" ]; then BUILDRULE="$BUILDRULE -t ${13}" ; fi if [ -n "${14}" ]; then BUILDRULE="$BUILDRULE -l" ; fi eval "$BUILDRULE" || logfail $LINENO masonlib: YYYY 0147 ;; [Ii][Pp][Tt][Aa][Bb][Ll][Ee][Ss]) #FIXME - Check for missing $2? case $1 in [Aa]*) BUILDRULE="$IPTABLESBIN -A `chainnameof $2`" ;; [Ii]*) BUILDRULE="$IPTABLESBIN -I `chainnameof $2` 1" ;; [Dd]*) BUILDRULE="$IPTABLESBIN -D `chainnameof $2`" ;; esac if [ -n "$3" ]; then BUILDRULE="$BUILDRULE -i $3" ; fi if [ -n "$4" ]; then BUILDRULE="$BUILDRULE -o $4" ; fi if [ -n "$5" ]; then BUILDRULE="$BUILDRULE -p $5" ; fi if [ -n "$6" ]; then BUILDRULE="$BUILDRULE -s $6" ; fi if [ -n "$8" ]; then BUILDRULE="$BUILDRULE -d $8" ; fi case $5 in [Ii][Cc][Mm][Pp]) if [ -n "$7" ]; then BUILDRULE="$BUILDRULE --icmp-type $7" if [ -n "$9" ]; then BUILDRULE="$BUILDRULE/$9" ; fi fi ;; *) if [ -n "$7" ]; then BUILDRULE="$BUILDRULE --sport $7" ; fi if [ -n "$9" ]; then BUILDRULE="$BUILDRULE --dport $9" ; fi ;; esac #if [ -n "${10}" ]; then BUILDRULE="$BUILDRULE -m ${10}" ; fi #FIXME - mark values later? case "${11}" in "-y"|"! -k"|"--syn") BUILDRULE="$BUILDRULE --syn" ;; "! -y"|"-k"|"! --syn") BUILDRULE="$BUILDRULE ! --syn" ;; esac #if [ -n "${13}" ]; then BUILDRULE="$BUILDRULE -t ${13}" ; fi #FIXME - tos values later? if [ -n "${14}" ]; then eval "$BUILDRULE -j LOG" || logfail $LINENO masonlib: YYYY 0148 $BUILDRULE -j LOG fi if [ -n "$CHAINTARGET" ]; then BUILDRULE="$BUILDRULE -j $CHAINTARGET" ; fi #if [ -n "$DEBUG" ]; then echo $BUILDRULE ; fi eval $SUDO $BUILDRULE || logfail $LINENO masonlib: YYYY 0149 $BUILDRULE ;; [Nn][Oo][Nn][Ee]) : ;; esac #Case docommand ;; esac #Case $1=action } #End of dorule #------------------------------------------------------------------------- #Flush the existing rules so we start with a clean slate. #------------------------------------------------------------------------- flushfirewall () { #SUDO checked CKPTFLUSHFIREWALL=" flushfirewall: Start" ; #ckpt $CKPTFLUSHFIREWALL updatecounts echo -n Flushing... >/dev/stderr #REMOVEME #FLUSHEDPOLICY=`echo $FLUSHEDPOLICY | tr a-z A-Z || logfail $LINENO masonlib: 0037 echo $FLUSHEDPOLICY pipe tr a-z A-Z` #$IPCHAINSBIN -P output $FLUSHEDPOLICY || logfail $LINENO masonlib: 0038 $IPCHAINSBIN -P output $FLUSHEDPOLICY #$IPCHAINSBIN -F output || logfail $LINENO masonlib: 0039 $IPCHAINSBIN -F output #$IPCHAINSBIN -P forward $FLUSHEDPOLICY || logfail $LINENO masonlib: 0040 $IPCHAINSBIN -P forward $FLUSHEDPOLICY #$IPCHAINSBIN -F forward || logfail $LINENO masonlib: 0041 $IPCHAINSBIN -F forward #$IPCHAINSBIN -P input $FLUSHEDPOLICY || logfail $LINENO masonlib: 0042 $IPCHAINSBIN -P input $FLUSHEDPOLICY #$IPCHAINSBIN -F input || logfail $LINENO masonlib: 0043 $IPCHAINSBIN -F input #FLUSHEDPOLICY=`echo $FLUSHEDPOLICY | tr A-Z a-z || logfail $LINENO masonlib: 0046 echo $FLUSHEDPOLICY pipe tr A-Z a-z` #$IPFWADMBIN -O -p $FLUSHEDPOLICY || logfail $LINENO masonlib: 0047 $IPFWADMBIN -O -p $FLUSHEDPOLICY #$IPFWADMBIN -O -f || logfail $LINENO masonlib: 0048 $IPFWADMBIN -O -f #$IPFWADMBIN -F -p $FLUSHEDPOLICY || logfail $LINENO masonlib: 0049 $IPFWADMBIN -F -p $FLUSHEDPOLICY #$IPFWADMBIN -F -f || logfail $LINENO masonlib: 0050 $IPFWADMBIN -F -f #$IPFWADMBIN -I -p $FLUSHEDPOLICY || logfail $LINENO masonlib: 0051 $IPFWADMBIN -I -p $FLUSHEDPOLICY #$IPFWADMBIN -I -f || logfail $LINENO masonlib: 0052 $IPFWADMBIN -I -f for ONECHAIN in output forward input ; do dorule p "$ONECHAIN" '' '' '' '' '' '' '' '' '' "$FLUSHEDPOLICY" '' '' '' || logfail $LINENO masonlib: 0038/0040/0042/0047/0049/0051 dorule f "$ONECHAIN" '' '' '' '' '' '' '' '' '' '' '' '' '' || logfail $LINENO masonlib: 0039/0041/0043/0048/0050/0052 done if [ -f /proc/net/ip_fwchains ] || [ -n "`lsmod | grep '^ip_tables '`" ]; then #Flush the nolog chains if they exist, create them if not. CKPTFLUSHFIREWALL=" flushfirewall: Create or flush nolog chains." ; #ckpt $CKPTFLUSHFIREWALL if [ -n "$NOLOGSUFFIX" ]; then for ONECHAIN in `chainnameof output` `chainnameof forward` `chainnameof input` ; do flushornewchain "$ONECHAIN$NOLOGSUFFIX" done fi CKPTFLUSHFIREWALL=" flushfirewall: Create or flush NoSpoof chain." ; #ckpt $CKPTFLUSHFIREWALL flushornewchain NoSpoof fi echo Done! >/dev/stderr CKPTFLUSHFIREWALL="" } #End of flushfirewall #------------------------------------------------------------------------- #If the chain exists, flush it, otherwise create it. #------------------------------------------------------------------------- flushornewchain () { #SUDO checked if [ -n "$1" ]; then CHAINNAME="`chainnameof $1`" if [ -f /proc/net/ip_fwchains ]; then #REMOVEME #if [ `$SUDO $IPCHAINSBIN -L -n | grep "^Chain $CHAINNAME" | wc -l` -gt 0 ]; then if $SUDO $IPCHAINSBIN -L $CHAINNAME >/dev/null 2>/dev/null ; then #If chain exists $SUDO $IPCHAINSBIN -F $CHAINNAME >/dev/null 2>/dev/null || logfail $LINENO masonlib: 0044/0070/0089/0134 $IPCHAINSBIN -F $CHAINNAME else $SUDO $IPCHAINSBIN -N $CHAINNAME >/dev/null 2>/dev/null || logfail $LINENO masonlib: 0045/0071/0090 $IPCHAINSBIN -N $CHAINNAME fi elif [ -n "`lsmod | grep '^ip_tables '`" ]; then #FIXME, check everywhere. #if iptables -L -n >/dev/null 2>/dev/null ; then echo iptables successful ; fi if $SUDO $IPTABLESBIN -L $CHAINNAME >/dev/null 2>/dev/null ; then #If chain exists $SUDO $IPTABLESBIN -F $CHAINNAME >/dev/null 2>/dev/null || logfail $LINENO masonlib: 0135 $IPTABLESBIN -F $CHAINNAME else $SUDO $IPTABLESBIN -N $CHAINNAME >/dev/null 2>/dev/null || logfail $LINENO masonlib: 0136 $IPTABLESBIN -N $CHAINNAME fi fi fi } #End of flushornewchain #------------------------------------------------------------------------- # generalportrange function, returns the masq/high/low port range of the given port. #------------------------------------------------------------------------- generalportrange () { #SUDO checked #We have already tested for isdigits if [ $1 -eq 0 ]; then echo "0" elif [ $1 -eq 113 ]; then echo "113" elif [ $1 -eq 65535 ]; then echo "65535" elif [ $1 -ge 0 ] && [ $1 -le 1023 ]; then echo "0:1023" elif [ $1 -ge "$PORT_MASQ_BEGIN" ] && [ $1 -le "$PORT_MASQ_END" ]; then echo "$PORT_MASQ_BEGIN:$PORT_MASQ_END" elif [ $1 -ge "1024" ] && [ $1 -le "65535" ]; then echo "1024:65535" fi } #End of generalportrange #------------------------------------------------------------------------- # generalizeip function. For the given ip address parameter, return one # of the following: # - $DYNIFADDR for interfaces with dynamic IP addresses. # - the corresponding hostname # - itself, if a local address, broadcast address, or special address. # - its IP network # - as a last resort, 0/0 # User can select operation with IPCONV= in masonconf. #------------------------------------------------------------------------- generalizeip () { #SUDO checked CKPTGENERALIZEIP=" generalizeip: address $1" ; #ckpt $CKPTGENERALIZEIP case $1 in anywhere|*/0|*/0.0.0.0) GIRETVAL="0/0" ;; */*) GIRETVAL="$1" ;; 22[4-9].*|23[0-9].*) GIRETVAL="`nameof $1`$SINGLEMACHSPEC" ;; #Multicast IP's should be left unique *) GIRETVAL="$1$SINGLEMACHSPEC" ISASSIGNED="NO" for ONEIF in $DYNIF ; do if [ "$1" = "$(eval echo \${$(eval echo ${ONEIF}ADDR)})" ]; then #The nested eval thing is the IP address of that interface. GIRETVAL="\${${ONEIF}ADDR}" #Do not add /32 here - that shell variable _has_ /32 in it. ISASSIGNED="YES" #LINEHASDYNAMIC="YES" #Not exported from a function - not currently used fi done if [ "$ISASSIGNED" = "NO" ]; then case $IPCONV in HOST) GIRETVAL="`nameof $1`$SINGLEMACHSPEC" ;; NETWORK) #Handle special addresses case $1 in 0.0.0.0|0.0.0.0/32) GIRETVAL="0.0.0.0$SINGLEMACHSPEC" ; ISASSIGNED="YES" ;; 127.0.0.1|127.0.0.1/32) GIRETVAL="localhost$SINGLEMACHSPEC" ; ISASSIGNED="YES" ;; 255.255.255.255|255.255.255.255/32) GIRETVAL="255.255.255.255$SINGLEMACHSPEC" ; ISASSIGNED="YES" ;; *[-A-Za-z]*) GIRETVAL="$1" ; ISASSIGNED="YES" ;; #We should only be converting numeric addresses *) CKPTGENERALIZEIP=" generalizeip: all numeric" ; #ckpt $CKPTGENERALIZEIP #Leave local IP addresses and broadcasts as they are. #FIXME - pull broadcasts from /etc/hosts too? if [ "$ISASSIGNED" = "NO" ]; then for ONELOCALIP in $ALLIPS $ALLBCS ; do if [ "$1" = "$ONELOCALIP" ]; then GIRETVAL="`nameof $1`$SINGLEMACHSPEC" ISASSIGNED="YES" fi done fi #If IP is in a local netblock, generalize to that netblock. if [ "$ISASSIGNED" = "NO" ] && isnumericip $1 ; then #for ONENET in `cat $NETCACHE` ; do #Use NETWORKS now... for ONENET in $NETWORKS ; do if [ "$ISASSIGNED" = "NO" ]; then NETMASK=${ONENET##*/} ; ONENET=${ONENET%/*} BROADCAST=${ONENET##*-} ; ONENET=${ONENET%-*} if iple $ONENET $1 ; then if iple $1 $BROADCAST ; then GIHOLDHOSTLOOKUP="$HOSTLOOKUP" HOSTLOOKUP="FILESONLY" if [ "$ECHOCOMMAND" = "cisco" ]; then GIRETVAL="`nameof $ONENET` `mask2cisco $NETMASK`" else GIRETVAL="`nameof $ONENET`/`mask2bits $NETMASK`" fi HOSTLOOKUP="$GIHOLDHOSTLOOKUP" ISASSIGNED="YES" fi fi fi done fi ;; esac if [ "$ISASSIGNED" = "NO" ]; then GIRETVAL="0/0" ; ISASSIGNED="YES" ; fi ;; NONE) ;; #CUSTOM) ;; esac fi ;; esac echo $GIRETVAL CKPTGENERALIZEIP="" } #End of generalizeip #------------------------------------------------------------------------- # loadconf function, called at start and on receipt of SIGUSR1 #------------------------------------------------------------------------- loadconf () { CKPTLOADCONF=" loadconf: start" ; #ckpt $CKPTLOADCONF if [ "$NEEDLF" = "YES" ]; then echo >/dev/stderr ; NEEDLF="NO" ; fi #This is the configuration file mason uses. The parameters in it can be #changed while Mason is running as long as the SIGUSR1 signal is sent to #Mason afterwards. This can be done by typing "killall -USR1 mason" if [ -f $MASONCONF ]; then echo -n "Loading options from $MASONCONF..." >/dev/stderr . $MASONCONF || logfail $LINENO masonlib: 0053 . $MASONCONF else touch $MASONCONF || logfail $LINENO masonlib: 0054 touch $MASONCONF chmod 700 $MASONCONF || logfail $LINENO masonlib: 0055 chmod 700 $MASONCONF wrap ${WARN}WARNING - Unable to load options, $MASONCONF does not exist.${NORM} >/dev/stderr #Not a problem if colors unset. fi CKPTLOADCONF=" loadconf: post load $MASONCONF" ; #ckpt $CKPTLOADCONF checkconf echo -n "Load IPs, networks and nameservers..." >/dev/stderr #set ALLIPS and ALLBCS (broadcasts) ALLIPS="`ifconfig | grep 'inet addr' | sed -e 's/.*addr://' -e 's/ .*//' || logfail $LINENO masonlib: YYYY 0056` \ `route -n | grep '^[0-9\.]* *[0-9\.]* *255\.255\.255\.255' | awk '{print $1}' || logfail $LINENO masonlib: YYYY 0057`" ALLBCS=`ifconfig | grep 'Bcast' | sed -e 's/.*Bcast://' -e 's/ .*//' || logfail $LINENO masonlib: YYYY 0058` #FIXME: ALLBCS includes net addresses too? #FIXME - if netcache and the current netlist (below) are identical, briefly warn then delete netcache. if [ -n "$NETCACHE" ] && [ -n "`grep -v '^$' $NETCACHE || logfail $LINENO masonlib: YYYY 0059`" ]; then wrap ${WARN}WARNING! The $NETCACHE file is no longer used by Mason. Please transfer all values from this file to the NETWORKS variable in $MASONCONF.${NORM} >/dev/stderr fi #rm -f $NETCACHE ; touch $NETCACHE ; chmod 700 $NETCACHE CKPTLOADCONF=" loadconf: about to load dnsservers" ; #ckpt $CKPTLOADCONF DNSSERVERS=`grep '^nameserver' /etc/resolv.conf | awk '{print $2}' || logfail $LINENO masonlib: YYYY 0060` echo "Done." >/dev/stderr SIGGED="YES" #We received a signal #FIXME - put killall -SIGUSR1 mason in ip-up... CKPTLOADCONF="" } #End of loadconf #------------------------------------------------------------------------- # logfail subroutine, record the fact that a command returned non-true. #------------------------------------------------------------------------- logfail () { #To use, add: # || logfail $LINENO filename some words that will identify what bombed #at the end of any command that could conceivably return false. #DO NOT send ANYTHING to stdout - this function is used inside backticks. Use stderr if necessary. #Don't assume everything has been initialized yet. LOGRETVAL="$?" #This should be placed first to preserve the return code of the failed command. TEMPMASONDIR=${MASONDIR:-"/var/lib/mason/"} #FIXME - test if masoncrash is writable, fall back to stderr if not? wrap "`date` - $MASONVER" >>${TEMPMASONDIR}masoncrash case "$1" in 0|1) shift ;; [0-9]*) echo -n "Line $1, " >>${TEMPMASONDIR}masoncrash ; shift ;; esac wrap Caught failure \($LOGRETVAL\) on: $* >>${TEMPMASONDIR}masoncrash return 0 #True; this makes bash happy } #End of logfail #------------------------------------------------------------------------- # nameof function, returns the hostname from the IP address parameter. #------------------------------------------------------------------------- nameof () { #SUDO checked #Use /etc/hosts and the "host" command to look up names for source and destination addresses. CKPTNAMEOF=" nameof: Start" ; #ckpt $CKPTNAMEOF NAMEOFRETVAL="" #FIXME - Should we just drop everything after the /? NAMEOFINPUT=${1%%/32} CKPTNAMEOF=" nameof: check for dynifs" ; #ckpt $CKPTNAMEOF for ONEIF in $DYNIF ; do if [ "$NAMEOFINPUT" = "$(eval echo \${$(eval echo ${ONEIF}ADDR)})" ]; then #The nested eval thing is the IP address of that interface. NAMEOFRETVAL="\${${ONEIF}ADDR}" #Nameof is supposed to return something _without_ a /32, but the ppp0ADDR macros _have_ the /32. It's OK because GI already does its own DYNIF checking, and the only other place that uses it is in mason/comment2. #LINEHASDYNAMIC="YES" #Not exported from a function - not currently used fi done if [ -z "$NAMEOFRETVAL" ]; then if [ "$HOSTLOOKUP" = "FILESONLY" ] || [ "$HOSTLOOKUP" = "FULL" ]; then #The () subshell below is the equivalent of: "tail --lines=1 | awk '{print $2}'" ONEHOSTNAME=`egrep "^$NAMEOFINPUT[^0-9]" /etc/hosts | ( while read F1 F2 FREST ; do LLF2=$F2 ; done ; if [ -n "$LLF2" ]; then echo $LLF2 ; fi ) || logfail $LINENO masonlib: YYYY 0061` if [ -n "$ONEHOSTNAME" ]; then NAMEOFRETVAL="$ONEHOSTNAME" fi fi fi if [ -z "$NAMEOFRETVAL" ]; then case $NAMEOFINPUT in */0|*/0.0.0.0) NAMEOFRETVAL="0/0" ;; esac fi CKPTNAMEOF=" nameof: reverse host lookup" ; #ckpt $CKPTNAMEOF if [ "$HOSTLOOKUP" = "FULL" ] && [ -z "$NAMEOFRETVAL" ]; then #if ! reservedip $NAMEOFINPUT ; then #One approach might be to avoid looking up rfc1918 addresses entirely #FIXME - don't run host twice if host -t ptr $NAMEOFINPUT >/dev/null 2>/dev/null ; then ONEHOSTNAME=`host -t ptr $NAMEOFINPUT 2>/dev/null | grep 'domain name pointer' | head --lines=1 | sed -e 's/.* //' || logfail $LINENO masonlib: YYYY 0062` #do double reverse, see if same as input ip, only _then_ assign. #I specifically removed the head --lines=1 because I don't want to provide a round-robin name. ONEIPADDR=`host -t a $ONEHOSTNAME 2>/dev/null | grep 'has address' | sed -e 's/.* //' || logfail $LINENO masonlib: YYYY 0133` if [ -n "$ONEHOSTNAME" ] && [ "$NAMEOFINPUT" = "$ONEIPADDR" ] && [ "$ONEHOSTNAME" != "read-rfc1918-for-details.iana.net" ]; then #Grrr... NAMEOFRETVAL="$ONEHOSTNAME" fi fi #fi fi if [ -z "$NAMEOFRETVAL" ]; then NAMEOFRETVAL=$NAMEOFINPUT ; fi echo $NAMEOFRETVAL CKPTNAMEOF="" } #End of nameof #------------------------------------------------------------------------- # networkof function, returns the network of the given ip and netmask. #------------------------------------------------------------------------- networkof () { #SUDO checked #Basically, the network is (ip bitwise-and netmask) CKPTNETWORKOF=" networkof: Start $1 mask $2" ; #ckpt $CKPTNETWORKOF case $2 in 32|255.255.255.255) echo $1 ;; 0|0.0.0.0) echo 0.0.0.0 ;; *) SPLITIP=$1 I1O1=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O2=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O3=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O4=$SPLITIP case $2 in [0-9]|[1-2][0-9]|3[0-2]) SPLITIP=`bits2mask $2` ;; *) SPLITIP=$2 ;; esac I2O1=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O2=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O3=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O4=$SPLITIP echo $[ $I1O1 & $I2O1 ].$[ $I1O2 & $I2O2 ].$[ $I1O3 & $I2O3 ].$[ $I1O4 & $I2O4 ] ;; esac CKPTNETWORKOF="" } #End of networkof #------------------------------------------------------------------------- # oneblockproto procedure, blocks a single protocol from coming in on the given interface. #------------------------------------------------------------------------- oneblockproto () { #SUDO checked #Parameters: Protocol, (optional)Interface case $BLOCKPROTO in #${MINMARK:+"-m"} $MINMARK ; if [ -n "$MINMARK" ]; then MINMARK=$[$MINMARK+1] ; fi *.*/[Ii][Cc][Mm][Pp]) ICMPBOTH=${BLOCKPROTO%%/*} ; ICMPCODE=${ICMPBOTH%%.*} ; ICMPSUBCODE=${ICMPBOTH##*.} #REMOVEME #$IPCHAINSBIN -I input -i $2 -p icmp -s 0/0 $ICMPCODE -d 0/0 $ICMPSUBCODE -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0079 #Cannot do subcode on ipfwadm icmp. #$IPFWADMBIN -I -i deny -W $2 -P icmp -S 0/0 $ICMPCODE $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0101 dorule i input "$2" '' icmp '' "$ICMPCODE" '' "$ICMPSUBCODE" '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO masonlib: YYYY 0079/0101 ;; */[Ii][Cc][Mm][Pp]) #REMOVEME #$IPCHAINSBIN -I input -i $2 -p icmp -s 0/0 ${BLOCKPROTO%%/*} -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0080 #$IPFWADMBIN -I -i deny -W $2 -P icmp -S 0/0 ${BLOCKPROTO%%/*} $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0102 dorule i input "$2" '' icmp '' "${BLOCKPROTO%%/*}" '' '' '' '' deny '' "$LOGBLOCKS" "" || logfail $LINENO masonlib: YYYY 0080/0102 ;; 113/[Tt][Cc][Pp]|[Aa][Uu][Tt][Hh]/[Tt][Cc][Pp]) #REMOVEME #$IPCHAINSBIN -I input -i $2 -p tcp -d 0/0 ${BLOCKPROTO%%/*} -y -j REJECT $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0081 #$IPFWADMBIN -I -i reject -W $2 -P tcp -D 0/0 ${BLOCKPROTO%%/*} -y $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0103 dorule i input "$2" '' tcp '' '' '' "${BLOCKPROTO%%/*}" '' -y reject '' "$LOGBLOCKS" '' || logfail $LINENO masonlib: YYYY 0081/0103 ;; */[Tt][Cc][Pp]) #REMOVEME #$IPCHAINSBIN -I input -i $2 -p tcp -d 0/0 ${BLOCKPROTO%%/*} -y -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0082 #$IPFWADMBIN -I -i deny -W $2 -P tcp -D 0/0 ${BLOCKPROTO%%/*} -y $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0104 dorule i input "$2" '' tcp '' '' '' "${BLOCKPROTO%%/*}" '' -y deny '' "$LOGBLOCKS" '' || logfail $LINENO masonlib: YYYY 0082/0104 ;; */*) #REMOVEME #$IPCHAINSBIN -I input -i $2 -p ${BLOCKPROTO##*/} -d 0/0 ${BLOCKPROTO%%/*} -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0083 #$IPFWADMBIN -I -i deny -W $2 -P ${BLOCKPROTO##*/} -D 0/0 ${BLOCKPROTO%%/*} $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0105 dorule i input "$2" '' "${BLOCKPROTO##*/}" '' '' '' "${BLOCKPROTO%%/*}" '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO masonlib: YYYY 0083/0105 ;; *) #REMOVEME #$IPCHAINSBIN -I input -i $2 -p ${BLOCKPROTO##*/} -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0084 #$IPFWADMBIN -I -i deny -W $2 -P ${BLOCKPROTO##*/} $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0106 dorule i input "$2" '' "${BLOCKPROTO##*/}" '' '' '' '' '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO masonlib: YYYY 0084/0106 ;; esac } #End of oneblockproto #------------------------------------------------------------------------- # port2ciscoport function, returns the individual port or range of # ports for the given port/port range and protocol parameters in cisco format. #------------------------------------------------------------------------- port2ciscoport () { #SUDO checked #Parameters: $1 is the port number, $2 is the protocol #FIXME - convert /udp, /tcp, /icmp over to case insensitive checks CKPTPORT2CISCOPORT=" port2ciscoport: Start" ; #ckpt $CKPTPORT2CISCOPORT PCPRETVAL="" case "$1/$2" in 0:1023/*) PCPRETVAL=" lt 1024" ;; 1024:65535/*) PCPRETVAL=" gt 1023" ;; #FIXME - this does not drop the protocol, I think. *:*/*) PCPRETVAL=" range ${1%%:*} ${1##*:}" ;; 179/tcp|bgp/tcp) PCPRETVAL=" eq bgp" ;; 19/tcp|chargen/tcp|ttyst/tcp|source/tcp) PCPRETVAL=" eq chargen" ;; 13/tcp|daytime/tcp) PCPRETVAL=" eq daytime" ;; 9/tcp|discard/tcp|sink/tcp|null/tcp) PCPRETVAL=" eq discard" ;; 53/tcp|domain/tcp|dns/tcp) PCPRETVAL=" eq domain" ;; 7/tcp|echo/tcp) PCPRETVAL=" eq echo" ;; 79/tcp|finger/tcp) PCPRETVAL=" eq finger" ;; 21/tcp|ftp/tcp) PCPRETVAL=" eq ftp" ;; 20/tcp|ftp-data/tcp) PCPRETVAL=" eq ftp-data" ;; 70/tcp|gopher/tcp) PCPRETVAL=" eq gopher" ;; 101/tcp|hostname/tcp|hostnames/tcp) PCPRETVAL=" eq hostname" ;; 194/tcp|irc/tcp) PCPRETVAL=" eq irc" ;; 543/tcp|klogin/tcp) PCPRETVAL=" eq klogin" ;; 544/tcp|kshell/tcp|krcmd/tcp) PCPRETVAL=" eq kshell" ;; 515/tcp|lpd/tcp|printer/tcp|spooler/tcp) PCPRETVAL=" eq lpd" ;; 109/tcp|pop-2/tcp|pop2/tcp|postoffice/tcp) PCPRETVAL=" eq pop2" ;; 110/tcp|pop-3/tcp|pop3/tcp) PCPRETVAL=" eq pop3" ;; 25/tcp|smtp/tcp) PCPRETVAL=" eq smtp" ;; 111/tcp|sunrpc/tcp|portmapper/tcp) PCPRETVAL=" eq sunrpc" ;; #I think the following was a mistake. Cisco's docs show a TCP syslog - I dont think there is one. syslog/tcp) PCPRETVAL=" eq syslog" ;; 65/tcp|tacacs-ds/tcp) PCPRETVAL=" eq tacacs-ds" ;; 517/tcp|talk/tcp) PCPRETVAL=" eq talk" ;; 23/tcp|telnet/tcp) PCPRETVAL=" eq telnet" ;; 37/tcp|time/tcp|timserver/tcp) PCPRETVAL=" eq time" ;; 540/tcp|uucp/tcp|uucpd/tcp) PCPRETVAL=" eq uucp" ;; 43/tcp|whois/tcp|nicname/tcp) PCPRETVAL=" eq whois" ;; 80/tcp|www/tcp|http/tcp) PCPRETVAL=" eq www" ;; 512/udp|biff/udp|comsat/udp) PCPRETVAL=" eq biff" ;; 68/udp|bootpc/udp) PCPRETVAL=" eq bootpc" ;; 67/udp|bootps/udp) PCPRETVAL=" eq bootps" ;; 9/udp|discard/udp|sink/udp|null/udp) PCPRETVAL=" eq discard" ;; 53/udp|dns/udp|domain/udp) PCPRETVAL=" eq dns" ;; 90/udp|dnsix/udp) PCPRETVAL=" eq dnsix" ;; 7/udp|echo/udp) PCPRETVAL=" eq echo" ;; 434/udp|mobile-ip/udp|mobileip-agent/udp) PCPRETVAL=" eq mobile-ip" ;; 42/udp|nameserver/udp|name/udp) PCPRETVAL=" eq nameserver" ;; 138/udp|netbios-dgm/udp) PCPRETVAL=" eq netbios-dgm" ;; 137/udp|netbios-ns/udp) PCPRETVAL=" eq netbios-ns" ;; 123/udp|ntp/udp) PCPRETVAL=" eq ntp" ;; 520/udp|rip/udp|route/udp|router/udp|routed/udp) PCPRETVAL=" eq rip" ;; 161/udp|snmp/udp) PCPRETVAL=" eq snmp" ;; 162/udp|snmptrap/udp|snmp-trap/udp) PCPRETVAL=" eq snmptrap" ;; 111/udp|sunrpc/udp|portmapper/udp) PCPRETVAL=" eq sunrpc" ;; 514/udp|syslog/udp) PCPRETVAL=" eq syslog" ;; 65/udp|tacacs-ds/udp) PCPRETVAL=" eq tacacs-ds" ;; 517/udp|talk/udp) PCPRETVAL=" eq talk" ;; 69/udp|tftp/udp) PCPRETVAL=" eq tftp" ;; 37/udp|time/udp) PCPRETVAL=" eq time" ;; 513/udp|who/udp|whod/udp) PCPRETVAL=" eq who" ;; 177/udp|xdmcp/udp) PCPRETVAL=" eq xdmcp" ;; *) if isdigits $1 ; then PCPRETVAL=" eq $1" else #FIXME - convert alpha port name ("telnet") back to the port number ("23") for Cisco. PCPRETVAL=" eq $1" fi ;; esac echo "$PCPRETVAL" CKPTPORT2CISCOPORT="" } #End of port2ciscoport #------------------------------------------------------------------------- # preexit procedure. Called on receipt of signal 0 (exiting) from bash #------------------------------------------------------------------------- #We check to see if any of the checkpoint variables are still set; if so, #the script probably crashed before finishing that module. Bitch to the user. #Be careful of system variables; they may not be loaded yet. preexit () { #ZZZZ #FIXME - test for masoncrash writable? if [ -n "$CKPTMGT$CKPTMASON$CKPTCHECKSYS$CKPTCLIENTPORTRANGE$CKPTGENERALIZEIP$CKPTIPLE$CKPTIPLT$CKPTISNUMERICIP$CKPTLOADCONF$CKPTSERVERPORTRANGE$CKPTADDCOUNTS$CKPTNAMEOF$CKPTBROADCASTOF$CKPTCHECKCONF$CKPTDELCOUNTS$CKPTFLUSHFIREWALL$CKPTPORT2CISCOPORT$CKPTPROTONUM2NAME$CKPTRULETAG$CKPTRUNFIREWALL$CKPTSETTOS$CKPTSORTRULEFILE$CKPTUNIQRULEFILE$CKPTUPDATECOUNTS$CKPTNETWORKOF" ]; then if [ -z "$MASONDIR" ]; then MASONDIR="/var/lib/mason/" ; fi echo >/dev/stderr wrap ${WARN}Abnormal exit from $0 $MASONVER.${NORM} >/dev/stderr wrap The author, William Stearns, would be very grateful if you would email the following information to wstearns@pobox.com, as well as anything else that you think might be relevant. It would help make future versions of mason more stable. The easiest way to do this is to attach ${MASONDIR}masoncrash to a message to wstearns@pobox.com . >/dev/stderr echo >/dev/stderr date >/dev/stderr wrap Most recent checkpoints: >/dev/stderr wrap $CKPTMGT $CKPTMASON $CKPTCHECKSYS $CKPTCLIENTPORTRANGE \ $CKPTGENERALIZEIP $CKPTIPLE $CKPTIPLT $CKPTISNUMERICIP $CKPTLOADCONF \ $CKPTSERVERPORTRANGE $CKPTADDCOUNTS $CKPTNAMEOF $CKPTBROADCASTOF \ $CKPTCHECKCONF $CKPTDELCOUNTS $CKPTFLUSHFIREWALL $CKPTPORT2CISCOPORT \ $CKPTPROTONUM2NAME $CKPTRULETAG $CKPTRUNFIREWALL \ $CKPTSETTOS $CKPTSORTRULEFILE \ $CKPTUNIQRULEFILE $CKPTUPDATECOUNTS $CKPTNETWORKOF >/dev/stderr wrap End of checkpoints. >/dev/stderr echo >/dev/stderr wrap This file was created as a result of a crash of $0 $MASONVER. It was created automatically. Please mail it to wstearns@pobox.com >>${MASONDIR}masoncrash date >>${MASONDIR}masoncrash wrap Most recent checkpoints: >>${MASONDIR}masoncrash wrap $CKPTMGT $CKPTMASON $CKPTCHECKSYS $CKPTCLIENTPORTRANGE \ $CKPTGENERALIZEIP $CKPTIPLE $CKPTIPLT $CKPTISNUMERICIP $CKPTLOADCONF \ $CKPTSERVERPORTRANGE $CKPTADDCOUNTS $CKPTNAMEOF $CKPTBROADCASTOF \ $CKPTCHECKCONF $CKPTDELCOUNTS $CKPTFLUSHFIREWALL $CKPTPORT2CISCOPORT \ $CKPTPROTONUM2NAME $CKPTRULETAG $CKPTRUNFIREWALL \ $CKPTSETTOS $CKPTSORTRULEFILE \ $CKPTUNIQRULEFILE $CKPTUPDATECOUNTS $CKPTNETWORKOF >>${MASONDIR}masoncrash wrap End of checkpoints. >>${MASONDIR}masoncrash echo >>${MASONDIR}masoncrash if [ -n "$MASONCONF" ]; then if [ -e "$MASONCONF" ]; then wrap Masonconf: >>${MASONDIR}masoncrash if type -path sed >/dev/null 2>/dev/null && type -path grep >/dev/null 2>/dev/null ; then cat $MASONCONF | sed -e 's/#.*//' | grep -v '^$' >>${MASONDIR}masoncrash || : else cat $MASONCONF >>${MASONDIR}masoncrash fi wrap End of Masonconf. >>${MASONDIR}masoncrash else wrap No Masonconf found. >>${MASONDIR}masoncrash fi else wrap Masonconf environment variable not set. >>${MASONDIR}masoncrash fi echo >>${MASONDIR}masoncrash wrap System details: >>${MASONDIR}masoncrash wrap It is not necessarily a problem if some of these are missing. >>${MASONDIR}masoncrash for ONESYSFILE in /sbin/ipchains /sbin/ipfwadm /proc/net/ip_input /proc/net/ip_fwchains /sbin/iptables /usr/local/bin/iptables ; do ls -ald $ONESYSFILE >>${MASONDIR}masoncrash 2>&1 || : done lsmod >>${MASONDIR}masoncrash 2>&1 || : mount -t proc >>${MASONDIR}masoncrash 2>&1 || : echo >>${MASONDIR}masoncrash fi } #End of preexit #------------------------------------------------------------------------- # protonum2name procedure, sets PROTO to the readable protocol name from protocol number and sets IGNOREPORT. #------------------------------------------------------------------------- protonum2name () { #SUDO checked CKPTPROTONUM2NAME=" protonum2name: Start" ; #ckpt $CKPTPROTONUM2NAME unset IGNOREPORT || : case $1 in 0|[Ii][Pp]) PROTO="ip" IGNOREPORT="YES" ;; 1|[Ii][Cc][Mm][Pp]) PROTO="icmp" ;; 2|[Ii][Gg][Mm][Pp]) PROTO="igmp" IGNOREPORT="YES" ;; 3|[Gg][Gg][Pp]) PROTO="ggp" IGNOREPORT="YES" ;; 4|[Ii][Pp][Ii][Pp]) PROTO="ipip" IGNOREPORT="YES" ;; 6|[Tt][Cc][Pp]) PROTO="tcp" ;; 8|[Ee][Gg][Pp]) PROTO="egp" IGNOREPORT="YES" ;; 12|[Pp][Uu][Pp]) PROTO="pup" IGNOREPORT="YES" ;; 17|[Uu][Dd][Pp]) PROTO="udp" ;; 22|[Ii][Dd][Pp]) PROTO="idp" IGNOREPORT="YES" ;; 41|[Ii][Pp][Vv]6) PROTO="ipv6" IGNOREPORT="YES" ;; 46|[Rr][Ss][Vv][Pp]) PROTO="rsvp" IGNOREPORT="YES" ;; 47|[Gg][Rr][Ee]) PROTO="gre" IGNOREPORT="YES" ;; 50|[Ee][Ss][Pp]) PROTO="esp" IGNOREPORT="YES" ;; 103|[Pp][Ii][Mm]) PROTO="pim" IGNOREPORT="YES" ;; 255|[Rr][Aa][Ww]) PROTO="raw" IGNOREPORT="YES" ;; *) PROTONAME=`grep "^[a-zA-Z]*\W*$1 *" /etc/protocols | awk '{print $1}' || logfail $LINENO masonlib: YYYY 0063` if [ -n "$PROTONAME" ]; then PROTO=$PROTONAME ; else PROTO=$1 ; fi unset PROTONAME IGNOREPORT="YES" ;; esac CKPTPROTONUM2NAME="" } #End of protonum2name #------------------------------------------------------------------------- # reservedip function, returns true/false: ip address is reserved (rfc1918)? #------------------------------------------------------------------------- #OK, technically a hostname _could_ correspond to a reserved address, but come on! #If we're being handed a hostname, we probably don't need to autoset masq anyways. reservedip () { #SUDO checked case $1 in *[-A-Za-z]*) return 1 ;; *) SPLITIP=$1 I1O1=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O2=${SPLITIP%%.*} if [ $I1O1 -eq 10 ]; then return 0 #True elif [ $I1O1 -eq 172 ] && [ $I1O2 -ge 16 ] && [ $I1O2 -le 31 ]; then return 0 #True elif [ $I1O1 -eq 192 ] && [ $I1O2 -eq 168 ]; then return 0 #True else return 1 #False fi ;; esac } #End of reservedip #------------------------------------------------------------------------- # routesoverlap function. In short, if any two non-default routes in # the routing table overlap _and_ point at different interfaces, return true. #------------------------------------------------------------------------- routesoverlap () { #SUDO checked #My first pass at spoof blocking failed on the overlapping portion of two networks that arrive on #different nics. The new spoof blocking code handles that case, so this check is no longer needed. ALLROUTES="`route -n | cut -b 1-16,33-48,73-80 | grep '^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*[[:space:]]' | \ grep -v '^0\.0\.0\.0[[:space:]]' | awk '{print $1 "/" $2 "-" $3}' || logfail $LINENO masonlib: YYYY 0064`" #network/netmask-interface OVERLAPS=1 #False OVERLAPPINGROUTES="" for NET1 in $ALLROUTES ; do for NET2 in $ALLROUTES ; do if [ "${NET1##*-}" != "${NET2##*-}" ]; then #No need to check if they point to the same if if networksoverlap ${NET1%%-*} ${NET2%%-*} ; then OVERLAPS=0 if [ -n "$OVERLAPPINGROUTES" ]; then OVERLAPPINGROUTES="$OVERLAPPINGROUTES, " ; fi OVERLAPPINGROUTES="$OVERLAPPINGROUTES${NET1%%-*} and ${NET2%%-*}" fi fi done done if [ -n "$OVERLAPPINGROUTES" ]; then OVERLAPPINGROUTES="$OVERLAPPINGROUTES." ; fi return $OVERLAPS } #End of routesoverlap #------------------------------------------------------------------------- # ruletag function, returns a kind of hash of the rule to identify equivalence. #------------------------------------------------------------------------- ruletag () { #SUDO checked #Params: $* is an ipchains command. #This function returns a tag. This tag is used to determine if two rules can #be safely swapped; they can if their tags are identical. #Tag: first object/target(w/redirect port)/-l/#^ #This tag could also include the mark value. Hmmm, should it? CKPTRULETAG=" ruletag: Start" ; #ckpt $CKPTRULETAG RTRETVAL=$1 TARGET="" ; LOG="" ; COUNTTAG="" while [ -n "$1" ]; do case $1 in -j|--jump) NEXT="TARGET" ; TARGET="-j" ; shift ;; -l|--log) NEXT="" ; LOG="-l" ; shift ;; -A|--append|-D|--delete|-R|--replace|-I|--insert|-L|--list|-F|--flush|-Z|--zero|-N|--new-chain|-X|--delete-chain|-P|--policy|-M|--masquerading|-S|--set|-C|--check|-h|-p|--protocol|-s|--source|--source-port|-d|--destination|--destination-port|--icmp-type|-i|--interface|!|-f|--fragment|-b|--bidirectional|-v|--verbose|-n|--numeric|-o|--output|-m|--mark|-t|--TOS|-x|--exact|-y|--syn) NEXT="" ; shift ;; \#^) NEW="" ; COUNTTAG="#^" ; shift ;; \#*) NEXT="" ; shift $# ;; #Drop everything following a "#" *) case $NEXT in TARGET) TARGET="${TARGET}$1" ; shift ;; *) shift ;; esac ;; esac done echo "$RTRETVAL/$TARGET/$LOG/$COUNTTAG" CKPTRULETAG="" } #End of ruletag #------------------------------------------------------------------------- #Start up a firewall from scratch. #------------------------------------------------------------------------- runfirewall () { #SUDO checked #FIXME - add iptables support CKPTRUNFIREWALL=" runfirewall: Start" ; #ckpt $CKPTRUNFIREWALL #FIXME - use this or not? #if [ -f /proc/net/ip_fwchains ]; then # DEFAULTPOLICY=`echo $DEFAULTPOLICY | tr a-z A-Z || logfail $LINENO masonlib: YYYY 0065` # if [ "$LOGBLOCKS" = "-o" ]; then LOGBLOCKS="-l" ; fi #elif [ -f /proc/net/ip_input ]; then # DEFAULTPOLICY=`echo $DEFAULTPOLICY | tr A-Z a-z || logfail $LINENO masonlib: YYYY 0095` # if [ "$LOGBLOCKS" = "-l" ]; then LOGBLOCKS="-o" ; fi #else # CKPTRUNFIREWALL=" runfirewall: neither ipchains nor ipfwadm supported." ; #ckpt $CKPTRUNFIREWALL # wrap ${WARN}This kernel supports neither ipchains nor ipfwadm!${NORM} >/dev/stderr #fi if [ -f /proc/sys/net/ipv4/ip_forward ]; then #If forwarding is disabled _and_ there are two or more interfaces in the system if [ "`cat /proc/sys/net/ipv4/ip_forward`" = "0" ] && \ [ `ifconfig | cut -b 1-10 | grep -v ':' | grep -v '^lo' | grep -v '^ *$' | wc -l` -ge 2 ]; then wrap ${WARN}Please note that forwarding is disabled in the kernel. If this machine is expected to be a router, this should be fixed.${NORM} >/dev/stderr fi fi CKPTRUNFIREWALL=" runfirewall: ipchains/ipfwadm blockedhosts" ; #ckpt $CKPTRUNFIREWALL if [ -n "$BLOCKEDHOSTS" ]; then echo -n Blockedhost blocks... for BLOCKEDHOST in $BLOCKEDHOSTS ; do #Add this in if we reinstate marks on system rules, check below too. ${MINMARK:+"-m"} $MINMARK ; if [ -n "$MINMARK" ]; then MINMARK=$[$MINMARK+1] ; fi #REMOVEME #$IPCHAINSBIN -I input -s $BLOCKEDHOST -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0066 #$IPCHAINSBIN -I output -s $BLOCKEDHOST -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0067 #$IPCHAINSBIN -I input -d $BLOCKEDHOST -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0068 #$IPCHAINSBIN -I output -d $BLOCKEDHOST -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0069 #$IPFWADMBIN -I -i deny -S $BLOCKEDHOST $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0096 #$IPFWADMBIN -O -i deny -S $BLOCKEDHOST $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0097 #$IPFWADMBIN -I -i deny -D $BLOCKEDHOST $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0098 #$IPFWADMBIN -O -i deny -D $BLOCKEDHOST $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0099 dorule i input '' '' '' "$BLOCKEDHOST" '' '' '' '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO masonlib: YYYY 0066/0096 dorule i output '' '' '' "$BLOCKEDHOST" '' '' '' '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO masonlib: YYYY 0067/0097 dorule i input '' '' '' '' '' "$BLOCKEDHOST" '' '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO masonlib: YYYY 0068/0098 dorule i output '' '' '' '' '' "$BLOCKEDHOST" '' '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO masonlib: YYYY 0069/0099 done else echo -n No Blockedhost blocks... ; fi if [ -f /proc/net/ip_fwchains ] || [ -n "`lsmod | grep '^ip_tables '`" ]; then CKPTRUNFIREWALL=" runfirewall: ipchains/iptables spoofblocks" ; #ckpt $CKPTRUNFIREWALL if [ "$SPOOFBLOCKS" = "YES" ]; then echo -n Spoof blocks... #Add this in if we reinstate marks on system rules, check below too. ${MINMARK:+"-m"} $MINMARK ; if [ -n "$MINMARK" ]; then MINMARK=$[$MINMARK+1] ; fi flushornewchain NoSpoof #REMOVEME #$IPCHAINSBIN -I input -j NoSpoof || logfail $LINENO masonlib: YYYY 0072 dorule i input '' '' '' '' '' '' '' '' '' "NoSpoof" '' '' '' || logfail $LINENO masonlib: YYYY 0072 #In iptables, we have to check for spoofing on the forward chain as well. if [ -n "`lsmod | grep '^ip_tables '`" ]; then dorule i forward '' '' '' '' '' '' '' '' '' "NoSpoof" '' '' '' || logfail $LINENO masonlib: YYYY 0137 fi #We have a special #case to allow first. Say 192.168.0.1 is eth0's ip. If I telnet to that IP on this machine, #the source and destination addresses will be 192.168.0.1 - the spoof block would see this as #spoofing because the packets are showing up on an interface other than eth0. We need to exempt #lo from the check. '-j RETURN' on a chain inserted into input will do that. #REMOVEME #$IPCHAINSBIN -A NoSpoof -i lo -j RETURN || logfail $LINENO masonlib: YYYY 0073 dorule a NoSpoof lo '' '' '' '' '' '' '' '' return '' '' '' || logfail $LINENO masonlib: YYYY 0073 #REMOVEME ##Loop through loips as ok input on lo #for ONELOCALIP in `ifconfig | grep 'inet addr' | sed -e 's/.*addr://' -e 's/ .*//' || logfail $LINENO masonlib: YYYY 0074` ; do # $IPCHAINSBIN -I input -s ${ONELOCALIP} -i lo -j ACCEPT $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0075 #done #If the packet's network and IP are in the (non-default) routing table, go back to the main firewall. for ONEROUTE in `route -n | cut -b 1-16,33-48,73-80 | grep '^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*[[:space:]]' | \ grep -v '^0\.0\.0\.0[[:space:]]' | awk '{print $1 "/" $2 "-" $3}' || logfail $LINENO masonlib: YYYY 0076` ; do #REMOVEME #$IPCHAINSBIN -A NoSpoof -s ${ONEROUTE%%-*} -i ${ONEROUTE##*-} -j RETURN || logfail $LINENO masonlib: YYYY 0077 dorule a NoSpoof "${ONEROUTE##*-}" '' '' "${ONEROUTE%%-*}" '' '' '' '' '' return '' '' '' || logfail $LINENO masonlib: YYYY 0077 done #Block packets coming from a given local net if they don't come from the nic leading to that net. for ONEROUTE in `route -n | cut -b 1-16,33-48,73-80 | grep '^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*[[:space:]]' | \ grep -v '^0\.0\.0\.0[[:space:]]' | awk '{print $1 "/" $2 "-" $3}' || logfail $LINENO masonlib: YYYY 0135` ; do #REMOVEME #$IPCHAINSBIN -A NoSpoof -s ${ONEROUTE%%-*} -i ! ${ONEROUTE##*-} -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0136 dorule a NoSpoof "! ${ONEROUTE##*-}" '' '' "${ONEROUTE%%-*}" '' '' '' '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO masonlib: YYYY 0136 done #If the packet is coming from a default route interface, accept it. for ONEROUTE in `route -n | cut -b 1-16,33-48,73-80 | grep '^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*[[:space:]]' | \ grep '^0\.0\.0\.0[[:space:]]' | awk '{print $1 "/" $2 "-" $3}' || logfail $LINENO masonlib: YYYY 0137` ; do #REMOVEME #$IPCHAINSBIN -A NoSpoof -i ${ONEROUTE##*-} -j RETURN || logfail $LINENO masonlib: YYYY 0138 dorule a NoSpoof "${ONEROUTE##*-}" '' '' '' '' '' '' '' '' return '' '' '' || logfail $LINENO masonlib: YYYY 0138 done #Finally, if it wasn't caught above, deny it. #REMOVEME #$IPCHAINSBIN -A NoSpoof -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0139 dorule a NoSpoof '' '' '' '' '' '' '' '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO masonlib: YYYY 0139 else echo -n Not blocking spoofed packets... ; fi elif [ -f /proc/net/ip_input ]; then echo -n Not blocking spoofed packets under ipfwadm... fi CKPTRUNFIREWALL=" runfirewall: ipchains/ipfwadm noleakrfc1918" ; #ckpt $CKPTRUNFIREWALL #This is a construction issue only; if rfc1918 packets leak through as the firewall is being constructed, #we deny them to tell the sending end to try again. Once the forward/MASQ rules are in place, #this won't be used again. if [ -n "$AUTOMASQIF" ]; then echo -n NoLeakRFC1918 blocks... for MASQIF in $AUTOMASQIF ; do #Add this in if we reinstate marks on system rules, check below too. ${MINMARK:+"-m"} $MINMARK ; if [ -n "$MINMARK" ]; then MINMARK=$[$MINMARK+1] ; fi for RESNET in 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ; do #REMOVEME #$IPCHAINSBIN -I output -i $MASQIF -s $RESNET -j DENY || logfail $LINENO masonlib: YYYY 0078 #$IPFWADMBIN -O -i deny -W $MASQIF -S $RESNET || logfail $LINENO masonlib: YYYY 0100 dorule i output '' "$MASQIF" '' "$RESNET" '' '' '' '' '' deny '' '' '' done done else echo -n No NoLeakRFC1918 blocks... ; fi CKPTRUNFIREWALL=" runfirewall: ipchains noincoming" ; #ckpt $CKPTRUNFIREWALL if [ -n "$NOINCOMING" ] && [ -n "$INCOMINGINTERFACES" ]; then echo -n Incoming blocks... for OUTSIDEIF in $INCOMINGINTERFACES ; do for BLOCKPROTO in $NOINCOMING ; do oneblockproto $BLOCKPROTO $OUTSIDEIF done done else echo -n No incoming blocks... ; fi CKPTRUNFIREWALL=" runfirewall: ipchains/ipchains nooutgoing" ; #ckpt $CKPTRUNFIREWALL if [ -n "$NOOUTGOING" ] && [ -n "$OUTGOINGINTERFACES" ]; then echo -n Outgoing blocks... for OUTSIDEIF in $OUTGOINGINTERFACES ; do for BLOCKPROTO in $NOOUTGOING ; do case $BLOCKPROTO in #${MINMARK:+"-m"} $MINMARK ; if [ -n "$MINMARK" ]; then MINMARK=$[$MINMARK+1] ; fi *.*/[Ii][Cc][Mm][Pp]) ICMPBOTH=${BLOCKPROTO%%/*} ; ICMPCODE=${ICMPBOTH%%.*} ; ICMPSUBCODE=${ICMPBOTH##*.} #REMOVEME #$IPCHAINSBIN -I output -i $OUTSIDEIF -p icmp -s 0/0 $ICMPCODE -d 0/0 $ICMPSUBCODE -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0085 #Cannot do subcode on ipfwadm icmp. #$IPFWADMBIN -O -i deny -W $OUTSIDEIF -P icmp -S 0/0 $ICMPCODE $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0107 dorule i output '' "$OUTSIDEIF" icmp '' "$ICMPCODE" '' "$ICMPSUBCODE" '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO masonlib: YYYY 0085/0107 ;; */[Ii][Cc][Mm][Pp]) #REMOVEME #$IPCHAINSBIN -I output -i $OUTSIDEIF -p icmp -s 0/0 ${BLOCKPROTO%%/*} -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0086 #$IPFWADMBIN -O -i deny -W $OUTSIDEIF -P icmp -S 0/0 ${BLOCKPROTO%%/*} $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0108 dorule i output '' "$OUTSIDEIF" icmp '' "${BLOCKPROTO%%/*}" '' '' '' '' deny '' "$LOGBLOCKS" '' || logfail $LINENO masonlib: YYYY 0086/0108 ;; #*/*) #FIXME - convert over to dorules. # $IPCHAINSBIN -I output -i $OUTSIDEIF -p ${BLOCKPROTO##*/} -d 0/0 ${BLOCKPROTO%%/*} -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0087 # $IPFWADMBIN -O -i deny -W $OUTSIDEIF -P ${BLOCKPROTO##*/} -D 0/0 ${BLOCKPROTO%%/*} $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0109 # ;; #*) # $IPCHAINSBIN -I output -i $OUTSIDEIF -p ${BLOCKPROTO##*/} -j DENY $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0088 # $IPFWADMBIN -O -i deny -W $OUTSIDEIF -P ${BLOCKPROTO##*/} $LOGBLOCKS || logfail $LINENO masonlib: YYYY 0110 # ;; esac done done else echo -n No outgoing blocks... ; fi set +e #Turn off failure checking; Mason has no control over the final contents of these files. #echo -n System rules... #. $SYSTEMRULEFILE # CKPTRUNFIREWALL=" runfirewall: ipchains/ipfwadm baserules" ; #ckpt $CKPTRUNFIREWALL echo -n Fixed rules... . $BASERULEFILE if [ "$1" = "LEARN" ] || [ "$1" = "learn" ]; then CKPTRUNFIREWALL=" runfirewall: ipchains/ipfwadm newrules" ; #ckpt $CKPTRUNFIREWALL echo -n New rules... . $NEWRULEFILE fi set -e if [ "$1" = "LEARN" ] || [ "$1" = "learn" ]; then CKPTRUNFIREWALL=" runfirewall: ipchains/ipfwadm logging rules" ; #ckpt $CKPTRUNFIREWALL echo -n Adding logging rules... #Finally, create a "nolog' chain for each of the existing chains, have each existing #chain jump to it. for ACHAIN in `chainnameof input` `chainnameof output` `chainnameof forward` ; do if [ -n "$NOLOGSUFFIX" ]; then flushornewchain $ACHAIN$NOLOGSUFFIX fi #${MINMARK:+"-m"} $MINMARK ; if [ -n "$MINMARK" ]; then MINMARK=$[$MINMARK+1] ; fi #REMOVEME #$IPCHAINSBIN -A $ACHAIN -j $ACHAIN$NOLOGSUFFIX || logfail $LINENO masonlib: YYYY 0091 #ZZZZ dorule a "$ACHAIN" '' '' '' '' '' '' '' '' '' "$ACHAIN$NOLOGSUFFIX" '' '' '' || logfail $LINENO masonlib: YYYY 0091 done #Finally, log everything else. for ACHAIN in input output forward ; do #REMOVEME #$IPCHAINSBIN -A $ACHAIN -l || logfail $LINENO masonlib: YYYY 0092 #$IPFWADMBIN -$ACHAIN -a $LOGGINGPOLICY -o || logfail $LINENO masonlib: YYYY 0111 dorule a "$ACHAIN" '' '' '' '' '' '' '' '' '' "$LOGGINGPOLICY" '' "-l" '' || logfail $LINENO masonlib: YYYY 0092/0111 done fi CKPTRUNFIREWALL=" runfirewall: ipchains/ipfwadm policy" ; #ckpt $CKPTRUNFIREWALL for ACHAIN in input output forward ; do #REMOVEME #$IPCHAINSBIN -P $ACHAIN $DEFAULTPOLICY || logfail $LINENO masonlib: YYYY 0093/0094 #$IPFWADMBIN -$ACHAIN -p $DEFAULTPOLICY || logfail $LINENO masonlib: YYYY 0112/0113 dorule p "$ACHAIN" '' '' '' '' '' '' '' '' '' "$DEFAULTPOLICY" '' '' '' || logfail $LINENO masonlib: YYYY 0093/0094/0112/0113 done echo Done! CKPTRUNFIREWALL="" } #End of runfirewall #Compatibility wrappers: #------------------------------------------------------------------------- #Start up a firewall from scratch. Use both baserules and newrules. #------------------------------------------------------------------------- runlearnfirewall () { #SUDO checked wrap ${WARN}"Please use \"runfirewall LEARN\" instead of runlearnfirewall"${NORM} >/dev/stderr runfirewall LEARN } #End of runlearnfirewall #------------------------------------------------------------------------- #Start up a firewall from scratch. Only use baserules. #------------------------------------------------------------------------- runstandardfirewall () { #SUDO checked wrap ${WARN}"Please use \"runfirewall STANDARD\" instead of runstandardfirewall"${NORM} >/dev/stderr runfirewall STANDARD } #End of runstandardfirewall #------------------------------------------------------------------------- # serverportrange subroutine, tries to determine whether the given numeric # port and protocol specify a server port. If so, returns the appropriate # readable representation for that server and sets the comment. # If no corresponding server port is known, both are left blank. #------------------------------------------------------------------------- serverportrange () { #SUDO checked #Params: numeric port, proto CKPTSERVERPORTRANGE=" serverportrange: port $1 proto $2" ; #ckpt $CKPTSERVERPORTRANGE PARTIALCOMMENT="" ; READABLEPORT="" if isdigits "$1" ; then #The () subshell below is the equivalent of: "head -n 1 | awk '{print $1}'`" SERVICE="`grep "[[:space:]]$1/$2" $SERVICES | ( if read F1 FREST ; then echo $F1 ; fi ) || logfail $LINENO masonlib: YYYY 0114`" #Mason will not be manipulating /etc/services. #SERVICELINE="`grep "[[:space:]]$1/$2" $SERVICES | head -n 1 || logfail $LINENO masonlib: YYYY 0115`" #if [ `grep "[[:space:]]$1/$2" /etc/services | wc -l` -eq 0 ]; then #Merge line from additional services files to /etc/services if necessary # if [ -n "$SERVICELINE" ]; then # echo -e "$SERVICELINE ##(added by Mason)" >>/etc/services # fi #fi #if #registered in sunrpc #process sunrpc port, change following to elif if [ "$2" = "udp" ] && [ $1 -ge $TRACEROUTE_BEGIN ] && [ $1 -le $TRACEROUTE_END ]; then READABLEPORT="$TRACEROUTE_BEGIN:$TRACEROUTE_END" ; PARTIALCOMMENT="TRACEROUTE/$PROTO" elif [ "$2" = "udp" ] && [ $1 -ge 6970 ] && [ $1 -le 7170 ]; then READABLEPORT="6970:7170" ; PARTIALCOMMENT="RADATA/$PROTO" elif [ "$2" = "udp" ] && [ $1 -ge 6770 ] && [ $1 -le 7170 ]; then READABLEPORT="6770:7170" ; PARTIALCOMMENT="RA30DATA/$PROTO" elif [ "$2" = "tcp" ] && [ $1 -ge $X_BEGIN ] && [ $1 -le $X_END ]; then READABLEPORT="$X_BEGIN:$X_END" ; PARTIALCOMMENT="X/$PROTO" elif [ "$2" = "tcp" ] && [ $1 -ge $OPENWIN_BEGIN ] && [ $1 -le $OPENWIN_END ]; then READABLEPORT="$OPENWIN_BEGIN:$OPENWIN_END" ; PARTIALCOMMENT="OPENWIN/$PROTO" elif [ "$2" = "tcp" ] && [ $1 -ge $VNCJAVA_BEGIN ] && [ $1 -le $VNCJAVA_END ]; then READABLEPORT="$VNCJAVA_BEGIN:$VNCJAVA_END" ; PARTIALCOMMENT="VNCJAVA/$PROTO" elif [ "$2" = "tcp" ] && [ $1 -ge $VNC_BEGIN ] && [ $1 -le $VNC_END ]; then READABLEPORT="$VNC_BEGIN:$VNC_END" ; PARTIALCOMMENT="VNC/$PROTO" elif [ "$2" = "tcp" ] && [ $1 -ge $IRC_BEGIN ] && [ $1 -le $IRC_END ]; then READABLEPORT="$IRC_BEGIN:$IRC_END" ; PARTIALCOMMENT="IRC/$PROTO" elif [ -n "$SERVICE" ]; then if [ "$ECHOCOMMAND" != "ipchains-save" ]; then READABLEPORT=$SERVICE ; PARTIALCOMMENT="$SERVICE/$PROTO" else READABLEPORT=$1 ; PARTIALCOMMENT="$SERVICE/$PROTO" fi fi CKPTSERVERPORTRANGE=" serverportrange: isdigits $READABLEPORT $PARTIALCOMMENT" ; #ckpt $CKPTSERVERPORTRANGE elif [ -n "`grep -E $1 /etc/services || logfail $LINENO masonlib: YYYY 0116`" ]; then # $1 is already converted to text and a server port #FIXME - is the above check all that is needed? #egrep "^$1[[:space:]]+[0-9]+/$2" READABLEPORT=$1 PARTIALCOMMENT="$1/$PROTO" CKPTSERVERPORTRANGE=" serverportrange: isname $READABLEPORT $PARTIALCOMMENT" ; #ckpt $CKPTSERVERPORTRANGE #handle special server port ranges like the above elif [ "$2" = "udp" ] && [ "$1" = "$TRACEROUTE_BEGIN:$TRACEROUTE_END" ]; then READABLEPORT="$TRACEROUTE_BEGIN:$TRACEROUTE_END" ; PARTIALCOMMENT="TRACEROUTE/$PROTO" elif [ "$2" = "udp" ] && [ "$1" = "6970:7170" ]; then READABLEPORT="6970:7170" ; PARTIALCOMMENT="RADATA/$PROTO" elif [ "$2" = "udp" ] && [ "$1" = "6770:7170" ]; then READABLEPORT="6770:7170" ; PARTIALCOMMENT="RA30DATA/$PROTO" elif [ "$2" = "tcp" ] && [ "$1" = "$X_BEGIN:$X_END" ]; then READABLEPORT="$X_BEGIN:$X_END" ; PARTIALCOMMENT="X/$PROTO" CKPTSERVERPORTRANGE=" serverportrange: setting to X" ; #ckpt $CKPTSERVERPORTRANGE elif [ "$2" = "tcp" ] && [ "$1" = "$OPENWIN_BEGIN:$OPENWIN_END" ]; then READABLEPORT="$OPENWIN_BEGIN:$OPENWIN_END" ; PARTIALCOMMENT="OPENWIN/$PROTO" elif [ "$2" = "tcp" ] && [ "$1" = "$VNCJAVA_BEGIN:$VNCJAVA_END" ]; then READABLEPORT="$VNCJAVA_BEGIN:$VNCJAVA_END" ; PARTIALCOMMENT="VNCJAVA/$PROTO" elif [ "$2" = "tcp" ] && [ "$1" = "$VNC_BEGIN:$VNC_END" ]; then READABLEPORT="$VNC_BEGIN:$VNC_END" ; PARTIALCOMMENT="VNC/$PROTO" elif [ "$2" = "tcp" ] && [ "$1" = "$IRC_BEGIN:$IRC_END" ]; then READABLEPORT="$IRC_BEGIN:$IRC_END" ; PARTIALCOMMENT="IRC/$PROTO" elif [ "$2" = "tcp" ] && [ "$1" = "512:514" ]; then READABLEPORT="512:514" ; PARTIALCOMMENT="R-COMMANDS/$PROTO" else CKPTSERVERPORTRANGE=" serverportrange: neither $1 $2" ; #ckpt $CKPTSERVERPORTRANGE fi #echo $READABLEPORT #Can't do this because we need to return PARTIALCOMMENT as well. CKPTSERVERPORTRANGE="" } #end of serverportrange #------------------------------------------------------------------------- # showstate procedure, used to display the state of the running program #------------------------------------------------------------------------- showstate () { #SUDO checked #Param: p1 is the string to be displayed. if [ "$USEANSI" != "NO" ]; then if [ "${TERM}" = "xterm" -o "${TERM}" = "xterm-color" ]; then echo -ne "\033]0;${1}\007" fi fi } #end of showstate #------------------------------------------------------------------------- # sigexitscript function, called on receipt of SIGHUP #------------------------------------------------------------------------- sigexitscript () { #SUDO checked #FIXME - should this be 'trap 0'? trap - 0 #If we were asked to exit, no need to process a "crash" unset CKPTMGT CKPTMASON CKPTCHECKSYS CKPTCLIENTPORTRANGE \ CKPTGENERALIZEIP CKPTIPLE CKPTIPLT CKPTISNUMERICIP CKPTLOADCONF \ CKPTSERVERPORTRANGE CKPTADDCOUNTS CKPTNAMEOF CKPTBROADCASTOF \ CKPTCHECKCONF CKPTDELCOUNTS CKPTFLUSHFIREWALL CKPTPORT2CISCOPORT \ CKPTPROTONUM2NAME CKPTRULETAG CKPTRUNFIREWALL \ CKPTSETTOS CKPTSORTRULEFILE \ CKPTUNIQRULEFILE CKPTUPDATECOUNTS CKPTNETWORKOF || : if [ "$NEEDLF" = "YES" ]; then echo >/dev/stderr ; NEEDLF="NO" ; fi wrap Received HUP signal, exiting at next pass >/dev/stderr #FIXME - this needs to be written to the ONEKILLFILE; do we have access to that? export it? if type -path logger >/dev/null 2>/dev/null ; then logger '!!EXIT!!' fi EXITMASON="YES" #FIXME - should we just exit 0? exit 0 } #End of sigexitscript #------------------------------------------------------------------------- # settos subroutine, sets the TOS variable for the given port, port range, and protocol. #------------------------------------------------------------------------- #params: port, port range, protocol settos () { #SUDO checked #FIXME - can we set TOS on iptables? CKPTSETTOS=" settos: Start" ; #ckpt $CKPTSETTOS if [ "$INFORMAT" != "ipchains-lv" ]; then #http://www.cis.ohio-state.edu/htbin/rfc/rfc1349.html, esp. Appendix 2 #I generally follow what's in the IPCHAINS-Howto and RFC 1349 (with the exception of SMTP), and #chose to put pop3 and imap in the minimize cost category and web as maximize throughput. #I would truly welcome any dialog, public or private, on whether the following set of #TOS settings is appropriate for a general purpose firewall. TOS="" #I specifically do _not_ test for what policy is being used. Even if the policy is currently #reject or deny, the user might change it to accept later in the rule file, in which case the TOS flag should be set. #I also specifically don't check to see whether this is an output rule. It's overkill to #set if on in, out, _and_ forward, but the user might only be generating input rules with Mason. case "$2/$3" in "$IRC_BEGIN:$IRC_END/[Tt][Cc][Pp]") TOS=" -t 0x01 0x10" ;; #IRC Minimize delay "$TRACEROUTE_BEGIN:$TRACEROUTE_END/[Uu][Dd][Pp]") TOS=" -t 0x01 0x10" ;; #Traceroute Minimize delay esac case "$1/$3" in "21/[Tt][Cc][Pp]") TOS=" -t 0x01 0x10" ;; #FTP Minimize delay "23/[Tt][Cc][Pp]"|"22/[Tt][Cc][Pp]"|"513/[Tt][Cc][Pp]") TOS=" -t 0x01 0x10" ;; #Telnet,SSH,rlogin Minimize delay "53/[Uu][Dd][Pp]") TOS=" -t 0x01 0x10" ;; #dns Minimize delay "69/[Uu][Dd][Pp]") TOS=" -t 0x01 0x10" ;; #tftp Minimize delay "20/[Tt][Cc][Pp]"|"25/[Tt][Cc][Pp]") TOS=" -t 0x01 0x08" ;; #FTP-data,SMTP Maximize throughput "53/[Tt][Cc][Pp]") TOS=" -t 0x01 0x08" ;; #DNS zone transfer Maximize throughput "80/[Tt][Cc][Pp]"|"443/[Tt][Cc][Pp]"|"563/[Tt][Cc][Pp]") TOS=" -t 0x01 0x08" ;; #Web & secure web Maximize throughput "8080/[Tt][Cc][Pp]"|"3128/[Tt][Cc][Pp]") TOS=" -t 0x01 0x08" ;; #Web Caches Maximize throughput "161/[Uu][Dd][Pp]") TOS=" -t 0x01 0x04" ;; #SNMP Maximize reliability "119/[Tt][Cc][Pp]"|"110/[Tt][Cc][Pp]"|"143/[Tt][Cc][Pp]") TOS=" -t 0x01 0x02" ;; #NNTP,POP3,IMAP Minimize cost esac fi #FIXME - iptables if [ "$ECHOCOMMAND" = "cisco" ]; then case "$TOS" in " -t 0x01 0x02") TOS=" min-monetary-cost" ;; " -t 0x01 0x04") TOS=" max-reliability" ;; " -t 0x01 0x08") TOS=" max-throughput" ;; " -t 0x01 0x10") TOS=" min-delay" ;; esac elif [ "$ECHOCOMMAND" = "ipchains-save" ]; then case "$TOS" in " -t 0x01 0x02") TOS=" -t 01 02" ;; " -t 0x01 0x04") TOS=" -t 01 04" ;; " -t 0x01 0x08") TOS=" -t 01 08" ;; " -t 0x01 0x10") TOS=" -t 01 10" ;; esac fi CKPTSETTOS="" } #End of settos #------------------------------------------------------------------------- # sortrulefile procedure, sorts a rulefile so that the rules that process the most packets are at the top. #------------------------------------------------------------------------- sortrulefile () { #Params: $1 is the filespec for the files that need to be sorted by counts. CKPTSORTRULEFILE=" sortrulefile: Start" ; #ckpt $CKPTSORTRULEFILE for ONEFILE in $1 ; do echo -n Adding counts and sorting $ONEFILE... LASTRULETAG="" FILECOUNT="0" ; if [ -f $ONEFILE.0 ]; then rm -f $ONEFILE.0 || logfail $LINENO masonlib: YYYY 0117 ; fi CKPTSORTRULEFILE=" sortrulefile: addcounts" ; #ckpt $CKPTSORTRULEFILE addcounts $ONEFILE #Break up input file into sections that can safely be sorted #Redirect stdin to work around an f^@&ing annoying limitation in the read command. CKPTSORTRULEFILE=" sortrulefile: split into equivalent sections." ; #ckpt $CKPTSORTRULEFILE exec 5<&0 < "$ONEFILE" while read ONELINE ; do NEWRULETAG="`ruletag $ONELINE`" if [ "$NEWRULETAG" != "$LASTRULETAG" ]; then FILECOUNT=$[ $FILECOUNT + 1 ] if [ -f $ONEFILE.$FILECOUNT ]; then rm -f $ONEFILE.$FILECOUNT || logfail $LINENO masonlib: YYYY 0118 ; fi fi echo "$ONELINE" >>$ONEFILE.$FILECOUNT LASTRULETAG="$NEWRULETAG" done exec 0<&5 5<&- #Sort the sections that need it and re-assemble $ONEFILE CKPTSORTRULEFILE=" sortrulefile: reassemble" ; #ckpt $CKPTSORTRULEFILE rm -f $ONEFILE.new || logfail $LINENO masonlib: YYYY 0119 for SECTION in `seqfunc 0 $FILECOUNT` ; do if [ -f "$ONEFILE.$SECTION" ]; then if [ `grep '#\^' $ONEFILE.$SECTION | wc -l` -gt 0 ]; then sort -t '^' +1 -n -r $ONEFILE.$SECTION >>$ONEFILE.new || logfail $LINENO masonlib: YYYY 0120 else cat $ONEFILE.$SECTION >>$ONEFILE.new || logfail $LINENO masonlib: YYYY 0121 fi rm -f $ONEFILE.$SECTION || logfail $LINENO masonlib: YYYY 0122 fi done cat $ONEFILE.new >$ONEFILE || logfail $LINENO masonlib: YYYY 0123 rm -f $ONEFILE.new || logfail $LINENO masonlib: YYYY 0124 done echo Done! CKPTSORTRULEFILE="" } #End of sortrulefile #------------------------------------------------------------------------- # uniqrulefile subroutine, sorts the given file and removes duplicates. #------------------------------------------------------------------------- uniqrulefile () { #params: $1: filename of file to sort # This one takes a little explanation. I want to sort by the text after the first #, grouping similar rules #next to each other so that uniq can remove duplicates. Normally, sort -t '#' +1 $1 | uniq >$1.sorted #would do the trick. # Because we may have mark values on the lines, I have to convince uniq to ignore the mark values when #deciding whether adjacent lines are uniq. The only way I see to do that is to: #- add a fake field at the beginning of each line. Make it !!! at first. If the line has a mark value, #replace the !!! with the mark value and leave a placeholder ("ZzMaRkZz") in the mark value's place. #- sort and uniq as above, but use "-1" to skip over the first field. #- for each line with the placeholder, move the first field (the mark value) back to replace the placeholder. #- for any remaining lines with the bogus "!!!", remove it. # Elegant? no. Functional? Yes. CKPTUNIQRULEFILE=" uniqrulefile: delcounts" ; #ckpt $CKPTUNIQRULEFILE delcounts $1 cp -pf $1 $1.bak || logfail $LINENO masonlib: YYYY 0125 #sort -t '#' +1 $1 | uniq >$1.sorted #This worked until we had mark values. CKPTUNIQRULEFILE=" uniqrulefile: main pipeline" ; #ckpt $CKPTUNIQRULEFILE cat $1 | \ sed -e 's/^/!!! /' \ -e 's/^!!! \(.* -m \)\([0-9][0-9]*\)\( .*\)/\2 \1ZzMaRkZz\3/' | \ sort +1 | \ uniq -1 | \ sort -t '#' +1 | \ uniq -1 | \ sed -e 's/^\([0-9][0-9]*\) \(.* -m \)ZzMaRkZz\( .*\)/\2\1\3/' \ -e 's/^!!! //' >$1.sorted || logfail $LINENO masonlib: YYYY 0126 cat $1.sorted >$1 || logfail $LINENO masonlib: YYYY 0127 #This preserves the permissions of fwrules rm -f $1.sorted || logfail $LINENO masonlib: YYYY 0128 if [ "$SORTMODE" = "PACKETCOUNTS" ]; then CKPTUNIQRULEFILE=" uniqrulefile: sortrulefile" ; #ckpt $CKPTUNIQRULEFILE sortrulefile $1 fi CKPTUNIQRULEFILE="" } #End of uniqrulefile #------------------------------------------------------------------------- # updatecounts procedure, keeps a copy of the current packet counts if # there are more packets in the running firewall than in the archived copy. #------------------------------------------------------------------------- updatecounts () { #Params: none CKPTUPDATECOUNTS=" updatecounts: Start" ; #ckpt $CKPTUPDATECOUNTS #FIXME - update for iptables if [ -f /proc/net/ip_fwchains ] && [ "$SORTMODE" = "PACKETCOUNTS" ]; then #We can only match up counts to rules if we have mark values, i.e. ipchains. if [ -z "$LASTMINMARK" ] || [ "$LASTMINMARK" = "0" ]; then LASTMINARK=$MINMARK elif [ "$MINMARK" -ge "$LASTMINMARK" ]; then #Erase old counts if we've made new rules. cat /dev/null >$PACKETCOUNTFILE || : CURRENTCOUNT=0 LASTMINMARK=$MINMARK fi if [ -z "$CURRENTCOUNT" ] || [ "$CURRENTCOUNT" = "0" ]; then #Add up number of packets in current cache. CURRENTCOUNT=0 CKPTUPDATECOUNTS=" updatecounts: sum packetcountfile" ; #ckpt $CKPTUPDATECOUNTS for ONECOUNT in `awk '{print $1}' $PACKETCOUNTFILE || logfail $LINENO masonlib: YYYY 0129` ; do CURRENTCOUNT=$[ $CURRENTCOUNT + $ONECOUNT ] done fi NEWCOUNT=0 CKPTUPDATECOUNTS=" updatecounts: sum running firewall" ; #ckpt $CKPTUPDATECOUNTS for ONECOUNT in `ipchains -L -n -x -v | cut -b 1-9,66-75 - | grep '0x' | awk '{print $1}' || logfail $LINENO masonlib: YYYY 0130` ; do NEWCOUNT=$[ $NEWCOUNT + $ONECOUNT ] done if [ $NEWCOUNT -gt $CURRENTCOUNT ]; then #Are there more packets in the running firewall? CKPTUPDATECOUNTS=" updatecounts: replace packetcountfile" ; #ckpt $CKPTUPDATECOUNTS ipchains -L -n -x -v | cut -b 1-9,66-75 - | grep '0x' >$PACKETCOUNTFILE || logfail $LINENO masonlib: YYYY 0131 CURRENTCOUNT=$NEWCOUNT fi DUPMARKS=`ipchains -L -n -x -v | cut -b 1-9,66-75 - | grep '0x' | awk '{print $2}' | sort | uniq -d || logfail $LINENO masonlib: YYYY 0132` if [ -n "$DUPMARKS" ]; then wrap ${WARN}Warning - the following marks are used more than once in the currently running firewall:${NORM} >/dev/stderr for ONEMARK in $DUPMARKS ; do case $ONEMARK in 0x*) echo -n "$ONEMARK = $[ $ONEMARK ] " >/dev/stderr ;; *) echo -n "$ONEMARK " >/dev/stderr ;; esac done echo >/dev/stderr wrap This will give incorrect packet counts in your rulefiles. >/dev/stderr fi fi CKPTUPDATECOUNTS="" } #End of updatecounts �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������mason-1.0.0.orig/masonrc����������������������������������������������������������������������������0100644�0007657�0000764�00000102025�07467513702�014037� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������#WARNING - If you are upgrading from a previous version, the uncommented #lines in your old masonrc have been appended to the end of this file. #Please note that the NAMECACHE, NETCACHE, and SERVICES fields are no longer used. #For instructions on how to set the parameters in this file, refer to #mason.txt that came with this package; try looking in #/usr/doc/mason-{version}/mason.txt or refer to #http://www.pobox.com/~wstearns/mason/ The only fields you must change #are in the "Essential Settings" section immediately following. The other #fields may be left unset; Mason will assign defaults for them. The defaults #are generally used below, but see the documentation for more details. #Please see mason.txt or http://www.pobox.com/~wstearns/mason/ for #more information and copyright information. # - William Stearns (wstearns@pobox.com) # Reminder; this file is for system wide defaults. # If you wish to set something for this # run only, simply set it on the command line just before calling mason. For # example, putting DYNIF="ppp0" in this file has the # same effect on this execution of the program as running # DYNIF="ppp0" mason<Enter>. If a field is set on the command line and # in this file, this file wins - sorry. # The fields at the top are the ones you're most likely to need to edit. # The values in this script can be changed on the fly without #having to stop and restart Mason; simply make your changes, save the #file and run "killall -USR1 mason". Mason will only reread this #file when it receives this signal. # To have Mason gracefully exit, run "killall -HUP mason". #----------------------------------------------------------- # Essential settings - please set these. #----------------------------------------------------------- #A quote enclosed, space separated list of interfaces that change #IP address from time to time. Leave as "" if all addresses stay constant. #See DYNIFMODE if you want to fine tune how Mason handles these. #Default: no dynamic interfaces, all have static addresses. #DYNIF="ppp0" #DYNIF="" #What policy should mason use for upcoming rules? #There is no default for this field. You must choose one of #the following. #NEWRULEPOLICY="accept" #NEWRULEPOLICY="reject" #NEWRULEPOLICY="deny" #What should the default policy for your firewall be? #There is no default for this field. You must choose one of #the following. #DEFAULTPOLICY="accept" #DEFAULTPOLICY="reject" #DEFAULTPOLICY="deny" #What should the default policy for your system be when the #firewall is flushed? #There is no default for this field. You must choose one of #the following. #FLUSHEDPOLICY="accept" #FLUSHEDPOLICY="reject" #FLUSHEDPOLICY="deny" #----------------------------------------------------------- # Moderate likelihood you may wish to tune these, probably once. #----------------------------------------------------------- #DYNIFMODE Sets what Mason does with interfaces that change IP #address from time to time, such as network interfaces that use #dhcp or dial up links. #If set to SMALLESTRANGE, Mason attempts to calculate the smallest #IP network that contains all IP addresses seen so far for that #interface. Probably the best choice. Actually, the best choice #is to not use dynamic addresses on a firewall, but sometimes it's #unavoidable. #SPECIFICIP instructs Mason to only allow a single IP for each #interface. This is the most secure but also requires you to #restart the firewall whenever the IP address changes. #None of the above choices is permanent; there is a setting at the #top of the firewall rule file that can be changed at any time. # Default: SMALLESTRANGE #DYNIFMODE="SMALLESTRANGE" #DYNIFMODE="SPECIFICIP" #BLOCKEDHOSTS is a list of space separated machines that should not #be able to communicate _at_ _all_ with this machine or through #this machine. I'd reserve this for machines that have #attacked your machines in the past. Use space separated #machine.name/32 or 1.2.3.4/32 or 1.2.3.0/24 or network/netmask format. #This could also very reasonably be used to block all access to/from #one of your own machines that is particularly sensitive and #should only be allowed to communicate with other machines on #its own subnet. #_ALL_ communication of any sort that would normally pass in, out or #through this firewall is cut off. _ALL_. # Default: Empty #BLOCKEDHOSTS="" # "ipchains" = echo ipchains command to STDOUT, "ipfwadm" = echo # ipfwadm command to STDOUT, "none" = don't echo either. # Use "cisco" if you want Mason to spit out Cisco IOS access-list rules. # Autodetected if not set at all. # This is what you change if you want a different format in the # output rule file. # Default: Whatever this kernel supports. #ECHOCOMMAND="" # What should the IP address be converted to? # network: the smallest network in the routing table that contains the address. # host: the hostname or IP address for the machine # none: leave IP address as is. # custom: to be implemented. # dynamic IP's are replaced with ${ifNADDR} solely based on the value of DYNIF # Default: NETWORK #IPCONV="HOST" #IPCONV="NETWORK" #IPCONV="NONE" #IPCONV="CUSTOM" #For any IP addresses not converted into a network or otherwise #specially handled, should we leave them as IP addresses ("NONE"), #convert them to host names if they're in /etc/hosts #("FILESONLY"), or use that file, then try #a DNS lookup to get the name ("FULL")? # Default: FULL #HOSTLOOKUP="NONE" #HOSTLOOKUP="FILESONLY" #HOSTLOOKUP="FULL" #If you want a Mason firewall to automatically masquerade traffic from #reserved (rfc1918) addresses, set AUTOMASQIF to a space separated list of #interfaces _to_ which this traffic might go. For example, if eth0 and #eth2 are using reserved addresses, and eth3 and ppp0 are your gateways #to the outside world, you might set: #AUTOMASQIF="eth3 ppp0" #Do not simply set this to all your interfaces; that's a security risk. #If you would rather handle this yourself, set it to "". If blank or #not set at all, Mason will not automatically masquerade packets. #This setting has not effect if the rule to be added is a REJECT or DENY #rule. This is also not used in Cisco output. #Don't forget to include any virtual interfaces such as shaperX (or #ipsecX or cipeX?) # Default: if unset, Mason will leave empty. #AUTOMASQIF="" #DOBEEP="YES": beep at user with each new rule, "NO": dont # Default: YES #DOBEEP="YES" # "yes" = echo dot to STDERR when processing a repeat line, # "no" = don't. # Default: YES #HEARTBEAT="YES" #Use ANSI escape sequences to enhance display. Default YES. #Set this to no if your terminal doesn't support ANSI colors, etc. #USEANSI="YES" # The range of ports considered to be IRC server ports. # Default: 6666 to 6671 #IRC_BEGIN=6666 #IRC_END=6671 #The maximum number of X, Openwindows, or VNC consoles supported. The #default setting of 6 allows for ports 6000-6005 if any X traffic seen, #2000-2005 if any openwindows traffic seen, 5800-5805 for any vnc java #traffic, and 5900-5905 if any vnc traffic seen. # Default: 6 #MAXDISPLAYS=6 #If you only connect to a few (say 1-5) servers with a given protocol, #add it to the following (SSP=Sparse Server Protocols) so that Mason will #not generalize it to a network. #Example: When you get your mail, you probably only connect to a few #pop-3 or imap servers to get it. When you do a whois lookup, you #probably only connect to a single machine. #If only a few _client_ machines connect to a particular service, place #the port in SCP (Sparse _Client_ Protocols). #This feature does not differentiate between servers on your network and #servers in the real world. #A given protocol can be in both. These must be numeric. #Warning: If you're running your own DNS server on this machine or on #some machine behind it, do _not_ make Domain an SSP - leave it commented. #DNS, NTP, syslog and the Netbios protocols may use the same port number #for client and server. Declaring any of these as SSP's or SCP's will #probably cause _both_ ends to be specific hosts. #This can occasionally cause problems if the server in question has #multiple machines with the same name and different IP addresses - #ICQ has this problem. # Default: both empty. #SSP="${SSP} " #SSP="${SSP} 9/icmp" #Router advertisement (probably should be both an SCP and SSP) #SSP="${SSP} 25/tcp" #SMTP #SSP="${SSP} 43/tcp" #Whois #SSP="${SSP} 53/tcp 53/udp" #DNS/Domain - read note above #Do NOT put DNS in SSP if you run a DNS server on the firewall or behind it. #SSP="${SSP} 67/udp" #BOOTP Server #SSP="${SSP} 69/udp" #TFTP Server #SSP="${SSP} 88/tcp 88/udp" #Kerberos: should 749:751/tcp and 749:751/udp be here too? #SSP="${SSP} 109/tcp 110/tcp 143/tcp" #POP and IMAP Email #SSP="${SSP} 111/tcp 111/udp 635/tcp 635/udp 2049/tcp 2049/udp" #NFS: Sunrpc, Mount, and NFS #SSP="${SSP} 119/tcp" #NNTP #SSP="${SSP} 123/tcp 123/udp" #NTP - read note above #SSP="${SSP} 135/tcp 137/tcp 137/udp 138/tcp 138/udp 139/tcp 139/udp" #Netbios - read note above #SSP="${SSP} 370/udp 2432/udp 2433/udp" #Coda: codaauth2 codasrv codasrv-se #SSP="${SSP} 389/tcp" #LDAP #SSP="${SSP} 514/udp" #syslog #SSP="${SSP} 515/tcp" #Printer/LPD #SSP="${SSP} 2064/tcp" #RC5DES #SSP="${SSP} 3128/tcp 3130/udp" #Squid #SSP="${SSP} 4000/udp" #ICQ #SSP="${SSP} 7100/tcp" #xfs #SSP="${SSP} 8080/tcp" #Novell Border Manager/FastCache (thanks to Eric Hart for this port number) #SSP="${SSP} 8765/tcp" #search.cnn.com's search web server. #SSP="${SSP} 12343/tcp" #stats.hitbox.com #SCP="${SCP} " #SCP="${SSP} 9/icmp" #Router advertisement (probably should be both an SCP and SSP) #SCP="${SCP} 161/udp 162/udp" #SNMP #SCP="${SCP} 98/tcp" #Linuxconf #You probably have a number of internal services to which the outside world #should not connect. List them here, space separated. For the moment, these #_must_ be number/protocol. Ruleshell will block access to these coming from #any interface associated with a 0.0.0.0 route. #You can create your own or simply uncomment any lines you want to block. #Unlike the other operating parameters, Mason will not provide a default. #Auth (113/tcp) is one you _might_ want to leave open (i.e., leave #_commented_ below). #I've included protocols that generally have some security implication #if open to the outside world. You can use some, none, or all, and add #anything else you don't want the world to see. #Uncommenting service W below only means that people from the outside #world can't get to your W servers; you can still make requests out to #W servers on the Internet. #DNS, NTP, syslog and the Netbios protocols may use the same port number #for client and server. Leave these lines commented if you want to make #outbound _client_ requests to these servers. #You have the ability to block _entire_ protocols, such as tcp, udp, icmp, #gre, anything in /etc/protocols. Most people should _not_ need to use #this. In particular, you run a severe risk of violating a number of IP #requirements by blocking all icmp packets. Also, the only available #protocols for ipfwadm are tcp, udp, and icmp. # Default: empty. #NOINCOMING="${NOINCOMING} " #put your favorites here... #NOINCOMING="${NOINCOMING} 0/tcp 0/udp" #Probably a good one to block #NOINCOMING="${NOINCOMING} 7/tcp 7/udp" #Echo #NOINCOMING="${NOINCOMING} 8/icmp" #Ping request #NOINCOMING="${NOINCOMING} 15/tcp" #Netstat #NOINCOMING="${NOINCOMING} 20/tcp 21/tcp" #FTP (FTP daemons can have buffer overflows) #NOINCOMING="${NOINCOMING} 22/tcp" #SSH #NOINCOMING="${NOINCOMING} 22/udp 5631/tcp 5632/udp" #PCAnywhere #NOINCOMING="${NOINCOMING} 23/tcp" #Telnet #NOINCOMING="${NOINCOMING} 25/tcp" #SMTP #NOINCOMING="${NOINCOMING} 53/tcp 53/udp" #DNS (tcp is for zone transfers; large requests too?) (BIND 53/tcp can have buffer overflows) #NOINCOMING="${NOINCOMING} 67/udp" #BOOTP Server #NOINCOMING="${NOINCOMING} 69/udp" #TFTP #NOINCOMING="${NOINCOMING} 79/tcp" #Finger #NOINCOMING="${NOINCOMING} 80/tcp" #Web (Many attacks #NOINCOMING="${NOINCOMING} 87/tcp" #link #NOINCOMING="${NOINCOMING} 98/tcp" #LinuxConf #NOINCOMING="${NOINCOMING} 109/tcp 110/tcp 143/tcp" #Pop & IMAP mail (QPOP and IMAP may have buffer overflows) #NOINCOMING="${NOINCOMING} 111/tcp 111/udp" #Sunrpc #NOINCOMING="${NOINCOMING} 113/tcp" #Auth (NOTE: if enabled here, this protocol will be REJECTed rather than DENY'd) #NOINCOMING="${NOINCOMING} 119/tcp" #NNTP / Usenet news #NOINCOMING="${NOINCOMING} 123/tcp 123/udp" #NTP #NOINCOMING="${NOINCOMING} 135/tcp 137/tcp 137/udp 138/tcp 138/udp 139/tcp 139/udp" #Netbios (137/udp and 139/tcp may be involved in attacks) #NOINCOMING="${NOINCOMING} 161/udp 162/udp" #SNMP #NOINCOMING="${NOINCOMING} 177/tcp 177/udp" #XDM X login (also used in GDM) #NOINCOMING="${NOINCOMING} 443/tcp 563/tcp" #Secure Web #NOINCOMING="${NOINCOMING} 512:514/tcp" #Rexec, Rlogin, Rsh #NOINCOMING="${NOINCOMING} 512/udp" #biff #NOINCOMING="${NOINCOMING} 513/udp" #who #NOINCOMING="${NOINCOMING} 514/udp" #syslog #NOINCOMING="${NOINCOMING} 515/tcp" #LPD #NOINCOMING="${NOINCOMING} 520/udp" #Route / RIP #NOINCOMING="${NOINCOMING} 540/tcp" #UUCP #NOINCOMING="${NOINCOMING} 554/tcp 7070/tcp 7071/tcp" #RealAudio control ports #NOINCOMING="${NOINCOMING} 635/tcp 635/udp" #NFS Mount #NOINCOMING="${NOINCOMING} 901/tcp" #Swat (samba configuration) #NOINCOMING="${NOINCOMING} 1080/tcp" #Socks #NOINCOMING="${NOINCOMING} 1080/tcp 1080/udp 8080/tcp 8080/udp" #WinGate #NOINCOMING="${NOINCOMING} 1433/tcp 3306/tcp 5432/tcp" #SQL (mssql, mysql, postgresql) #NOINCOMING="${NOINCOMING} 2000:2010/tcp 6000:6010/tcp " #X and Openwindows #NOINCOMING="${NOINCOMING} 2049/udp 2049/tcp" #NFS #NOINCOMING="${NOINCOMING} 3128/tcp 3130/udp" #Squid web cache #NOINCOMING="${NOINCOMING} 5135/udp" #SGI (only, probably) object server #NOINCOMING="${NOINCOMING} 5232/tcp" #SGI (only, probably) distributed graphics #NOINCOMING="${NOINCOMING} 7100/tcp" #xfs (X Font server) #NOINCOMING="${NOINCOMING} 8080/tcp" #Novell Border Manager/FastCache (thanks to Eric Hart for this port number) #NOINCOMING="${NOINCOMING} 32771/tcp 32771/udp" #Sun RPC High port #NOINCOMING="${NOINCOMING} 33434:33524/udp" #traceroute #NOINCOMING="${NOINCOMING} /tcp" # #NOINCOMING="${NOINCOMING} gre" #_all_ gre protocol packets - just an example #Backdoors #NOINCOMING="${NOINCOMING} 31/udp 456/udp" #Hacker's Paradise Backdoor #NOINCOMING="${NOINCOMING} 555/tcp 555/udp" #iNi Killer/Phase Zero/Stealth Spy Backdoor #NOINCOMING="${NOINCOMING} 666/udp" #Satanz Backdoor #NOINCOMING="${NOINCOMING} 1001/udp" #Silencer, WebEX Backdoors #NOINCOMING="${NOINCOMING} 1170/udp" #Psyber Stream Backdoor #NOINCOMING="${NOINCOMING} 1234/udp" #Ultors Trojan Backdoor #NOINCOMING="${NOINCOMING} 1243/tcp 6776/tcp 27374/tcp" #SubSeven Backdoor #NOINCOMING="${NOINCOMING} 1245/udp" #VooDoo Doll Backdoor #NOINCOMING="${NOINCOMING} 1492/udp" #FTP99cmp Backdoor #NOINCOMING="${NOINCOMING} 1524/tcp 27665/tcp 27444/udp 31335/udp" #Trin00 (thanks to pmfirewall) #NOINCOMING="${NOINCOMING} 1600/udp" #Shivka-Burka #NOINCOMING="${NOINCOMING} 1807/udp" #Spy Sender Backdoor #NOINCOMING="${NOINCOMING} 1981/udp" #ShockRave #NOINCOMING="${NOINCOMING} 1999/udp" #Back Door Backdoor #NOINCOMING="${NOINCOMING} 2001/udp" #Trojan Cow Backdoor #NOINCOMING="${NOINCOMING} 2023/udp" #Ripper Pro Backdoor #NOINCOMING="${NOINCOMING} 2115/udp" #Bugs Backdoor #NOINCOMING="${NOINCOMING} 2140/udp" #Deep Throat, The Invasor Backdoor #NOINCOMING="${NOINCOMING} 2565/udp" #Striker Backdoor #NOINCOMING="${NOINCOMING} 2801/udp" #Phineas Phucker Backdoor. Hey, I did _not_ name them. #NOINCOMING="${NOINCOMING} 2989/udp" #Rat backdoor #NOINCOMING="${NOINCOMING} 3024/udp" #WinCrash Backdoor #NOINCOMING="${NOINCOMING} 3150/udp" #Deep Throat/Invasor Backdoor #NOINCOMING="${NOINCOMING} 3700/udp" #Portal Of Doom Backdoor #NOINCOMING="${NOINCOMING} 4092/udp" #WinCrash Backdoor #NOINCOMING="${NOINCOMING} 4950/udp" #ICQ Trojan Backdoor #NOINCOMING="${NOINCOMING} 5000/udp 5001/udp 50505/udp" #Sockets De Troie Backdoor #NOINCOMING="${NOINCOMING} 5321/udp" #FireHotcker Backdoor #NOINCOMING="${NOINCOMING} 5400:5402/udp" #Blade Runner Backdoor #NOINCOMING="${NOINCOMING} 5569/udp" #Robo-Hack Backdoor #NOINCOMING="${NOINCOMING} 5742/udp" #WinCrash Backdoor #NOINCOMING="${NOINCOMING} 6670/udp" #Deep Throat Backdoor #NOINCOMING="${NOINCOMING} 6711/udp" #Deep Throat/SubSeven Backdoor #NOINCOMING="${NOINCOMING} 6969/tcp" #GateCrasher Backdoor #NOINCOMING="${NOINCOMING} 7000/udp" #Remote Grab Backdoor #NOINCOMING="${NOINCOMING} 7300:7308/udp" #Net Monitor Backdoor #NOINCOMING="${NOINCOMING} 7789/udp" #ICKiller Backdoor #NOINCOMING="${NOINCOMING} 9872/udp 10067/udp 10167/udp" #Portal Of Doom Backdoor #NOINCOMING="${NOINCOMING} 10752/tcp" #Linux mountd backdoor #NOINCOMING="${NOINCOMING} 11223/udp" #Progenic Trojan Backdoor #NOINCOMING="${NOINCOMING} 12223/udp" #Hack99-Keylogger Backdoor #NOINCOMING="${NOINCOMING} 12345:12346/tcp" #Netbus/GabanBus NT trojan/Backdoor #udp too? (from pmfirewall) #NOINCOMING="${NOINCOMING} 12361:12362/tcp" #Whack-a-mole Backdoor #NOINCOMING="${NOINCOMING} 16969/udp" #Portal Of Doom/Priority Backdoor #NOINCOMING="${NOINCOMING} 20000:20001/udp" #Millenium Backdoor #NOINCOMING="${NOINCOMING} 20034/udp" #NetBus PRO Backdoor #NOINCOMING="${NOINCOMING} 21544/udp 21554/tcp" #Girlfriend Backdoor #NOINCOMING="${NOINCOMING} 22222/udp" #Prosiak Backdoor #NOINCOMING="${NOINCOMING} 23456/tcp" #EvilFTP Backdoor #NOINCOMING="${NOINCOMING} 26274/udp" #Delta Backdoor #NOINCOMING="${NOINCOMING} 30100/tcp" #NetSphere Backdoor #NOINCOMING="${NOINCOMING} 30102/tcp" #NetSphere FTP Backdoor #NOINCOMING="${NOINCOMING} 31337/tcp" #BIND Shell Backdoor #NOINCOMING="${NOINCOMING} 31337:31338/udp" #Back Orifice/Deep Back Orifice Backdoor #NOINCOMING="${NOINCOMING} 31339/udp" #NetSpy Backdoor #NOINCOMING="${NOINCOMING} 31666/udp" #BOWhack Backdoor #NOINCOMING="${NOINCOMING} 28431/udp 31785/tcp 31787/tcp 31789/udp 31791/udp" #Hackattack, trojan #NOINCOMING="${NOINCOMING} 33333/udp" #Prosiak Backdoor #NOINCOMING="${NOINCOMING} 34324/udp" #Big Gluck/TelnetSrv Backdoor #NOINCOMING="${NOINCOMING} 40412/udp" #The Spy Backdoor #NOINCOMING="${NOINCOMING} 40421:40423/udp 40426/udp" #Masters Paradise Backdoor #NOINCOMING="${NOINCOMING} 47262/udp" #Delta Backdoor #NOINCOMING="${NOINCOMING} 50776/udp" #Fore Backdoor #NOINCOMING="${NOINCOMING} 53001/udp" #Remote Win Shutdown Backdoor #NOINCOMING="${NOINCOMING} 61446/udp" #TeleCommando Backdoor #NOINCOMING="${NOINCOMING} 65000/udp" #Devil #Blackhole: #If you want your machine to disappear - be basically undetectable from #other hosts on the Internet - the following NOINCOMING and NOOUTGOING #lines _might_ be a good starting point onto which you can add the #standard services you don't want to be seen. All of the following #are listed above, this is just here for convenience. #NOINCOMING="${NOINCOMING} 0/tcp 0/udp 7/tcp 7/udp 8/icmp 15/tcp 33434:33524/udp" #NOOUTGOING="${NOOUTGOING} 0/icmp 3.0/icmp 3.1/icmp 3.2/icmp 3.3/icmp 3.5/icmp 3.6/icmp 3.7/icmp 3.8/icmp 3.9/icmp 3.10/icmp 3.11/icmp 3.12/icmp 3.13/icmp 3.14/icmp 3.15/icmp 9/icmp 11.0/icmp 11/icmp 18/icmp" #NoTrojan: #If you want all of the backdoors, uncomment the following line (all of the #following are listed above, this is just here for convenience): #NOINCOMING="${NOINCOMING} 31/udp 456/udp 555/tcp 555/udp 666/udp 1001/udp 1170/udp 1234/udp 1243/tcp 6776/tcp 1245/udp 1492/udp 1524/tcp 27665/tcp 27444/udp 31335/udp 1600/udp 1807/udp 1981/udp 1999/udp 2001/udp 2023/udp 2115/udp 2140/udp 2565/udp 2801/udp 2989/udp 3024/udp 3150/udp 3700/udp 4092/udp 4950/udp 5000/udp 5001/udp 50505/udp 5321/udp 5400:5402/udp 5569/udp 5742/udp 6670/udp 6711/udp 6969/tcp 7000/udp 7300:7308/udp 7789/udp 9872/udp 10067/udp 10167/udp 10752/tcp 11223/udp 12223/udp 12345:12346/tcp 12361:12362/tcp 16969/udp 20000:20001/udp 20034/udp 21544/udp 21554/tcp 22222/udp 23456/tcp 26274/udp 30100/tcp 30102/tcp 31337/tcp 31337:31338/udp 31339/udp 31666/udp 28431/udp 31785/tcp 31787/tcp 31789/udp 31791/udp 33333/udp 34324/udp 40412/udp 40421:40423/udp 40426/udp 47262/udp 50776/udp 53001/udp 61446/udp 65000/udp" #You may also have a few protocols that you definitely want to #stop from ever leaving your firewall. For the moment, these #can only be icmp_typecode/icmp or icmp_typecode.icmp_subcode/icmp . #Not tcp, not udp, just icmp. ipfwadm cannot handle icmp subcodes - don't use them. #Uncommenting one of more of the following makes it harder for #someone to map your network - but not impossible. Uncommenting #them _may_ also contribute to delays in normal communications. #NOOUTGOING="${NOOUTGOING} 0/icmp" #Ping reply #NOOUTGOING="${NOOUTGOING} 3.0/icmp" #network-unreachable #NOOUTGOING="${NOOUTGOING} 3.1/icmp" #host-unreachable (This may also be used for path mtu discovery?) #NOOUTGOING="${NOOUTGOING} 3.2/icmp" #protocol-unreachable #NOOUTGOING="${NOOUTGOING} 3.3/icmp" #port-unreachable #3.4/icmp (Fragmentation needed and DF set) is _not_ a good one to block - it screws up path MTU discovery. #NOOUTGOING="${NOOUTGOING} 3.5/icmp" #source-route-failed #NOOUTGOING="${NOOUTGOING} 3.6/icmp" #network-unknown #NOOUTGOING="${NOOUTGOING} 3.7/icmp" #host-unknown #NOOUTGOING="${NOOUTGOING} 3.8/icmp" #source-host-isolated #NOOUTGOING="${NOOUTGOING} 3.9/icmp" #network-prohibited #NOOUTGOING="${NOOUTGOING} 3.10/icmp" #host-prohibited #NOOUTGOING="${NOOUTGOING} 3.11/icmp" #TOS-network-unreachable #NOOUTGOING="${NOOUTGOING} 3.12/icmp" #TOS-host-unreachable #NOOUTGOING="${NOOUTGOING} 3.13/icmp" #communication-prohibited #NOOUTGOING="${NOOUTGOING} 3.14/icmp" #host-precedence-violation #NOOUTGOING="${NOOUTGOING} 3.15/icmp" #precedence-cutoff #NOOUTGOING="${NOOUTGOING} 9/icmp" #Router advertisement #NOOUTGOING="${NOOUTGOING} 11.0/icmp 11/icmp" #Time exceeded #NOOUTGOING="${NOOUTGOING} 18/icmp" #Address mask reply #If you do not already have EDITOR set in your environment, you #can set it here. If it's not set in either place, Mason #will try to find mcedit, pico, vi, jove, nedit, and emacs in #your path. # Default: try to find some of the standard ones. #EDITOR="/usr/bin/mcedit -c " #I like mine in color :-) #The number of characters to display on a line. Leave enough space for a #space at the end of the line. # Default: 72 #LINELENGTH=72 #How should mason sort the newrulesfile? # Default: PROTOCOL #SORTMODE="NONE" - This isn't implemented right now, and you wouldn't want it. #SORTMODE="PROTOCOL" #Group by protocol #SORTMODE="PACKETCOUNTS" #Put rules with the largest number of packets up top. #MINMARK #Mason can add mark numbers to ipchains rules. If you want to use #the feature of adding packet counts to rules (for migrating the rules #with the highest counts upwards) this must be set to some positive number. #In order to make the mark values unique, Mason will raise this above any #existing mark values. # Default: do not set marks. #MINMARK=32768 #When set to YES, Mason will generalize both the source and the #destination ports to 61000-65096, 1024-65535, or 0-1023, but only if the #packet is a tcp ack packet. This basically eliminates the ack rules #by reducing them to just a few, rather than one for each protocol. #My best understanding is that this generalization: # - will reduce the number of rules in your firewall by about 30%. # - will _probably_ _not_ increase the risk that someone can _make_ _a_ #_connection_ that they could not have made before. # - _will_ increase the risk that someone can map your internal network #ports even if they can't make connections to them. #Use at your own risk. Default NO. #GENERALIZETCPACK="YES" #----------------------------------------------------------- # Filenames #----------------------------------------------------------- #Location of runtime changeable files and configuration. #Make sure you include the trailing slash. # Default: "/var/lib/mason/" #MASONDIR="/var/lib/mason/" #This is the configuration file mason uses. It can be changed while #Mason is running as long as the SIGUSR1 signal is sent to Mason afterwards. #It's probably not a good idea to change the value of this variable on the fly. #Setting this here is of dubious value - this is better set as a #shell environment variable before running mason. # Default: /etc/masonrc #MASONCONF="/etc/masonrc" #The support library of routines used by mason and mason-gui-text # Default: "/var/lib/mason/masonlib" #MASONLIB="${MASONDIR}masonlib" #This field replaces the original NETCACHE file. #Most people can leave this blank; if null, Mason populates it with the #correct values. If you need Mason to use different networks, perhaps #to run Mason on another machine, place triplets of the form #"network-broadcast/netmask" in this variable, separating them #with spaces. "network/netmask", "network/numbits" and #"network-broadcast/numbits" are all legal: #NETWORKS="172.16.0.0-172.16.255.255/255.255.0.0 192.168.11.0-192.168.11.255/255.255.255.0" #NETWORKS="12.13.14.15/32 206.99.99.0/24 15.16.17.18/255.255.255.255 1.2.3.0-1.2.3.1/31" #Please place the most specific entries _first_. If you have certain machines #or subnets that need to be treated specially, place them here. If you #set this at all, make sure you include _all_ networks this machine needs #to recognize. # Default: Mason automatically detects your existing network structure #NETWORKS="" #If you want Mason to add the networks known at run-time to any custom list #of networks above, uncomment the following line: #NETWORKS="${NETWORKS} RUNTIME.NETWORKS" #BASERULEFILE="${MASONDIR}baserules" #NEWRULEFILE="${MASONDIR}newrules" #PACKETCOUNTFILE="${MASONDIR}packetcounts" #All of the following are autodetected if not set. #If you want to get an explicit listing of exactly what rules are used to #create the boot time firewall, try: #IPCHAINSBIN="echo /sbin/ipchains" #and run #/etc/rc.d/init.d/firewall start # #MASONEXE="/usr/bin/mason" #MASONDECIDE="/usr/bin/mason-decide" #IPFWADMBIN="/sbin/ipfwadm" #IPCHAINSBIN="/sbin/ipchains" #Note - ipnatctl is not used any more. #IPNATCTLBIN="/usr/local/bin/ipnatctl" #IPTABLESBIN="/usr/local/bin/iptables" #MASONPIDFILE="/var/run/mason.pid" #Default input file to tail. #PACKETLOGFILE="/var/log/messages" #Please note that the NAMECACHE, NETCACHE, and SERVICES fields are no longer used. #----------------------------------------------------------- # Low likelihood you'll need to change these #----------------------------------------------------------- # "ipchains" = actually run the ipchains command, "ipfwadm" = actually # run the ipfwadm command, "none" = don't run either. "none" is useful # if you're not running Mason as root or are running Mason on some machine # other than the actual operating firewall. User can override either by # simply setting the environment variable ahead of time. # Default: Autodetected to match running kernel. #DOCOMMAND="ipchains" #DOCOMMAND="ipfwadm" #DOCOMMAND="none" #What policy should we use for logging? # Default: same as NEWRULEPOLICY #LOGGINGPOLICY="accept" #LOGGINGPOLICY="reject" #LOGGINGPOLICY="deny" #The additional character added to the end of an ipchains chain name to #indicate that it holds rules to block logging. #Because of limitations on the length of rule names, NOLOGSUFFIX cannot #be longer than 1 character. Don't use any character that might be the #last character in a normal chain, like the "t" or "d" in inpu_t_, #outpu_t_, or forwar_d_. # Default: "N" #NOLOGSUFFIX="N" # "YES" to debug, anything else = dont # Default: NO #DEBUG="NO" #Ports used as the source port for masqueraded packets. # Default: 61000:65096 #PORT_MASQ_BEGIN=61000 #PORT_MASQ_END=65096 #Ports used as the destination ports for traceroute packets. # Default: 33434:33524 #TRACEROUTE_BEGIN=33434 #TRACEROUTE_END=33524 #Fine for up to 30 routers, 3 packets each, the default for traceroute. #When ssh(d?) is run as root, the client port starts off at 1023 and #works its way down to (512?). Mason handles this falling range #correctly, but this allows you to predeclare that you want to handle #up to 1024-LOWSSHPORT connections simultaneously. # Default: 1010, but it will keep dropping down as needed. #LOWSSHPORT=1010 #Interfaces on which packets from untrusted systems can come _in_, #usually identical to the interfaces with a default route. (That's #how this is automatically set if you don't set it explicitly.) #If you use diald, explicitly set this with _only_ the ppp #interface(s); packets never _arrive_ on the slx interface(s). #You should only have to set this by hand if you use something #like diald, a cable modem, or a satellite link where you use #different interfaces for outgoing and incoming packets. # Default: your default route interfaces. #INCOMINGINTERFACES="" #INCOMINGINTERFACES="ppp0" #Single interface diald #As above, these are the interfaces that actually carry packets #back to untrusted systems. #You should only have to set this if you had to set the above. It #normally gets set from your routing table automatically too. # Default: your default route interfaces. #OUTGOINGINTERFACES="" #OUTGOINGINTERFACES="ppp0" #Single interface diald #----------------------------------------------------------- # To be implemented #----------------------------------------------------------- #Needs some more testing, but feel free to try it out. #Note: this only works when DOCOMMAND=ipchains, and will #cause severe network problems if _any_ networks or IP's #in your routing table overlap, but point at different interfaces #(overlapping routes that point at the _same_ interface are not a #problem). This is almost certainly the case if you use proxyarp #and may show up in other network setups as well. It's probably #not a good idea to enable this if you have any non-default #routes where packets go out one interface and come back on #another (_default_ routes like this are ok). # Default: NO if there are overlapping routes, YES if there aren't. #SPOOFBLOCKS="YES" #Future: allow non-verbose operation? Not used as of 0.13.0. # Default: YES #VERBOSE="YES" #Not tested yet, but give it a try if you want all packets #from blocked protocols or hosts to be logged. You should not #enable this during the learning process - wait until after. #LOGBLOCKS="-l" #POISONPROTOCOLS="" #treat these as blockedhost machines from now on and append #to masonrc as BLOCKEDHOSTS... :-) Hmmm.... ##SYSTEMRULEFILE="${MASONDIR}systemrules" #----------------------------------------------------------- # Deprecated #----------------------------------------------------------- ##Note - NAMECACHE support has been disabled. ##THIS SECTION WILL BE DELETED. ##NAMECACHE _could_ be /etc/hosts, but this was really intended to be a ##local cache for Mason only. This really should be in some directory like ##/var/lib/mason. ##NAMECACHE="${MASONDIR}morehosts" ##Note - Mason no longer supports additional services files. You need to ##make sure /etc/services holds all your protocols. ##THIS SECTION WILL BE DELETED. ##These files, in /etc/services format, hold additional ports that may ##not be defined in the stock /etc/services. If you would prefer to ##use just the services in your own /etc/services, uncomment the ##first line. Your /etc/services entries always take precedence over ##any entries in moreservices. If you choose not to use the moreservices ##file, make _sure_ your /etc/services has _all_ the protocols you might ##use. ssh, portmapper, nfs, and nfs mount services are especially ##crucial. Default is just /etc/services. ##SERVICES="/etc/services" ##SERVICES="/etc/services ${MASONDIR}nmap-services ${MASONDIR}moreservices" ##Obsoleted - do not use any more. If you have made any manual changes to ##this file, please transfer the contents to the NETWORKS variable below. ##NETCACHE="${MASONDIR}netconvert" #Copyleft: # Mason interactively creates a Linux packet filtering firewall. # Copyright (C) 1998-2000 William Stearns <wstearns@pobox.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # The author can also be reached at: # William Stearns #email: wstearns@pobox.com (preferred) #web: http://www.stearns.org/mason/ #snail: 6 Manchester Dr. # Lebanon NH, 03766 �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������mason-1.0.0.orig/moreservices�����������������������������������������������������������������������0100644�0007657�0000764�00000075211�07467640614�015114� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������# /etc/services: # $Id: services,v 1.17 2001/02/28 20:11:31 notting Exp $ # # Network services, Internet style # # Note that it is presently the policy of IANA to assign a single well-known # port number for both TCP and UDP; hence, most entries here have two entries # even if the protocol doesn't support UDP operations. # Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports # are included, only the more common ones. # # The latest IANA port assignments can be gotten from # http://www.isi.edu/in-notes/iana/assignments/port-numbers # The Well Known Ports are those from 0 through 1023. # The Registered Ports are those from 1024 through 49151 # The Dynamic and/or Private Ports are those from 49152 through 65535 # # Each line describes one service, and is of the form: # # service-name port/protocol [aliases ...] [# comment] tcpmux 1/tcp # TCP port service multiplexer tcpmux 1/udp # TCP port service multiplexer rje 5/tcp # Remote Job Entry rje 5/udp # Remote Job Entry echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users systat 11/udp users daytime 13/tcp daytime 13/udp qotd 17/tcp quote qotd 17/udp quote msp 18/tcp # message send protocol msp 18/udp # message send protocol chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp ftp-data 20/udp ftp 21/tcp ftp 21/udp ssh 22/tcp # SSH Remote Login Protocol ssh 22/udp # SSH Remote Login Protocol telnet 23/tcp telnet 23/udp # 24 - private mail system smtp 25/tcp mail smtp 25/udp mail time 37/tcp timserver time 37/udp timserver rlp 39/tcp resource # resource location rlp 39/udp resource # resource location nameserver 42/tcp name # IEN 116 nameserver 42/udp name # IEN 116 nicname 43/tcp whois nicname 43/udp whois tacacs 49/tcp # Login Host Protocol (TACACS) tacacs 49/udp # Login Host Protocol (TACACS) re-mail-ck 50/tcp # Remote Mail Checking Protocol re-mail-ck 50/udp # Remote Mail Checking Protocol domain 53/tcp nameserver # name-domain server domain 53/udp nameserver whois++ 63/tcp whois++ 63/udp bootps 67/tcp # BOOTP server bootps 67/udp bootpc 68/tcp # BOOTP client bootpc 68/udp tftp 69/tcp tftp 69/udp gopher 70/tcp # Internet Gopher gopher 70/udp netrjs-1 71/tcp # Remote Job Service netrjs-1 71/udp # Remote Job Service netrjs-2 72/tcp # Remote Job Service netrjs-2 72/udp # Remote Job Service netrjs-3 73/tcp # Remote Job Service netrjs-3 73/udp # Remote Job Service netrjs-4 74/tcp # Remote Job Service netrjs-4 74/udp # Remote Job Service finger 79/tcp finger 79/udp http 80/tcp www www-http # WorldWideWeb HTTP http 80/udp www www-http # HyperText Transfer Protocol kerberos 88/tcp kerberos5 krb5 # Kerberos v5 kerberos 88/udp kerberos5 krb5 # Kerberos v5 supdup 95/tcp supdup 95/udp hostname 101/tcp hostnames # usually from sri-nic hostname 101/udp hostnames # usually from sri-nic iso-tsap 102/tcp tsap # part of ISODE. csnet-ns 105/tcp cso # also used by CSO name server csnet-ns 105/udp cso # unfortunately the poppassd (Eudora) uses a port which has already # been assigned to a different service. We list the poppassd as an # alias here. This should work for programs asking for this service. # (due to a bug in inetd the 3com-tsmux line is disabled) #3com-tsmux 106/tcp poppassd #3com-tsmux 106/udp poppassd rtelnet 107/tcp # Remote Telnet rtelnet 107/udp pop2 109/tcp pop-2 postoffice # POP version 2 pop2 109/udp pop-2 pop3 110/tcp pop-3 # POP version 3 pop3 110/udp pop-3 sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP auth 113/tcp authentication tap ident auth 113/udp authentication tap ident sftp 115/tcp sftp 115/udp uucp-path 117/tcp uucp-path 117/udp nntp 119/tcp readnews untp # USENET News Transfer Protocol nntp 119/udp readnews untp # USENET News Transfer Protocol ntp 123/tcp ntp 123/udp # Network Time Protocol netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp netbios-ssn 139/tcp # NETBIOS session service netbios-ssn 139/udp imap 143/tcp imap2 # Interim Mail Access Proto v2 imap 143/udp imap2 snmp 161/tcp # Simple Net Mgmt Proto snmp 161/udp # Simple Net Mgmt Proto snmptrap 162/udp snmp-trap # Traps for SNMP cmip-man 163/tcp # ISO mgmt over IP (CMOT) cmip-man 163/udp cmip-agent 164/tcp cmip-agent 164/udp mailq 174/tcp # MAILQ mailq 174/udp # MAILQ xdmcp 177/tcp # X Display Mgr. Control Proto xdmcp 177/udp nextstep 178/tcp NeXTStep NextStep # NeXTStep window nextstep 178/udp NeXTStep NextStep # server bgp 179/tcp # Border Gateway Proto. bgp 179/udp prospero 191/tcp # Cliff Neuman's Prospero prospero 191/udp irc 194/tcp # Internet Relay Chat irc 194/udp smux 199/tcp # SNMP Unix Multiplexer smux 199/udp at-rtmp 201/tcp # AppleTalk routing at-rtmp 201/udp at-nbp 202/tcp # AppleTalk name binding at-nbp 202/udp at-echo 204/tcp # AppleTalk echo at-echo 204/udp at-zis 206/tcp # AppleTalk zone information at-zis 206/udp qmtp 209/tcp # Quick Mail Transfer Protocol qmtp 209/udp # Quick Mail Transfer Protocol z39.50 210/tcp z3950 wais # NISO Z39.50 database z39.50 210/udp z3950 wais ipx 213/tcp # IPX ipx 213/udp imap3 220/tcp # Interactive Mail Access imap3 220/udp # Protocol v3 link 245/tcp ttylink link 245/udp ttylink rsvp_tunnel 363/tcp rsvp_tunnel 363/udp rpc2portmap 369/tcp rpc2portmap 369/udp # Coda portmapper codaauth2 370/tcp codaauth2 370/udp # Coda authentication server ulistproc 372/tcp ulistserv # UNIX Listserv ulistproc 372/udp ulistserv ldap 389/tcp ldap 389/udp svrloc 427/tcp # Server Location Protocl svrloc 427/udp # Server Location Protocl mobileip-agent 434/tcp mobileip-agent 434/udp mobilip-mn 435/tcp mobilip-mn 435/udp https 443/tcp # MCom https 443/udp # MCom snpp 444/tcp # Simple Network Paging Protocol snpp 444/udp # Simple Network Paging Protocol microsoft-ds 445/tcp microsoft-ds 445/udp kpasswd 464/tcp kpwd # Kerberos "passwd" kpasswd 464/udp kpwd # Kerberos "passwd" photuris 468/tcp photuris 468/udp saft 487/tcp # Simple Asynchronous File Transfer saft 487/udp # Simple Asynchronous File Transfer gss-http 488/tcp gss-http 488/udp pim-rp-disc 496/tcp pim-rp-disc 496/udp isakmp 500/tcp isakmp 500/udp gdomap 538/tcp # GNUstep distributed objects gdomap 538/udp # GNUstep distributed objects iiop 535/tcp iiop 535/udp dhcpv6-client 546/tcp dhcpv6-client 546/udp dhcpv6-server 547/tcp dhcpv6-server 547/udp rtsp 554/tcp # Real Time Stream Control Protocol rtsp 554/udp # Real Time Stream Control Protocol nntps 563/tcp # NNTP over SSL nntps 563/udp # NNTP over SSL whoami 565/tcp whoami 565/udp submission 587/tcp msa # mail message submission submission 587/udp msa # mail message submission npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS npmp-local 610/udp dqs313_qmaster # npmp-local / DQS npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS npmp-gui 611/udp dqs313_execd # npmp-gui / DQS hmmp-ind 612/tcp dqs313_intercell # HMMP Indication / DQS hmmp-ind 612/udp dqs313_intercell # HMMP Indication / DQS ldaps 636/tcp # LDAP over SSL ldaps 636/udp # LDAP over SSL acap 674/tcp acap 674/udp ha-cluster 694/tcp # Heartbeat HA-cluster ha-cluster 694/udp # Heartbeat HA-cluster kerberos-adm 749/tcp # Kerberos `kadmin' (v5) kerberos-iv 750/udp kerberos4 kerberos-sec kdc kerberos-iv 750/tcp kerberos4 kerberos-sec kdc webster 765/tcp # Network dictionary webster 765/udp phonebook 767/tcp # Network phonebook phonebook 767/udp rsync 873/tcp # rsync rsync 873/udp # rsync telnets 992/tcp telnets 992/udp imaps 993/tcp # IMAP over SSL imaps 993/udp # IMAP over SSL ircs 994/tcp ircs 994/udp pop3s 995/tcp # POP-3 over SSL pop3s 995/udp # POP-3 over SSL # # UNIX specific services # exec 512/tcp biff 512/udp comsat login 513/tcp who 513/udp whod shell 514/tcp cmd # no passwords used syslog 514/udp printer 515/tcp spooler # line printer spooler printer 515/udp spooler # line printer spooler talk 517/udp ntalk 518/udp utime 519/tcp unixtime utime 519/udp unixtime efs 520/tcp router 520/udp route routed # RIP ripng 521/tcp ripng 521/udp timed 525/tcp timeserver timed 525/udp timeserver tempo 526/tcp newdate courier 530/tcp rpc conference 531/tcp chat netnews 532/tcp readnews netwall 533/udp # -for emergency broadcasts uucp 540/tcp uucpd # uucp daemon klogin 543/tcp # Kerberized `rlogin' (v5) kshell 544/tcp krcmd # Kerberized `rsh' (v5) afpovertcp 548/tcp # AFP over TCP afpovertcp 548/udp # AFP over TCP remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem # # From ``PORT NUMBERS'': # #>REGISTERED PORT NUMBERS #> #>The Registered Ports are listed by the IANA and on most systems can be #>used by ordinary user processes or programs executed by ordinary #>users. #> #>Ports are used in the TCP [RFC793] to name the ends of logical #>connections which carry long term conversations. For the purpose of #>providing services to unknown callers, a service contact port is #>defined. This list specifies the port used by the server process as #>its contact port. #> #>The IANA registers uses of these ports as a convienence to the #>community. # socks 1080/tcp # socks proxy server socks 1080/udp # socks proxy server skkserv 1178/tcp # SKK Japanese input method h323hostcallsc 1300/tcp # H323 Host Call Secure h323hostcallsc 1300/udp # H323 Host Call Secure ms-sql-s 1433/tcp # Microsoft-SQL-Server ms-sql-s 1433/udp # Microsoft-SQL-Server ms-sql-m 1434/tcp # Microsoft-SQL-Monitor ms-sql-m 1434/udp # Microsoft-SQL-Monitor ica 1494/tcp # Citrix ICA Client ica 1494/udp # Citrix ICA Client wins 1512/tcp # Microsoft's Windows Internet Name Service wins 1512/udp # Microsoft's Windows Internet Name Service ingreslock 1524/tcp ingreslock 1524/udp prospero-np 1525/tcp # Prospero non-privileged prospero-np 1525/udp support 1529/tcp prmsd gnatsd # cygnus bug tracker datametrics 1645/tcp old-radius # datametrics / old radius entry datametrics 1645/udp old-radius # datametrics / old radius entry sa-msg-port 1646/tcp old-radacct # sa-msg-port / old radacct entry sa-msg-port 1646/udp old-radacct # sa-msg-port / old radacct entry kermit 1649/tcp kermit 1649/udp l2tp 1701/tcp l2tp 1701/udp h323gatedisc 1718/tcp h323gatedisc 1718/udp h323gatestat 1719/tcp h323gatestat 1719/udp h323hostcall 1720/tcp h323hostcall 1720/udp tftp-mcast 1758/tcp tftp-mcast 1758/udp hello 1788/tcp hello 1788/udp radius 1812/tcp # Radius radius 1812/udp # Radius radius-acct 1813/tcp radacct # Radius Accounting radius-acct 1813/udp radacct # Radius Accounting mtp 1911/tcp # mtp 1911/udp # hsrp 1985/tcp # Cisco Hot Standby Router Protocol hsrp 1985/udp # Cisco Hot Standby Router Protocol licensedaemon 1986/tcp licensedaemon 1986/udp gdp-port 1997/tcp # Cisco Gateway Discovery Protocol gdp-port 1997/udp # Cisco Gateway Discovery Protocol nfs 2049/tcp nfsd nfs 2049/udp nfsd zephyr-srv 2102/tcp # Zephyr server zephyr-srv 2102/udp # Zephyr server zephyr-clt 2103/tcp # Zephyr serv-hm connection zephyr-clt 2103/udp # Zephyr serv-hm connection zephyr-hm 2104/tcp # Zephyr hostmanager zephyr-hm 2104/udp # Zephyr hostmanager cvspserver 2401/tcp # CVS client/server operations cvspserver 2401/udp # CVS client/server operations venus 2430/tcp # codacon port venus 2430/udp # Venus callback/wbc interface venus-se 2431/tcp # tcp side effects venus-se 2431/udp # udp sftp side effect codasrv 2432/tcp # not used codasrv 2432/udp # server port codasrv-se 2433/tcp # tcp side effects codasrv-se 2433/udp # udp sftp side effect corbaloc 2809/tcp # CORBA naming service locator icpv2 3130/tcp # Internet Cache Protocol V2 (Squid) icpv2 3130/udp # Internet Cache Protocol V2 (Squid) mysql 3306/tcp # MySQL mysql 3306/udp # MySQL trnsprntproxy 3346/tcp # Trnsprnt Proxy trnsprntproxy 3346/udp # Trnsprnt Proxy prsvp 3455/tcp # RSVP Port prsvp 3455/udp # RSVP Port rwhois 4321/tcp # Remote Who Is rwhois 4321/udp # Remote Who Is krb524 4444/tcp # Kerberos 5 to 4 ticket xlator krb524 4444/udp # Kerberos 5 to 4 ticket xlator rfe 5002/tcp # Radio Free Ethernet rfe 5002/udp # Actually uses UDP only cfengine 5308/tcp # CFengine cfengine 5308/udp # CFengine cvsup 5999/tcp CVSup # CVSup file transfer/John Polstra/FreeBSD cvsup 5999/udp CVSup # CVSup file transfer/John Polstra/FreeBSD x11 6000/tcp X # the X Window System afs3-fileserver 7000/tcp # file server itself afs3-fileserver 7000/udp # file server itself afs3-callback 7001/tcp # callbacks to cache managers afs3-callback 7001/udp # callbacks to cache managers afs3-prserver 7002/tcp # users & groups database afs3-prserver 7002/udp # users & groups database afs3-vlserver 7003/tcp # volume location database afs3-vlserver 7003/udp # volume location database afs3-kaserver 7004/tcp # AFS/Kerberos authentication service afs3-kaserver 7004/udp # AFS/Kerberos authentication service afs3-volser 7005/tcp # volume managment server afs3-volser 7005/udp # volume managment server afs3-errors 7006/tcp # error interpretation service afs3-errors 7006/udp # error interpretation service afs3-bos 7007/tcp # basic overseer process afs3-bos 7007/udp # basic overseer process afs3-update 7008/tcp # server-to-server updater afs3-update 7008/udp # server-to-server updater afs3-rmtsys 7009/tcp # remote cache manager service afs3-rmtsys 7009/udp # remote cache manager service sd 9876/tcp # Session Director sd 9876/udp # Session Director amanda 10080/tcp # amanda backup services amanda 10080/udp # amanda backup services h323callsigalt 11720/tcp # H323 Call Signal Alternate h323callsigalt 11720/udp # H323 Call Signal Alternate quake 26000/tcp quake 26000/udp wnn6-ds 26208/tcp wnn6-ds 26208/udp #traceroute 33434/tcp traceroute 33434/udp # # Datagram Delivery Protocol services # rtmp 1/ddp # Routing Table Maintenance Protocol nbp 2/ddp # Name Binding Protocol echo 4/ddp # AppleTalk Echo Protocol zip 6/ddp # Zone Information Protocol # # Kerberos (Project Athena/MIT) services # Note that these are for Kerberos v4, and are unofficial. Sites running # v4 should uncomment these and comment out the v5 entries above. # kerberos_master 751/udp # Kerberos authentication kerberos_master 751/tcp # Kerberos authentication passwd_server 752/udp # Kerberos passwd server krbupdate 760/tcp kreg # Kerberos registration kpop 1109/tcp # Pop with Kerberos knetd 2053/tcp # Kerberos de-multiplexor # # Kerberos 5 services, also not registered with IANA # krb5_prop 754/tcp # Kerberos slave propagation eklogin 2105/tcp # Kerberos encrypted rlogin # # Unofficial but necessary (for NetBSD) services # supfilesrv 871/tcp # SUP server supfiledbg 1127/tcp # SUP debugging # # Unofficial but useful/necessary other services # netstat 15/tcp # (was once asssigned, no more) fsp 21/udp fspd # linuxconf 98/tcp # Linuxconf HTML access poppassd 106/tcp # Eudora poppassd 106/udp # Eudora smtps 465/tcp # SMTP over SSL (TLS) gii 616/tcp # gated interactive interface omirr 808/tcp omirrd # online mirror omirr 808/udp omirrd # online mirror swat 901/tcp # Samba Web Administration Tool rmtcfg 1236/tcp # Gracilis Packeten remote config server xtel 1313/tcp # french minitel support 1529/tcp # GNATS cfinger 2003/tcp # GNU Finger ninstall 2150/tcp # ninstall service ninstall 2150/udp # ninstall service afbackup 2988/tcp # Afbackup system afbackup 2988/udp # Afbackup system squid 3128/tcp # squid web proxy postgres 5432/tcp # POSTGRES postgres 5432/udp # POSTGRES fax 4557/tcp # FAX transmission service (old) hylafax 4559/tcp # HylaFAX client-server protocol (new) sgi-dgl 5232/tcp # SGI Distributed Graphics sgi-dgl 5232/udp noclog 5354/tcp # noclogd with TCP (nocol) noclog 5354/udp # noclogd with UDP (nocol) hostmon 5355/tcp # hostmon uses TCP (nocol) hostmon 5355/udp # hostmon uses TCP (nocol) ircd 6667/tcp # Internet Relay Chat ircd 6667/udp # Internet Relay Chat xfs 7100/tcp # X font server tircproxy 7666/tcp # Tircproxy http-alt 8008/tcp http-alt 8008/udp webcache 8080/tcp # WWW caching service webcache 8080/udp # WWW caching service tproxy 8081/tcp # Transparent Proxy tproxy 8081/udp # Transparent Proxy jetdirect 9100/tcp laserjet hplj mandelspawn 9359/udp mandelbrot # network mandelbrot kamanda 10081/tcp # amanda backup services (Kerberos) kamanda 10081/udp # amanda backup services (Kerberos) amandaidx 10082/tcp # amanda backup services amidxtape 10083/tcp # amanda backup services isdnlog 20011/tcp # isdn logging system isdnlog 20011/udp # isdn logging system vboxd 20012/tcp # voice box system vboxd 20012/udp # voice box system binkp 24554/tcp # Binkley binkp 24554/udp # Binkley #asp 27374###/tcp # Address Search Protocol #asp 27374###/udp # Address Search Protocol tfido 60177/tcp # Ifmail tfido 60177/udp # Ifmail fido 60179/tcp # Ifmail fido 60179/udp # Ifmail ####################### Local services ###################################### #Ordered local ports netstat 15/tcp fsp 21/udp fspd PCAnywhere 22/udp ssh # PCAnywhere and SSH Remote Login Protocol # 26 - unassigned specter 28/tcp # http://www.specter.com mtp 57/tcp # deprecated rje 77/tcp netrjs transproxy 81/tcp # http://www.transproxy.nlc.net.au/ link 87/tcp ttylink linuxconf 98/tcp # 100 - reserved x400 103/tcp # ISO Mail x400-snd 104/tcp NeWS 144/tcp news # Window System mailq 174/tcp # Mailer transport queue for Zmailer mailq 174/udp # Mailer transport queue for Zmailer BM-vpn 213/tcp # Novell Border Manager VPN Master/Slave (IPX/TCP) (http://www.novell.com/documentation/lg/bordr/docui/index.html) ssh-trojan 227/tcp # http://www.incidents.org/diary/diary.php?id=96 BM-vpn-auth 353/tcp # Novell Border Manager VPN Client Authentication (http://www.novell.com/documentation/lg/bordr/docui/index.html) BM-vpn-keep-alive 353/udp # Novell Border Manager VPN Keep-Alive (http://www.novell.com/documentation/lg/bordr/docui/index.html) dtk 365/tcp # Deception ToolKit http://www.all.net/dtk/ dtk 365/udp # Deception ToolKit (may not be actively used) http://www.all.net/dtk/ securecast1 370/udp # Outgoing packets to NAI's servers, http://www.nai.com/asp_set/anti_virus/alerts/faq.asp securecast2 371/udp # Incoming packets from NAI's servers, http://www.nai.com/asp_set/anti_virus/alerts/faq.asp directconnect 412/tcp # Peer-to-peer file sharing, http://www.neo-modus.com/?page=Help directconnect 412/udp # Peer-to-peer file sharing, http://www.neo-modus.com/?page=Help ssmtp 465/tcp # SMTP over SSL isakmp 500/tcp # IPSec (control channel?), is tcp even used? isakmp 500/udp # IPSec (control channel?) efs 520/tcp # for LucasFilm route 520/udp router routed # RIP netware-sap 524/tcp # Not sure of the name gdomap 538/tcp # GNUstep distributed objects gdomap 538/udp # GNUstep distributed objects klogin 543/tcp # Kerberized `rlogin' (v5) kshell 544/tcp krcmd # Kerberized `rsh' (v5) new-rwho 550/udp new-who # experimental realaudvid0 554/tcp # RealAudio control port, http://service.real.com/firewall/ rmonitor 560/udp rmonitord # experimental monitor 561/udp # experimental snews 563/tcp # NNTP over SSL pcserver 600/tcp # ECD Integrated PC board srvr mount 635/tcp # NFS Mount Service mount 635/udp # NFS Mount Service ssl-ldap 636/tcp # LDAP over SSL pcnfs 640/udp # PC-NFS DOS Authentication bwnfs 650/udp # BW-NFS DOS Authentication tinc 655/tcp TINC # http://tinc.nl.linux.org/ , VPN daemon tinc 655/udp TINC # Ivo Timmermans <itimmermans@bigfoot.com> kerberos-adm 749/tcp # Kerberos `kadmin' (v5) kerberos-adm 749/udp # Kerberos 5 admin/changepw kerberos-iv 750/udp kerberos4 kerberos-sec kdc # Kerberos authentication (server) udp kerberos-iv 750/tcp kerberos4 kerberos-sec kdc # Kerberos authentication (server) tcp krb_prop 754/tcp krb5_prop # Kerberos slave propagation kpasswd 761/tcp kpwd # Kerberos "passwd" webster 765/tcp # Network dictionary webster 765/udp remoteposs 799/tcp # Remotely Possible #amd uses udp port 800 and talks to 1023 over lo over all IP addresses #amd uses udp port 1023 and talks to 800 over lo over all IP addresses StarScheduler 801/tcp # Star office internal web server rsync 873/tcp # rsync rsync 873/udp # rsync swat 901/tcp # Samba Web Administration Tool sgi_fam 933/udp # File monitoring tool, http://oss.sgi.com/projects/fam/ simap 993/tcp # IMAP over SSL spop3 995/tcp # POP-3 over SSL imaps 993/tcp # IMAP over SSL pop3s 995/tcp # POP-3 over SSL listen 1025/tcp listener RFS remote_file_sharing nterm 1026/tcp remote_login network_terminal ddt 1052/tcp # http://ddt.sourceforge.net . Dynamic DNS client and server ddt 1052/udp # http://ddt.sourceforge.net . Dynamic DNS client and server freeveracity 1062/tcp # http://freeveracity.org socks 1080/tcp # socks proxy server socks 1080/udp # socks proxy server oracle-proxy 1100/tcp #http://otn.oracle.com/deploy/security/pdf/webcache.pdf oracle-proxy-admin 4000/tcp #http://otn.oracle.com/deploy/security/pdf/webcache.pdf oracle-proxy-xml 4001/tcp #http://otn.oracle.com/deploy/security/pdf/webcache.pdf oracle-proxy-stats 4002/tcp #http://otn.oracle.com/deploy/security/pdf/webcache.pdf msql 1114/tcp groove-dpp 1211/udp # http://www.groove.net kazaa 1214/tcp # http://www.kazaa.com subsevenv1 1243/tcp notes 1352/tcp # Lotus Notes mssql 1433/tcp mssql 1433/udp ms-sna-base 1478/udp # ms-sna-base iphonewboard 1490/tcp # Internet Phone whiteboard/conferencing citrix 1494/tcp # http://www.citrix.com/support/solution/sol00053.htm sybase-sql 1498/udp # Sybase's dbclient port? sqllistener 1521/tcp listener # Oracle SQL Listener ingreslock 1524/tcp orasrv 1525/tcp oracle # more oracle tcptlisrv 1557/tcp # more oracle StreamWorksXDMA 1558/udp tnet 1600/tcp # transputer net daemon citrix-discover 1604/udp # http://www.citrix.com/support/solution/sol00053.htm pptp 1723/tcp # pptp control channel netshow 1755/tcp ms-streaming radacct 1813/tcp # Radius Accounting radacct 1813/udp # Radius Accounting ssdpsrv 1900/udp # Advertises Universal plug and play devices via soap. Also 5000/tcp. http://support.microsoft.com/support/kb/articles/Q262/4/58.ASP and http://www.sans.org/infosecFAQ/homeoffice/investigation.htm BM-auth-web 1959/tcp # Border Manager authentication web server bigbrother 1984/tcp # What other port could it possibly be? http://maclawran.ca/bb-dnld/ #Openwindows uses tcp port(s?) 2000 (and up?) (2000-2003) cfinger 2003/tcp # GNU finger nfs 2049/udp nfsd # NFS File Service nfs 2049/tcp # NFS File Service rc5 2056/tcp # Distributed processing rc5des 2064/tcp # New distributed processing speakfree 2074/udp speakfree2 2075/udp speakfree-reg 2076/tcp zephyr-srv 2102/udp # Zephyr server zephyr-clt 2103/udp # Zephyr serv-hm connection zephyr-hm 2104/udp # Zephyr hostmanager intermezzo 2222/tcp # http://www.inter-mezzo.org cpq-wbem 2301/tcp compaqdiag # compaq http Compaq remote diagnostic/management cpq-wbem 2301/udp compaqdiag # compaq http Compaq remote diagnostic/management cvs 2401/tcp # http://www.cyclic.com bnc-pedro 2424/tcp # irc proxy, used by pedro http://gotbnc.com venus 2430/tcp # codacon port venus 2430/udp # Venus callback/wbc interface venus-se 2431/tcp # tcp side effects venus-se 2431/udp # udp sftp side effect codasrv 2432/tcp # not used codasrv 2432/udp # server port codasrv-se 2433/tcp # tcp side effects codasrv-se 2433/udp # udp sftp side effect netrek-game 2592/tcp razor 2702/tcp # http://razor.sourceforge.net/ ntop 3000/tcp # Ntop's embedded web server for output: http://www.ntop.org/ cfs 3049/udp # Cryptographic File System (CFS) interbase 3050/tcp # http://www.borland.com/interbase/ , http://firebird.sourceforge.net squid 3128/tcp # squid web proxy squid-icp 3130/udp icp 3130/tcp # Internet Cache Protocol (Squid) icp 3130/udp # Internet Cache Protocol (Squid) mysql 3306/tcp squid-snmp 3401/udp netrek-dir 3521/tcp netrek # http://www.netrek.org kerbaux1 3939/udp # Used by Cablevision as part of their Kerberos auth kerbaux2 3940/udp # Used by Cablevision as part of their Kerberos auth diablo2-battlenet 4000/tcp icq 4000/tcp # ICQ http://www.icq.com/firewall . tcp appears to be used as well. icq 4000/udp # ICQ http://www.icq.com/firewall . udp more common. pcpmon 4321/tcp # http://oss.sgi.com/projects/pcp/ , http://k332.feld.cvut.cz/~lemming/projects/pcpmon.html smupsd 4321/udp smartups # APCC SmartUPS monitor (too obscure?) krb524 4444/tcp # Kerberos 5 to 4 ticket xlator fax 4557/tcp # Old Flexfax client-server protocol hylafax 4559/tcp # HylaFAX client-server protocol asd 4711/tcp # Advanced sound daemon, http://asd.sourceforge.net/ squid-htcp 4827/udp # Inter-cache communications, http://www.squid-cache.org/ ssdpsrv 5000/tcp # Advertises Universal plug and play devices via soap. Also 1900/udp. http://support.microsoft.com/support/kb/articles/Q262/4/58.ASP and http://www.sans.org/infosecFAQ/homeoffice/investigation.htm esd-old 5001/tcp # Enlightened sound daemon prob tcp only. http://www.tux.org/~ricdude/dbdocs/running_esound.html and running_esound96.html esd-old 5001/udp # Enlightened sound daemon. http://www.tux.org/~ricdude/dbdocs/running_esound.html and running_esound96.html linphone-sip 5060/udp # http://simon.morlat.free.fr/english/linphone.html linphone-sipomatic 5064/udp # http://simon.morlat.free.fr/english/linphone.html aolaim 5190/tcp jabber 5222/tcp # http://www.jabber.org, aol aim/icq-type software replacement umleth 5299/tcp # http://user-mode-linux.sourceforge.net postgresql 5432/tcp postgresql 5432/udp remoteshelltrojan 5503/udp # http://www.incidents.org/archives/intrusions/msg01661.html and http://www.qualys.com/form_remoteshell.html pcawdata 5631 tcp/udp? # PC Anywhere, http://www.symantec.com pcawstatus 5632 tcp/udp? # PC Anywhere, http://www.symantec.com gnutella5634 5634/tcp #vnc's java client uses 5800 and up #vnc uses tcp ports 5900 and up (corresponding to the xserver). #xwindows uses (tcp? probably) ports 6000 and up (6000-6003) X 6000/tcp # X-Window System diablo2 6112/tcp # http://www.diablo2.com, http://www.battle.net diablo2 6112/udp # Uses tcp and udp gnutella 6346/tcp gnutella6347 6347/tcp gnutella6348 6348/tcp gnutella6349 6349/tcp gnutella6350 6350/tcp gnutella6355 6355/tcp irc 6667/tcp # Internet Relay Chat iphonesrv 6670/tcp # Internet phone servers napster6688 6688/tcp napster6697 6697/tcp napster 6699/tcp # mp3 sharing http://www.napster.com napster6700 6700/tcp videumpz 6860/tcp # videum pan and zoom controls vdolive 7000/tcp dos msdos bbs # BBS service linphone-data 7000/udp # http://simon.morlat.free.fr/english/linphone.html realaudvid1 7070/tcp # http://service.real.com/firewall/ realaudvid2 7071/tcp # http://service.real.com/firewall/ xfs 7100/tcp # X Font Server unreal 7778/udp # Unreal tournament #Novell's border manager uses tcp port 8080 for it's cache software (licensed squid) freenet-web 8081/tcp # Freenet web interface http://freenet.sourceforge.net cnn-search 8765/tcp # Search service at search.cnn.com opennap 8888/tcp sendmail-switch-admin 8890/tcp # http://www.sendmail.com nap8899 8899/tcp nap2 # Napster webct 8900/tcp # web-based flexible learning sendmail-switch-sdap 9000/tcp bnc # http://www.sendmail.com, also irc proxy http://gotbnc.com laserjet 9100/tcp hplj # port for incoming print jobs timsweb 9109/tcp printer1 9200/udp # Some printer connection - see Dave aolaim2 9898/tcp webmin 10000/tcp # Web based administration for multiple Unixes. http://www.webmin.com/webmin/ amanda 10080/udp # amanda backup services pgpkeyserver 11371/tcp # http://pgp.mit.edu, http://keys.pgp.com:11371/ hitboxstats 12343/tcp # Connection to stats.hitbox.com netbus1 12345/tcp # NT Trojan horse netbus2 12346/tcp # NT Trojan horse bindshell 12497/tcp # Default port for lrk5 bindshell trojan gamespy-ping 13139/udp # http://www.gamespyarcade.com/software/support/firewalls.shtml tripplite 13851/tcp bitkeeper 14690/tcp # http://www.bitmover.com, pretty sure it's tcp. esd 16001/tcp # Enlightened sound daemon prob tcp only. http://www.tux.org/~ricdude/dbdocs/running_esound.html and running_esound96.html freenet 19114/tcp # Freenet web interface http://freenet.sourceforge.net whackjob2 20043/tcp iphoneaud 22555/udp # Internet Phone audio data (client and server port) iphoneaddr 25793/tcp # Internet Phone addressing server halflife-server 27010/tcp halflife-server 27010/udp halflife-game 27015/tcp halflife-game 27015/udp # udp too? subsevenv-ramen 27374/tcp gamespy-heartbeat 27900/tcp # http://www.gamespyarcade.com/software/support/firewalls.shtml (also 28900, 29900, 29901, 6500/udp, 6500/tcp) quake2server 27910/udp #Quake 2 Server hackatac 28431/udp # http://www.hack-a-tac.com , http://www.sans.org/y2k/062300-1430.htm msgaming 28800/udp # http://support.microsoft.com/support/kb/articles/Q159/0/31.ASP http://www.zone.com ms-zone1 28801/tcp ms-zone2 28822/tcp nthack 29292/tcp # Not sure tcp/udp nthack 29292/udp # Not sure tcp/udp backorifice 31337/udp # NT Trojan horse mon 32777/tcp # http://www.kernel.org/software/mon/ esound 35091 udp? tcp? # Enlightenment sound daemon http://www.tux.org/~ricdude/dbdocs/miscellaneous108.html linkproof 37852/tcp # Proximity check algorithm starteam 40901/tcp arcserve 41524/udp #arcserve's discovery protocol? freedom-0 51100/tcp # http://www.freedom.net/support/help.html?js=0&r=%2Fsupport%2Fbug.html&topic=port freedom-0 51100/udp # http://www.freedom.net/support/help.html?js=0&r=%2Fsupport%2Fbug.html&topic=port freedom-1 51101/udp # http://www.freedom.net/support/help.html?js=0&r=%2Fsupport%2Fbug.html&topic=port freedom-2 51102/tcp # http://www.freedom.net/support/help.html?js=0&r=%2Fsupport%2Fbug.html&topic=port freedom-7 51107/tcp # http://www.freedom.net/support/help.html?js=0&r=%2Fsupport%2Fbug.html&topic=port freedom-9 51109/udp # http://www.freedom.net/support/help.html?js=0&r=%2Fsupport%2Fbug.html&topic=port paplus 63333/tcp # http://www.tripplite.com/software/ftp/linux.txt #ddp rtmp 1/ddp # Routing Table Maintenance Protocol nbp 2/ddp # Name Binding Protocol echo 4/ddp # AppleTalk Echo Protocol zip 6/ddp # Zone Information Protocol zebrasrv 2600/tcp # zebra service zebra 2601/tcp # zebra vty ripd 2602/tcp # RIPd vty ripngd 2603/tcp # RIPngd vty ospfd 2604/tcp # OSPFd vty bgpd 2605/tcp # BGPd vty ospf6d 2606/tcp # OSPF6d vty ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������mason-1.0.0.orig/next.gif���������������������������������������������������������������������������0100644�0007657�0000764�00000000475�06675343464�014133� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������GIF89a�������p�p!# Imported from XPM image: next.xpm�!���,������@63333����B!� 0 A0 0 0  �0 `0 `0 A ��������@ ��`0 �`00000000000000000000000000000000000000000���000� ��� �000000� ��000000000���0000000000000000000` ��;���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������mason-1.0.0.orig/samlib�����������������������������������������������������������������������������0100644�0007657�0000764�00000132343�07351236173�013646� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/bash #This library of Shell Accessible Modules is Copyright 1997-2001 #by William Stearns <wstearns@pobox.com> # #To include these functions in your shell script, enter the following: #if [ -f /usr/lib/samlib/samlib ]; then # . /usr/lib/samlib/samlib #else # echo "/usr/lib/samlib/samlib is missing - please get it from" >/dev/stderr # echo "http://www.pobox.com/~wstearns/" >/dev/stderr # echo "Exiting." >/dev/stderr # exit 1 #fi #for ONEFUNC in list needed functions here ; do # if ! type $ONEFUNC >/dev/null 2>/dev/null ; then # echo "Missing $ONEFUNC , please update samlib from" >/dev/stderr # echo "http://www.pobox.com/~wstearns/" >/dev/stderr # echo "Exiting." >/dev/stderr # exit 1 # fi #done #Checks done on the above: 1-3,5-7,9-16 # #To make them available in your running shell, type: #. /usr/lib/samlib/samlib #Checks: # 1. Sudo/askfirst checked; no root assumptions. # 2. Standalone - no requirements of pre-existing functions # 3. Support apps explicitly listed and Prereq'd in spec file # 4. Regression test function for each function, listed in REGRESSIONTESTS # 5. Only load tests if regression test requested. # 6. Conditional functions based on whether support apps available or a fallback needed. # 7. No assumptions about initialized variables. # 8. Local variables if possible. # 9. No modification of global variables. #10. Hell, not even _use_ of global variables. #11. No side effects to the system. #12. Careful use of >/dev/stderr for status/errors. #13. No assumptions that paths exist. #14. Use mktemp if available, warn and fallback if not. #15. Example calls in header. #16. Quote variables to handle unset/null case. #17. Debian "must return true" requirement checked. #99. Header to show inputs, outputs, return codes, exceptions to the above, programs that are known to use this function. #Programs known to use this library: buildkernel >= 1.04, Mason >= 0.13.9.4, mkrootfs. #Programs that should: ramenfind, uml loader, freedups, ssh-keyinstall #Future: #- don't assume[/usr]/[s]bin in path #FIXME - resolve SUDO vs PRECOMMAND. #FIXME - do a requireutil $SUDO when SUDO assigned. #FIXME - replacement mktemp if the real mktemp isn't on the system. #Regression test template #if [ "$DOREGRESSIONTEST" = "YES" ]; then #echo -n func... #Should return true #if ! ; then error func-tx ; fi #Should return false #if ; then error func-fx ; fi #General return values #if [ ! `` = "" ]; then error func-x ; fi #fi SAMVER="0.2, 9/16/2001" if [ "${1}" = "regression-test" ]; then DOREGRESSIONTEST=YES #Checks done on the following function: error () { echo echo Failed test: $* if [ -d /usr/src/samlib-work ]; then echo Failed test: $* on $SAMVER >>/usr/src/samlib-work/regression-log fi echo -n -e "\a" >/dev/stderr sleep 1 echo -n -e "\a" >/dev/stderr sleep 1 echo -n -e "\a" >/dev/stderr exit 1 } fi if [ "$DOREGRESSIONTEST" = "YES" ]; then #Internal check. If you want to check that the error function actually catches failures, uncomment the following. #if ! false ; then error testfail ; fi echo -n samver... if [ -z "$SAMVER" ]; then error samver ; fi fi # Near the top of the library as some of the following functions call this # to register their own needed functions. #------------------------------------------------------------------------- # requireutil function, makes sure that the needed external program(s) # (listed on the command line) is/are in the path and executable. # Correctly handles the case where the utility is a shell function. # Example use: # requireutil ls || exit 1 #------------------------------------------------------------------------- #Checks done on the following function: requireutil () { while [ -n "$1" ]; do if ! type -path "$1" >/dev/null 2>/dev/null ; then echo Missing utility "$1". Please install it. >/dev/stderr return 1 #False, app is not available. fi shift done return 0 #True, app is there. } #End of requireutil if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n requireutil... if ! requireutil ls ; then error requireutil-t1 ; fi if requireutil wehwegtgwerbcvhjdsbf 2>/dev/null ; then error requireutil-f1 ; fi #I think only debian includes that one... ;-) fi #ZZZZ if /bin/false ; then #Under development, hardly even complete. #------------------------------------------------------------------------- # mktemp replacement; creates a temporary file. Used only if the system # does not have an mktemp program. #------------------------------------------------------------------------- if ! type -path mktemp >/dev/null 2>/dev/null ; then echo 'Warning! This system does not have mktemp program. I will install' >/dev/stderr echo 'a replacement, but it is not secure. Please install the mktemp' >/dev/stderr echo 'package.' >/dev/stderr #Checks done on the following function: mktemp () { if [ $# = 0 ]; then echo Too few parameters to mktemp, exiting. >/dev/stderr return 1 fi while [ -n "$1" ]; do case "$1" in -d) : shift ;; -q) : shift ;; -u) : shift ;; *) BASEFILE="$1" shift ;; esac done if [ ! -d /tmp ]; then echo Missing /tmp directory, please create and restart. Mktemp Exiting. >/dev/stderr return 1 fi TEMPFILE=/tmp/file.$$.$RANDOM #<-- Yes, this is a race condition. while [ -e $TEMPFILE ]; do # TEMPFILE=/tmp/file.$$.$RANDOM # That's why I suggest they get a real mktemp. done # touch $TEMPFILE #<-- Oh well. #if some_check_that_a_file_was_actually_created ; then echo $TEMPFILE return 0 #else #return 1 #fi } fi fi #------------------------------------------------------------------------- # addline procedure, appends $2 to the end of file $1. #------------------------------------------------------------------------- #Params: $1 File that needs the additional line, $2 line to add. requireutil cat $SUDO grep printf mktemp rm dd touch || exit 1 #umask is a shell builtin. #Checks done on the following function: addline() { if [ "$#" != "2" ]; then echo Incorrect number of arguments to addline! >/dev/stderr else #case "$1" in #/*) # echo Filename is not relative in addline! >/dev/stderr # ;; #*) if [ -f "$1" ] && $SUDO cat "$1" | grep -q "^$2\$" ; then echo \"$2\" is already in $1 - not adding again. >/dev/stderr else printf "%-3s%-40s%-50s\n" '+' "$1" "$2" #Was: echo Adding \"$2\" to $1 if [ -f $1 ]; then OLDUMASK=`umask` umask 177 TMPFILE=`mktemp -q /tmp/addline.XXXXXX` if [ $? -ne 0 ]; then echo "$0: Can't create temp file, exiting..." exit 1 fi #Yes, this is ugly, but _you_ try getting sudo to allow you to append as root as well! #$SUDO echo "$2" >>$1 - doesn't work. $SUDO cat "$1" >"$TMPFILE" echo "$2" | cat "$TMPFILE" - | $SUDO dd of="$1" 2>/dev/null $SUDO rm -f "$TMPFILE" umask $OLDUMASK else $SUDO touch "$1" echo "$2" | $SUDO dd of="$1" 2>/dev/null fi fi # ;; #esac fi } #End of addline if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n addline... REGRESSTESTFILE=`mktemp -q /tmp/$1.XXXXXX` if [ $? -ne 0 ]; then echo "$0: Can't create regression temp file, exiting..." exit 1 fi addline $REGRESSTESTFILE "A line of text" >/dev/null 2>/dev/null if [ ! "`cat $REGRESSTESTFILE`" = \ "A line of text" \ ]; then error addline-1 ; fi addline $REGRESSTESTFILE "A new line of text" >/dev/null 2>/dev/null if [ ! "`cat $REGRESSTESTFILE`" = \ "A line of text A new line of text" \ ]; then error addline-2 ; fi rm -f $REGRESSTESTFILE fi #------------------------------------------------------------------------- # askYN function, returns true or false depending on user input. #------------------------------------------------------------------------- #No external apps needed. #Checks done on the following function: askYN () { #SUDO checked TESTYN="" while [ "$TESTYN" != 'Y' ] && [ "$TESTYN" != 'N' ] ; do echo -n '?' >/dev/stderr read TESTYN || : case $TESTYN in T*|t*|Y*|y*) TESTYN='Y' ;; F*|f*|N*|n*) TESTYN='N' ;; esac done if [ "$TESTYN" = 'Y' ]; then return 0 #True else return 1 #False fi } #End of askYN if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n askYN... if ! echo 'Y' | askYN 2>/dev/null ; then error askYN-t1 ; fi if ! echo 'y' | askYN 2>/dev/null ; then error askYN-t2 ; fi if ! echo 'T' | askYN 2>/dev/null ; then error askYN-t3 ; fi if ! echo 't' | askYN 2>/dev/null ; then error askYN-t4 ; fi if ! echo 'yES' | askYN 2>/dev/null ; then error askYN-t5 ; fi if ! echo 'true' | askYN 2>/dev/null ; then error askYN-t6 ; fi if echo 'N' | askYN 2>/dev/null ; then error askYN-f1 ; fi if echo 'n' | askYN 2>/dev/null ; then error askYN-f2 ; fi if echo 'F' | askYN 2>/dev/null ; then error askYN-f3 ; fi if echo 'f' | askYN 2>/dev/null ; then error askYN-f4 ; fi if echo 'No' | askYN 2>/dev/null ; then error askYN-f5 ; fi if echo 'FALSE' | askYN 2>/dev/null ; then error askYN-f6 ; fi fi #------------------------------------------------------------------------- # bits2mask function, returns the netmask for the number of bits parameter. #------------------------------------------------------------------------- #No external apps needed. #Checks done on the following function: bits2mask () { case $1 in 32|*/32) echo 255.255.255.255 ;; 31|*/31) echo 255.255.255.254 ;; 30|*/30) echo 255.255.255.252 ;; 29|*/29) echo 255.255.255.248 ;; 28|*/28) echo 255.255.255.240 ;; 27|*/27) echo 255.255.255.224 ;; 26|*/26) echo 255.255.255.192 ;; 25|*/25) echo 255.255.255.128 ;; 24|*/24) echo 255.255.255.0 ;; 23|*/23) echo 255.255.254.0 ;; 22|*/22) echo 255.255.252.0 ;; 21|*/21) echo 255.255.248.0 ;; 20|*/20) echo 255.255.240.0 ;; 19|*/19) echo 255.255.224.0 ;; 18|*/18) echo 255.255.192.0 ;; 17|*/17) echo 255.255.128.0 ;; 16|*/16) echo 255.255.0.0 ;; 15|*/15) echo 255.254.0.0 ;; 14|*/14) echo 255.252.0.0 ;; 13|*/13) echo 255.248.0.0 ;; 12|*/12) echo 255.240.0.0 ;; 11|*/11) echo 255.224.0.0 ;; 10|*/10) echo 255.192.0.0 ;; 9|*/9) echo 255.128.0.0 ;; 8|*/8) echo 255.0.0.0 ;; 7|*/7) echo 254.0.0.0 ;; 6|*/6) echo 252.0.0.0 ;; 5|*/5) echo 248.0.0.0 ;; 4|*/4) echo 240.0.0.0 ;; 3|*/3) echo 224.0.0.0 ;; 2|*/2) echo 192.0.0.0 ;; 1|*/1) echo 128.0.0.0 ;; 0|*/0) echo 0.0.0.0 ;; *) echo 255.255.255.255 ;; esac } #End of bits2mask if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n bits2mask... #General return values if [ ! `bits2mask` = "255.255.255.255" ]; then error bits2mask-1 ; fi if [ ! `bits2mask 5` = "248.0.0.0" ]; then error bits2mask-2 ; fi if [ ! `bits2mask 1/30` = "255.255.255.252" ]; then error bits2mask-3 ; fi fi #------------------------------------------------------------------------- # broadcastof function, returns the broadcast of the given ip and netmask. #------------------------------------------------------------------------- requireutil bits2mask || exit 1 #Checks done on the following function: broadcastof () { #The broadcast is (ip bitwise-or (255.255.255.255-netmask)) CKPTBROADCASTOF=" broadcastof: Start $1 mask $2" ; #ckpt $CKPTBROADCASTOF case $2 in 32|255.255.255.255) echo $1 ;; 0|0.0.0.0) echo 255.255.255.255 ;; *) SPLITIP=$1 I1O1=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O2=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O3=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O4=$SPLITIP case $2 in [0-9]|[1-2][0-9]|3[0-2]) SPLITIP=`bits2mask $2` ;; *) SPLITIP=$2 ;; esac I2O1=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O2=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O3=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O4=$SPLITIP echo $[ $I1O1 | (255-$I2O1) ].$[ $I1O2 | (255-$I2O2) ].$[ $I1O3 | (255-$I2O3) ].$[ $I1O4 | (255-$I2O4) ] ;; esac CKPTBROADCASTOF="" } #End of broadcastof if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n broadcastof... if [ ! `broadcastof 0.0.0.0 0.0.0.0` = "255.255.255.255" ]; then error broadcastof-1 ; fi if [ ! `broadcastof 1.2.3.4 255.255.255.0` = "1.2.3.255" ]; then error broadcastof-2 ; fi if [ ! `broadcastof 15.1.2.3 255.0.0.0` = "15.255.255.255" ]; then error broadcastof-3 ; fi if [ ! `broadcastof 1.2.3.4 128.0.0.0` = "127.255.255.255" ]; then error broadcastof-4 ; fi fi #------------------------------------------------------------------------- # delline procedure, removes all lines matching $2 from the given file $1. #------------------------------------------------------------------------- requireutil cat $SUDO grep mktemp dd printf rm || exit 1 #Checks done on the following function: delline() { #Params: $1 File that needs the line removed, $2 line to remove (may be a partial line). #Example: delline somefile '.*' #Remove all lines, essentially ">somefile" but using sudo. if [ "$#" != "2" ]; then echo Incorrect number of arguments to delline! >/dev/stderr else #case "$1" in #/*) # echo Filename is not relative in delline! >/dev/stderr # ;; #*) if [ ! -f "$1" ]; then echo "$1" doesn\'t exist, can\'t remove \"$2\". >/dev/stderr #FIXME - does this allow a partial line? elif $SUDO cat "$1" | grep -q "$2" ; then OLDUMASK=`umask` umask 177 TMPFILE=`mktemp -q /tmp/delline.XXXXXX` if [ $? -ne 0 ]; then echo "$0: Can't create temp file, exiting..." exit 1 fi $SUDO cat "$1" >"$TMPFILE" cat "$TMPFILE" | grep -v "$2" | $SUDO dd of="$1" 2>/dev/null printf "%1s%-2s%-40s%-50s\n" '-' "$[ `$SUDO cat "$TMPFILE" | wc -l` - `$SUDO cat "$1" | wc -l` ]" "$1" "$2" #Was: echo -n "Removing \"$2\" from $1; " ; echo $[ `$SUDO cat "$TMPFILE" | wc -l` - `$SUDO cat "$1" | wc -l` ] lines removed. $SUDO rm -f "$TMPFILE" umask $OLDUMASK else echo \"$2\" is not in "$1" - not removing. >/dev/stderr fi # ;; #esac fi } if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n delline... REGRESSTESTFILE=`mktemp -q /tmp/$1.XXXXXX` if [ $? -ne 0 ]; then echo "$0: Can't create regression temp file, exiting..." exit 1 fi echo Line 1 >$REGRESSTESTFILE echo Line 2 >>$REGRESSTESTFILE echo Line 3 >>$REGRESSTESTFILE echo Line 4 >>$REGRESSTESTFILE echo Line 5 >>$REGRESSTESTFILE delline $REGRESSTESTFILE "Line 4" >/dev/null 2>/dev/null if [ ! "`cat $REGRESSTESTFILE`" = \ "Line 1 Line 2 Line 3 Line 5" \ ]; then error delline-1 ; fi delline $REGRESSTESTFILE "Isnt in the file" >/dev/null 2>/dev/null if [ ! "`cat $REGRESSTESTFILE`" = \ "Line 1 Line 2 Line 3 Line 5" \ ]; then error delline-2 ; fi delline $REGRESSTESTFILE "3" >/dev/null 2>/dev/null if [ ! "`cat $REGRESSTESTFILE`" = \ "Line 1 Line 2 Line 5" \ ]; then error delline-3 ; fi delline $REGRESSTESTFILE "Line 1" >/dev/null 2>/dev/null if [ ! "`cat $REGRESSTESTFILE`" = \ "Line 2 Line 5" \ ]; then error delline-4 ; fi delline $REGRESSTESTFILE "Line 5" >/dev/null 2>/dev/null if [ ! "`cat $REGRESSTESTFILE`" = \ "Line 2" \ ]; then error delline-5 ; fi rm -f $REGRESSTESTFILE fi #------------------------------------------------------------------------- # ipeq function, returns true/false: ip addresses are equal? #------------------------------------------------------------------------- #Not currently used... #No external apps needed. #Checks done on the following function: ipeq () { #SUDO checked if [ "$1" = "$2" ]; then return 0 #True else SPLITIP=$1 I1O1=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O2=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O3=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O4=$SPLITIP SPLITIP=$2 I2O1=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O2=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O3=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O4=$SPLITIP if [ $I1O1 -eq $I2O1 ] && [ $I1O2 -eq $I2O2 ] && [ $I1O3 -eq $I2O3 ] && [ $I1O4 -eq $I2O4 ]; then return 0 #True else return 1 #False fi fi } #End of ipeq if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n ipeq... if ! ipeq 1.1.1.1 1.1.1.1 ; then error ipeq-t1 ; fi if ! ipeq 255.255.255.255 255.255.255.255 ; then error ipeq-t2 ; fi if ipeq 1.1.1.1 1.2.3.4 ; then error ipeq-f1 ; fi fi #------------------------------------------------------------------------- # iple function, returns true (0) if first IP <= second IP, else false(1) #------------------------------------------------------------------------- #No external apps needed. #Checks done on the following function: iple () { #SUDO checked #if iple 128.2.3.4 127.0.0.1 ; then echo less than or eq >/dev/stderr ; else echo gt >/dev/stderr ; fi if [ "$1" = "$2" ]; then CKPTIPLE="" ; return 0 #True else CKPTIPLE=" iple: start, addresses $1 and $2" ; #ckpt $CKPTIPLE SPLITIP1=$1 ; I1O1=${SPLITIP1%%.*} SPLITIP2=$2 ; I2O1=${SPLITIP2%%.*} if [ $I1O1 -lt $I2O1 ]; then CKPTIPLE="" ; return 0 elif [ $I1O1 -gt $I2O1 ]; then CKPTIPLE="" ; return 1 fi SPLITIP1=${SPLITIP1#*.} ; I1O2=${SPLITIP1%%.*} SPLITIP2=${SPLITIP2#*.} ; I2O2=${SPLITIP2%%.*} if [ $I1O2 -lt $I2O2 ]; then CKPTIPLE="" ; return 0 elif [ $I1O2 -gt $I2O2 ]; then CKPTIPLE="" ; return 1 fi SPLITIP1=${SPLITIP1#*.} ; I1O3=${SPLITIP1%%.*} SPLITIP2=${SPLITIP2#*.} ; I2O3=${SPLITIP2%%.*} if [ $I1O3 -lt $I2O3 ]; then CKPTIPLE="" ; return 0 elif [ $I1O3 -gt $I2O3 ]; then CKPTIPLE="" ; return 1 fi SPLITIP1=${SPLITIP1#*.} ; I1O4=$SPLITIP1 SPLITIP2=${SPLITIP2#*.} ; I2O4=$SPLITIP2 if [ $I1O4 -lt $I2O4 ]; then CKPTIPLE="" ; return 0 elif [ $I1O4 -gt $I2O4 ]; then CKPTIPLE="" ; return 1 else CKPTIPLE="" ; return 0 fi fi } #End of iple if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n iple... if ! iple 12.13.14.15 12.13.14.15 ; then error iple-t1 ; fi if ! iple 12.13.14.15 12.13.14.16 ; then error iple-t2 ; fi if ! iple 0.0.0.0 12.13.14.15 ; then error iple-t3 ; fi if ! iple 0.0.0.0 255.255.255.255 ; then error iple-t4 ; fi if ! iple 12.11.11.11 12.44.45.46 ; then error iple-t5 ; fi if ! iple 12.11.11.11 12.11.45.46 ; then error iple-t6 ; fi if ! iple 12.11.11.11 12.11.11.46 ; then error iple-t7 ; fi if iple 12.13.14.16 12.13.14.15 ; then error iple-f1 ; fi if iple 12.13.14.15 0.0.0.0 ; then error iple-f2 ; fi if iple 255.255.255.255 0.0.0.0 ; then error iple-f3 ; fi if iple 12.44.45.46 12.11.11.11 ; then error iple-f4 ; fi fi #------------------------------------------------------------------------- # iplt function, returns true (0) if first IP < second IP, else false(1) #------------------------------------------------------------------------- #No external apps needed. #Checks done on the following function: iplt () { #SUDO checked #if iplt 128.2.3.4 127.0.0.1 ; then echo less than >/dev/stderr ; else echo ge >/dev/stderr ; fi #As a speedup, only come up with the individual numbers as they are needed. if [ "$1" = "$2" ]; then CKPTIPLT="" ; return 1 #False else CKPTIPLT=" iplt: start, addresses $1 and $2" ; #ckpt $CKPTIPLT SPLITIP1=$1 ; I1O1=${SPLITIP1%%.*} SPLITIP2=$2 ; I2O1=${SPLITIP2%%.*} if [ $I1O1 -lt $I2O1 ]; then CKPTIPLT="" ; return 0 elif [ $I1O1 -gt $I2O1 ]; then CKPTIPLT="" ; return 1 fi SPLITIP1=${SPLITIP1#*.} ; I1O2=${SPLITIP1%%.*} SPLITIP2=${SPLITIP2#*.} ; I2O2=${SPLITIP2%%.*} if [ $I1O2 -lt $I2O2 ]; then CKPTIPLT="" ; return 0 elif [ $I1O2 -gt $I2O2 ]; then CKPTIPLT="" ; return 1 fi SPLITIP1=${SPLITIP1#*.} ; I1O3=${SPLITIP1%%.*} SPLITIP2=${SPLITIP2#*.} ; I2O3=${SPLITIP2%%.*} if [ $I1O3 -lt $I2O3 ]; then CKPTIPLT="" ; return 0 elif [ $I1O3 -gt $I2O3 ]; then CKPTIPLT="" ; return 1 fi SPLITIP1=${SPLITIP1#*.} ; I1O4=$SPLITIP1 SPLITIP2=${SPLITIP2#*.} ; I2O4=$SPLITIP2 if [ $I1O4 -lt $I2O4 ]; then CKPTIPLT="" ; return 0 elif [ $I1O4 -gt $I2O4 ]; then CKPTIPLT="" ; return 1 else CKPTIPLT="" ; return 1 fi fi } #End of iplt if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n iplt... if ! iplt 12.13.14.15 12.13.14.16 ; then error iplt-t1 ; fi if ! iplt 0.0.0.0 12.13.14.15 ; then error iplt-t2 ; fi if ! iplt 0.0.0.0 255.255.255.255 ; then error iplt-t3 ; fi if ! iplt 12.11.11.11 12.44.45.46 ; then error iplt-t4 ; fi if iplt 12.13.14.16 12.13.14.15 ; then error iplt-f1 ; fi if iplt 12.13.14.15 0.0.0.0 ; then error iplt-f2 ; fi if iplt 255.255.255.255 0.0.0.0 ; then error iplt-f3 ; fi if iplt 12.44.45.46 12.11.11.11 ; then error iplt-f4 ; fi if iplt 12.44.45.46 12.44.45.46 ; then error iplt-f5 ; fi fi #------------------------------------------------------------------------- # ipof function, returns the ip address of the given interface, or '' if none assigned. #------------------------------------------------------------------------- requireutil ifconfig awk || exit 1 #Checks done on the following function: ipof () { #SUDO checked ifconfig $1 2>/dev/null | awk '/inet addr/{print substr($2,6)}' } #End of ipof if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n ipof... if [ ! "`ipof lo`" = "127.0.0.1" ]; then error ipof-1 ; fi if [ ! "`ipof qeqeqeqeqeqeqeqe`" = "" ]; then error ipof-2 ; fi fi #------------------------------------------------------------------------- # isdigits function, returns true (0) if parameter is numeric and between 0 and 99999, else false(1) #------------------------------------------------------------------------- #No external apps needed. #Checks done on the following function: isdigits () { #SUDO checked case $1 in [0-9]) return 0 ;; [0-9][0-9]) return 0 ;; [0-9][0-9][0-9]) return 0 ;; [0-9][0-9][0-9][0-9]) return 0 ;; [0-9][0-9][0-9][0-9][0-9]) return 0 ;; *) return 1 ;; esac } if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n isdigits... if ! isdigits 0 ; then error isdigits-t1 ; fi if ! isdigits 00 ; then error isdigits-t2 ; fi if ! isdigits 101 ; then error isdigits-t3 ; fi if ! isdigits 4987 ; then error isdigits-t4 ; fi if ! isdigits 44567 ; then error isdigits-t5 ; fi if ! isdigits 00000 ; then error isdigits-t6 ; fi if ! isdigits 99999 ; then error isdigits-t7 ; fi if isdigits '' ; then error isdigits-f1 ; fi if isdigits a ; then error isdigits-f2 ; fi if isdigits a0a ; then error isdigits-f3 ; fi if isdigits 00B ; then error isdigits-f4 ; fi if isdigits 123456 ; then error isdigits-f5 ; fi if isdigits "" ; then error isdigits-f6 ; fi fi #------------------------------------------------------------------------- # isnumericip function, returns true (0) if IP is a numeric IP address, else false(1) #------------------------------------------------------------------------- #No external apps needed. #Checks done on the following function: isnumericip () { #SUDO checked CKPTISNUMERICIP=" isnumericip: start $1" ; #ckpt $CKPTISNUMERICIP SPLITIP=$1 I1O1=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O2=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O3=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O4=$SPLITIP case $I1O1 in [0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]) : ;; *) CKPTISNUMERICIP="" ; return 1 ;; esac case $I1O2 in [0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]) : ;; *) CKPTISNUMERICIP="" ; return 1 ;; esac case $I1O3 in [0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]) : ;; *) CKPTISNUMERICIP="" ; return 1 ;; esac case $I1O4 in [0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]) : ;; *) CKPTISNUMERICIP="" ; return 1 ;; esac CKPTISNUMERICIP="" ; return 0 } #End of isnumericip if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n isnumericip... if ! isnumericip 1.1.1.1 ; then error isnumericip-t1 ; fi if ! isnumericip 0.0.0.0 ; then error isnumericip-t2 ; fi if ! isnumericip 255.255.255.255 ; then error isnumericip-t3 ; fi if ! isnumericip 1.2.3.4 ; then error isnumericip-t4 ; fi if ! isnumericip 127.0.0.1 ; then error isnumericip-t5 ; fi if ! isnumericip 192.168.234.243 ; then error isnumericip-t6 ; fi if isnumericip 1.1.1. ; then error isnumericip-f1 ; fi if isnumericip a ; then error isnumericip-f2 ; fi if isnumericip 1..1.1.1 ; then error isnumericip-f3 ; fi if isnumericip .1.1.1.1 ; then error isnumericip-f4 ; fi if isnumericip 1.1.1.1.1 ; then error isnumericip-f5 ; fi if isnumericip 256.1.1.1 ; then error isnumericip-f6 ; fi if isnumericip 1.256.1.1 ; then error isnumericip-f7 ; fi if isnumericip 1.1.256.1 ; then error isnumericip-f8 ; fi if isnumericip 1.1.1.256 ; then error isnumericip-f9 ; fi if isnumericip -1.5.6.7 ; then error isnumericip-f10 ; fi if isnumericip 12.13.14.15a ; then error isnumericip-f11 ; fi if isnumericip a.b.c.d ; then error isnumericip-f12 ; fi if isnumericip ... ; then error isnumericip-f13 ; fi fi #------------------------------------------------------------------------- # mask2bits function, returns the number of bits in the netmask parameter. #------------------------------------------------------------------------- #No external apps needed. #Checks done on the following function: mask2bits () { #SUDO checked case $1 in 255.255.255.255) echo 32 ;; 255.255.255.254) echo 31 ;; 255.255.255.252) echo 30 ;; 255.255.255.248) echo 29 ;; 255.255.255.240) echo 28 ;; 255.255.255.224) echo 27 ;; 255.255.255.192) echo 26 ;; 255.255.255.128) echo 25 ;; 255.255.255.0) echo 24 ;; 255.255.254.0) echo 23 ;; 255.255.252.0) echo 22 ;; 255.255.248.0) echo 21 ;; 255.255.240.0) echo 20 ;; 255.255.224.0) echo 19 ;; 255.255.192.0) echo 18 ;; 255.255.128.0) echo 17 ;; 255.255.0.0) echo 16 ;; 255.254.0.0) echo 15 ;; 255.252.0.0) echo 14 ;; 255.248.0.0) echo 13 ;; 255.240.0.0) echo 12 ;; 255.224.0.0) echo 11 ;; 255.192.0.0) echo 10 ;; 255.128.0.0) echo 9 ;; 255.0.0.0) echo 8 ;; 254.0.0.0) echo 7 ;; 252.0.0.0) echo 6 ;; 248.0.0.0) echo 5 ;; 240.0.0.0) echo 4 ;; 224.0.0.0) echo 3 ;; 192.0.0.0) echo 2 ;; 128.0.0.0) echo 1 ;; 0.0.0.0) echo 0 ;; *) echo 32 ;; esac } #End of mask2bits if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n mask2bits... if [ ! `mask2bits 255.255.255.255` = "32" ]; then error mask2bits-1 ; fi if [ ! `mask2bits 255.255.255.254` = "31" ]; then error mask2bits-2 ; fi if [ ! `mask2bits 255.255.255.252` = "30" ]; then error mask2bits-3 ; fi if [ ! `mask2bits 255.255.255.248` = "29" ]; then error mask2bits-4 ; fi if [ ! `mask2bits 128.0.0.0` = "1" ]; then error mask2bits-5 ; fi if [ ! `mask2bits 0.0.0.0` = "0" ]; then error mask2bits-6 ; fi fi #------------------------------------------------------------------------- # mask2cisco function, returns the cisco "reverse netmask" of the netmask parameter. #------------------------------------------------------------------------- #No external apps needed. #Checks done on the following function: mask2cisco () { #SUDO checked #This could be done in fewer lines by subtracting each octet from 255. #I'm trying to avoid forking as it hurts performance. case $1 in 32|255.255.255.255) echo 0.0.0.0 ;; 31|255.255.255.254) echo 0.0.0.1 ;; 30|255.255.255.252) echo 0.0.0.3 ;; 29|255.255.255.248) echo 0.0.0.7 ;; 28|255.255.255.240) echo 0.0.0.15 ;; 27|255.255.255.224) echo 0.0.0.31 ;; 26|255.255.255.192) echo 0.0.0.63 ;; 25|255.255.255.128) echo 0.0.0.127 ;; 24|255.255.255.0) echo 0.0.0.255 ;; 23|255.255.254.0) echo 0.0.1.255 ;; 22|255.255.252.0) echo 0.0.3.255 ;; 21|255.255.248.0) echo 0.0.7.255 ;; 20|255.255.240.0) echo 0.0.15.255 ;; 19|255.255.224.0) echo 0.0.31.255 ;; 18|255.255.192.0) echo 0.0.63.255 ;; 17|255.255.128.0) echo 0.0.127.255 ;; 16|255.255.0.0) echo 0.0.255.255 ;; 15|255.254.0.0) echo 0.1.255.255 ;; 14|255.252.0.0) echo 0.3.255.255 ;; 13|255.248.0.0) echo 0.7.255.255 ;; 12|255.240.0.0) echo 0.15.255.255 ;; 11|255.224.0.0) echo 0.31.255.255 ;; 10|255.192.0.0) echo 0.63.255.255 ;; 9|255.128.0.0) echo 0.127.255.255 ;; 8|255.0.0.0) echo 0.255.255.255 ;; 7|254.0.0.0) echo 1.255.255.255 ;; 6|252.0.0.0) echo 3.255.255.255 ;; 5|248.0.0.0) echo 7.255.255.255 ;; 4|240.0.0.0) echo 15.255.255.255 ;; 3|224.0.0.0) echo 31.255.255.255 ;; 2|192.0.0.0) echo 63.255.255.255 ;; 1|128.0.0.0) echo 127.255.255.255 ;; 0|0.0.0.0) echo 255.255.255.255 ;; *) echo 0.0.0.0 ;; esac } #End of mask2cisco if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n mask2cisco... if [ ! `mask2cisco 255.255.255.128` = "0.0.0.127" ]; then error mask2cisco-1 ; fi if [ ! `mask2cisco 255.255.192.0` = "0.0.63.255" ]; then error mask2cisco-2 ; fi if [ ! `mask2cisco 22` = "0.0.3.255" ]; then error mask2cisco-3 ; fi fi #------------------------------------------------------------------------- # max function, Returns the largest of the CLP's, or 0 if none. #------------------------------------------------------------------------- #No external apps needed. #Checks done on the following function: max () { if [ $# -eq 0 ]; then echo 0 else MAX=$1 shift while [ -n "$1" ]; do if [ $[ $1 ] -gt $MAX ]; then MAX=$[ $1 ] fi shift done echo $MAX fi } #End of max if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n max... #General return values if [ ! `max` = "0" ]; then error max-1 ; fi if [ ! `max 1` = "1" ]; then error max-2 ; fi if [ ! `max 2 5` = "5" ]; then error max-3 ; fi if [ ! `max -2 -4` = "-2" ]; then error max-4 ; fi if [ ! `max -2 -4 13 -10` = "13" ]; then error max-5 ; fi if [ ! `max 1 1 1 1 1` = "1" ]; then error max-6 ; fi fi #------------------------------------------------------------------------- # networkof function, returns the network of the given ip and netmask. #------------------------------------------------------------------------- requireutil bits2mask || exit 1 #Checks done on the following function: networkof () { #Basically, the network is (ip bitwise-and netmask) CKPTNETWORKOF=" networkof: Start $1 mask $2" ; #ckpt $CKPTNETWORKOF case $2 in 32|255.255.255.255) echo $1 ;; 0|0.0.0.0) echo 0.0.0.0 ;; *) SPLITIP=$1 I1O1=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O2=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O3=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I1O4=$SPLITIP case $2 in [0-9]|[1-2][0-9]|3[0-2]) SPLITIP=`bits2mask $2` ;; *) SPLITIP=$2 ;; esac I2O1=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O2=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O3=${SPLITIP%%.*} ; SPLITIP=${SPLITIP#*.} I2O4=$SPLITIP echo $[ $I1O1 & $I2O1 ].$[ $I1O2 & $I2O2 ].$[ $I1O3 & $I2O3 ].$[ $I1O4 & $I2O4 ] ;; esac CKPTNETWORKOF="" } #End of networkof if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n networkof... if [ ! `networkof 0.0.0.0 0.0.0.0` = "0.0.0.0" ]; then error networkof-1 ; fi if [ ! `networkof 1.2.3.4 255.255.255.0` = "1.2.3.0" ]; then error networkof-2 ; fi if [ ! `networkof 15.1.2.3 255.0.0.0` = "15.0.0.0" ]; then error networkof-3 ; fi if [ ! `networkof 1.2.3.4 128.0.0.0` = "0.0.0.0" ]; then error networkof-4 ; fi if [ ! `networkof 0.0.0.0 0` = "0.0.0.0" ]; then error networkof-5 ; fi if [ ! `networkof 1.2.3.4 24` = "1.2.3.0" ]; then error networkof-6 ; fi if [ ! `networkof 15.1.2.3 8` = "15.0.0.0" ]; then error networkof-7 ; fi if [ ! `networkof 1.2.3.4 1` = "0.0.0.0" ]; then error networkof-8 ; fi if [ ! `networkof 1.2.3.4 0.0.0.0` = "0.0.0.0" ]; then error networkof-9 ; fi fi #------------------------------------------------------------------------- # networksoverlap function, returns true (0) if the two param networks overlap, false otherwise. #------------------------------------------------------------------------- requireutil networkof broadcastof iple || exit 1 #Checks done on the following function: networksoverlap () { #SUDO checked #FIXME - handle, or get networkof/broadcastof to handle, '0' as the network N1NET=`networkof ${1%%/*} ${1##*/}` ; N1BROAD=`broadcastof ${1%%/*} ${1##*/}` N2NET=`networkof ${2%%/*} ${2##*/}` ; N2BROAD=`broadcastof ${2%%/*} ${2##*/}` if iple $N2NET $N1NET && iple $N1NET $N2BROAD ; then return 0 #N1NET inside N2? elif iple $N2NET $N1BROAD && iple $N1BROAD $N2BROAD ; then return 0 #N1BROAD inside N2? elif iple $N1NET $N2NET && iple $N2NET $N1BROAD ; then return 0 #N2NET inside N1? elif iple $N1NET $N2BROAD && iple $N2BROAD $N1BROAD ; then return 0 #N2BROAD inside N1? fi return 1 #False } #End of networksoverlap if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n networksoverlap... if ! networksoverlap 127.0.0.0/8 127.0.0.0/16 ; then error networksoverlap-t1 ; fi if ! networksoverlap 192.168.1.0/24 192.168.1.252/30 ; then error networksoverlap-t2 ; fi if ! networksoverlap 12.13.14.0/24 0.0.0.0/0; then error networksoverlap-t3 ; fi if ! networksoverlap 0.0.0.0/0 0.0.0.0/0 ; then error networksoverlap-t4 ; fi if networksoverlap 1.2.3.0/24 5.6.7.0/24 ; then error networksoverlap-f1 ; fi if networksoverlap 0.0.0.0/1 128.0.0.0/1 ; then error networksoverlap-f2 ; fi if networksoverlap 1.2.3.248/30 1.2.3.252/30 ; then error networksoverlap-f3 ; fi if networksoverlap 1.2.3.0/24 1.2.4.0/24 ; then error networksoverlap-f4 ; fi fi #Out of alphabetical order because it depends on networkof. While not a problem #for simply placing the functions in memory, it makes a difference for this #approach of calling the regression tests right after the function. #------------------------------------------------------------------------- # encompassingnetworkof function, returns the smallest network that includes # all of the given ip's. There must be at least one parameter. # Please hand in only straight IP's; to include a network in the calculation, # hand in both: `networkof $NET $NETMASK` `broadcastof $NET $NETMASK` #------------------------------------------------------------------------- requireutil iplt bits2mask networkof broadcastof || exit 1 #Checks done on the following function: encompassingnetworkof () { #SUDO checked CKPTENCOMPASSINGNETWORKOF=" encompassingnetworkof: Start, ips: $*" ; #ckpt $CKPTENCOMPASSINGNETWORKOF case $# in 0) : ;; 1) echo "$1/32" ;; *) MINIP=$1 ; MAXIP=$1 shift for ONEIP in $* ; do if iplt $ONEIP $MINIP ; then MINIP=$ONEIP ; fi if iplt $MAXIP $ONEIP ; then MAXIP=$ONEIP ; fi done SPLITIP=$MINIP ; MINO1=${SPLITIP%%.*} SPLITIP=${SPLITIP#*.} ; MINO2=${SPLITIP%%.*} SPLITIP=${SPLITIP#*.} ; MINO3=${SPLITIP%%.*} #SPLITIP=${SPLITIP#*.} ; MINO4=$SPLITIP #We don't need the MIN04 and MAX04. SPLITIP=$MAXIP ; MAXO1=${SPLITIP%%.*} SPLITIP=${SPLITIP#*.} ; MAXO2=${SPLITIP%%.*} SPLITIP=${SPLITIP#*.} ; MAXO3=${SPLITIP%%.*} #SPLITIP=${SPLITIP#*.} ; MAXO4=$SPLITIP #Find the _starting_ _point_ for the search. # - if the first octets are different, start at /8. # - if the second octets are different, start at /16. # - if the third octets are different, start at /24. # - else start at /32. #This relatively simple optimization sped up this function by a theoretical factor of 4 #and a timed factor of 10 on one example. *smile* #(BTW - It would appear we could start the search at 7, 15, or 23, but the result from #encompassingnetworkof 10.1.2.3 11.12.13.14 10.2.3.4 comes back as 8.0.0.0/6: wrong. if [ $MINO1 -ne $MAXO1 ]; then ENONUMBITS=8 ; ENONETMASK=255.0.0.0 elif [ $MINO2 -ne $MAXO2 ]; then ENONUMBITS=16 ; ENONETMASK=255.255.0.0 elif [ $MINO3 -ne $MAXO3 ]; then ENONUMBITS=24 ; ENONETMASK=255.255.255.0 else ENONUMBITS=32 ; ENONETMASK=255.255.255.255 ; fi ENONETWORK=$MINIP ENOBROADCAST=$MINIP #Keep expanding the network until it includes MAXIP. This takes almost all of the time. while [ $ENONUMBITS -gt 0 ] && iplt $ENOBROADCAST $MAXIP ; do ENONUMBITS=$[ $ENONUMBITS - 1 ] ENONETMASK=`bits2mask $ENONUMBITS` ENONETWORK=`networkof $MINIP $ENONETMASK` ENOBROADCAST=`broadcastof $MINIP $ENONETMASK` done if [ "$ENONETWORK/$ENONUMBITS" = "0.0.0.0/0" ]; then ENONETWORK="0" ; fi echo "$ENONETWORK/$ENONUMBITS" ;; esac CKPTENCOMPASSINGNETWORKOF="" } #End of encompassingnetworkof if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n encompassingnetworkof... if [ ! `encompassingnetworkof 1.2.3.1 1.2.3.1` = "1.2.3.1/32" ]; then error encompassingnetworkof-1 ; fi if [ ! `encompassingnetworkof 1.2.3.2 1.2.3.3` = "1.2.3.2/31" ]; then error encompassingnetworkof-2 ; fi if [ ! `encompassingnetworkof 1.2.3.1 1.2.3.3` = "1.2.3.0/30" ]; then error encompassingnetworkof-3 ; fi if [ ! `encompassingnetworkof 1.2.3.0 1.2.3.255` = "1.2.3.0/24" ]; then error encompassingnetworkof-4 ; fi if [ ! `encompassingnetworkof 0.0.0.0 255.255.255.255` = "0/0" ]; then error encompassingnetworkof-5 ; fi if [ ! `encompassingnetworkof 127.255.255.255 128.0.0.0` = "0/0" ]; then error encompassingnetworkof-6 ; fi if [ ! `encompassingnetworkof 172.16.0.1 172.16.5.5` = "172.16.0.0/21" ]; then error encompassingnetworkof-7 ; fi if [ ! `encompassingnetworkof 206.231.24.3 206.231.24.254 209.91.2.2 209.91.2.253 209.91.28.2 209.91.28.252 209.91.3.1 209.91.3.254 209.91.32.54 209.91.32.72` = "192.0.0.0/3" ]; then error encompassingnetworkof-8 ; fi if [ ! `encompassingnetworkof 10.1.2.3 9.1.2.3` = "8.0.0.0/6" ]; then error encompassingnetworkof-9 ; fi if [ ! `encompassingnetworkof 10.1.2.3 10.255.1.1` = "10.0.0.0/8" ]; then error encompassingnetworkof-10 ; fi if [ ! `encompassingnetworkof 10.1.2.3 11.12.13.14 10.2.3.4` = "10.0.0.0/7" ]; then error encompassingnetworkof-11 ; fi if [ ! `encompassingnetworkof 14.12.1.2 14.12.129.0` = "14.12.0.0/16" ]; then error encompassingnetworkof-12 ; fi if [ ! `encompassingnetworkof 14.13.1.1 14.12.255.255` = "14.12.0.0/15" ]; then error encompassingnetworkof-13 ; fi fi #------------------------------------------------------------------------- # seqfunc function, creates a sequence of integers from $1 to $2 # Integers only! #------------------------------------------------------------------------- #No external apps needed. #Checks done on the following function: seqfunc () { #SUDO checked unset SEQSTART SEQSTOP SEQCOUNT || : case $# in 0) : ;; 1) SEQSTART=1 ; SEQSTOP=$[ $1 ] ;; *) SEQSTART=$[ $1 ] ; SEQSTOP=$[ $2 ] ;; esac if [ -n "$SEQSTART" ]; then if [ $SEQSTART -eq $SEQSTOP ]; then echo $SEQSTART elif [ $SEQSTART -lt $SEQSTOP ]; then SEQCOUNT=$SEQSTART while [ $SEQCOUNT -le $SEQSTOP ]; do echo $SEQCOUNT SEQCOUNT=$[ $SEQCOUNT + 1 ] done else #$1 > $2 SEQCOUNT=$SEQSTART while [ $SEQCOUNT -ge $SEQSTOP ]; do echo $SEQCOUNT SEQCOUNT=$[ $SEQCOUNT - 1 ] done fi fi } #End of seqfunc if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n seqfunc... if [ ! "`seqfunc 1`" = "1" ]; then error seqfunc-1 ; fi if [ ! "`seqfunc 5`" = "1 2 3 4 5" \ ]; then error seqfunc-2 ; fi if [ ! "`seqfunc -5`" = "1 0 -1 -2 -3 -4 -5" \ ]; then error seqfunc-3 ; fi if [ ! "`seqfunc 1 5`" = "1 2 3 4 5" \ ]; then error seqfunc-4 ; fi if [ ! "`seqfunc 5 5`" = "5" ]; then error seqfunc-5 ; fi if [ ! "`seqfunc 2 -2`" = "2 1 0 -1 -2" \ ]; then error seqfunc-6 ; fi if [ ! "`seqfunc -1 -1`" = "-1" ]; then error seqfunc-7 ; fi if [ ! "`seqfunc`" = "" ]; then error seqfunc-8 ; fi fi #------------------------------------------------------------------------- # substline procedure, replaces $2 with $3 in the given file $1 #------------------------------------------------------------------------- #Params: $1 File that needs the additional line, $2 string to look for, $3 string with which it should be replaced. #Example: #substline somefile "\(^[^#].*\)" "#\1" #Translation: add a # in front of all lines that don't have one. requireutil $SUDO touch cat grep printf umask mktemp sed dd rm || exit 1 #Checks done on the following function: substline() { if [ "$#" != "3" ]; then echo Incorrect number of arguments to substline! >/dev/stderr else #case "$1" in #/*) # echo Filename is not relative in substline! >/dev/stderr # ;; #*) if [ ! -f "$1" ]; then $SUDO touch "$1" fi if $SUDO cat "$1" | grep -q "$2" ; then printf "%-3s%-40s%-50s\n" '-/+' "$1" "$2 -> $3" #Was: echo Replacing \"$2\" with \"$3\" in $1 OLDUMASK=`umask` umask 177 TMPFILE=`mktemp -q /tmp/substline.XXXXXX` if [ $? -ne 0 ]; then echo "$0: Can't create temp file, exiting..." exit 1 fi $SUDO cat "$1" >"$TMPFILE" cat "$TMPFILE" | sed -e "s@$2@$3@g" | $SUDO dd of="$1" 2>/dev/null $SUDO rm -f "$TMPFILE" umask $OLDUMASK fi # ;; #esac fi } if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n substline... REGRESSTESTFILE=`mktemp -q /tmp/$1.XXXXXX` if [ $? -ne 0 ]; then echo "$0: Can't create regression temp file, exiting..." exit 1 fi echo Line 1 >$REGRESSTESTFILE echo Line 2 >>$REGRESSTESTFILE echo Line 3 >>$REGRESSTESTFILE echo Line 4 >>$REGRESSTESTFILE echo Line 5 >>$REGRESSTESTFILE substline $REGRESSTESTFILE "2" "goobers" >/dev/null 2>/dev/null if [ ! "`cat $REGRESSTESTFILE`" = \ "Line 1 Line goobers Line 3 Line 4 Line 5" \ ]; then error substline-1 ; fi substline $REGRESSTESTFILE "Isnt in the file" "ggg" >/dev/null 2>/dev/null if [ ! "`cat $REGRESSTESTFILE`" = \ "Line 1 Line goobers Line 3 Line 4 Line 5" \ ]; then error substline-2 ; fi substline $REGRESSTESTFILE "Line 3" "replacement line" >/dev/null 2>/dev/null if [ ! "`cat $REGRESSTESTFILE`" = \ "Line 1 Line goobers replacement line Line 4 Line 5" \ ]; then error substline-3 ; fi substline $REGRESSTESTFILE "Line 1" "new line 1">/dev/null 2>/dev/null if [ ! "`cat $REGRESSTESTFILE`" = \ "new line 1 Line goobers replacement line Line 4 Line 5" \ ]; then error substline-4 ; fi substline $REGRESSTESTFILE "Line " "circle " >/dev/null 2>/dev/null if [ ! "`cat $REGRESSTESTFILE`" = \ "new line 1 circle goobers replacement line circle 4 circle 5" \ ]; then error substline-5 ; fi substline $REGRESSTESTFILE "e" "qq" >/dev/null 2>/dev/null if [ ! "`cat $REGRESSTESTFILE`" = \ "nqqw linqq 1 circlqq goobqqrs rqqplacqqmqqnt linqq circlqq 4 circlqq 5" \ ]; then error substline-6 ; fi rm -f $REGRESSTESTFILE fi #------------------------------------------------------------------------- # wrap function, which displays the words on the command line, wrapped # at LINELENGTH characters. #------------------------------------------------------------------------- #The linelength must be larger than the longest word in the string. #LINELENGTH is the number of displayed characters. #This should handle command line parameters or stdin. #If WRAPHEADER is set, its value is placed at the head of each line. #Uses $ENH (=-e) from calling app. #No external apps needed. Even if sed and wc missing, we have a less elegant fallback. if type -path sed >/dev/null 2>/dev/null && type -path wc >/dev/null 2>/dev/null ; then #Checks done on the following function: 1 wrap () { if [ -n "$LINELENGTH" ]; then LINELENGTH_INT=$[ $LINELENGTH - `echo -n "$WRAPHEADER" | wc -c` ] else LINELENGTH_INT=$[ 72 - `echo -n "$WRAPHEADER" | wc -c` ] fi if [ $[ $LINELENGTH_INT ] -lt 20 ]; then LINELENGTH_INT=20 fi if [ $# -eq 0 ]; then #Double sed is required as the first sed only thinks there's one ^, even after we've stuck in newlines. sed -e "s/\(.\{1,$LINELENGTH_INT\}\)[[:space:]]\+/\1!!LINEFEED!!/g" -e 's/!!LINEFEED!!/\ /g' | sed -e "s/^/$WRAPHEADER/" else echo $ENH -n "$* " | sed -e "s/\(.\{1,$LINELENGTH_INT\}\)[[:space:]]\+/\1!!LINEFEED!!/g" -e 's/!!LINEFEED!!/\ /g' | sed -e "s/^/$WRAPHEADER/" fi } #End of wrap else #Fall back on alternate form of the function that doesnt need sed or wc. #Checks done on the following function: 1 wrap () { if [ $# -eq 0 ]; then while read LINE ; do echo $LINE ; done else echo $ENH $* fi } #End of wrap fi if [ "$DOREGRESSIONTEST" = "YES" ]; then echo -n wrap... #FIXME - this whacks LINELENGTH in the current shell. LINELENGTH=20 wrap..., perhaps? export LINELENGTH=20 if [ ! "`wrap Hello there, world.`" = \ "Hello there, world." \ ]; then error wrap-1 ; fi if [ ! "`wrap The licenses for most software are designed to take away your freedom to share and change it.`" = \ "The licenses for most software are designed to take away your freedom to share and change it." \ ]; then error wrap-2 ; fi export LINELENGTH=40 if [ ! "`wrap The licenses for most software are designed to take away your freedom to share and change it.`" = \ "The licenses for most software are designed to take away your freedom to share and change it." \ ]; then error wrap-3 ; fi if [ ! "`echo 'The licenses for most software are designed to take away your freedom to share and change it. ' | wrap`" = \ "The licenses for most software are designed to take away your freedom to share and change it." \ ]; then error wrap-4 ; fi unset LINELENGTH fi if [ "$DOREGRESSIONTEST" = "YES" ]; then echo done. echo ---------- Exit with a fanfare ---------- echo `cat $0 | sed -e 's/#.*//' | grep 'error .* fi' | grep -v regression | wc -l` regression tests successful on $SAMVER if [ -d /usr/src/sam-work ]; then date >>/usr/src/sam-work/regression-log echo `cat $0 | sed -e 's/#.*//' | grep 'error .* fi' | grep -v regression | wc -l` regression tests successful on $SAMVER >>/usr/src/sam-work/regression-log fi exit 0 fi ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������mason-1.0.0.orig/nmap-services����������������������������������������������������������������������0100644�0007657�0000764�00000274710�07327036777�015173� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������# This list of services is from the # Nmap security scanner ( http://www.insecure.org/nmap/ ) # # For a HUGE list of services (including these and others), # see http://www.graffiti.com/services tcpmux 1/tcp # TCP Port Service Multiplexer [rfc-1078] tcpmux 1/udp # TCP Port Service Multiplexer compressnet 2/tcp # Management Utility compressnet 2/udp # Management Utility compressnet 3/tcp # Compression Process compressnet 3/udp # Compression Process rje 5/tcp # Remote Job Entry rje 5/udp # Remote Job Entry echo 7/tcp # echo 7/udp # discard 9/tcp # sink null discard 9/udp # sink null systat 11/tcp # Active Users systat 11/udp # Active Users daytime 13/tcp # daytime 13/udp # netstat 15/tcp # qotd 17/tcp # Quote of the Day qotd 17/udp # Quote of the Day msp 18/tcp # Message Send Protocol msp 18/udp # Message Send Protocol chargen 19/tcp # ttytst source Character Generator chargen 19/udp # ttytst source Character Generator ftp-data 20/tcp # File Transfer [Default Data] ftp-data 20/udp # File Transfer [Default Data] ftp 21/tcp # File Transfer [Control] ftp 21/udp # File Transfer [Control] ssh 22/tcp # Secure Shell Login ssh 22/udp # Secure Shell Login telnet 23/tcp # telnet 23/udp # priv-mail 24/tcp # any private mail system priv-mail 24/udp # any private mail system smtp 25/tcp # Simple Mail Transfer smtp 25/udp # Simple Mail Transfer nsw-fe 27/tcp # NSW User System FE nsw-fe 27/udp # NSW User System FE msg-icp 29/tcp # MSG ICP msg-icp 29/udp # MSG ICP msg-auth 31/tcp # MSG Authentication msg-auth 31/udp # MSG Authentication dsp 33/tcp # Display Support Protocol dsp 33/udp # Display Support Protocol priv-print 35/tcp # any private printer server priv-print 35/udp # any private printer server time 37/tcp # timserver time 37/udp # timserver rap 38/tcp # Route Access Protocol rap 38/udp # Route Access Protocol rlp 39/tcp # Resource Location Protocol rlp 39/udp # Resource Location Protocol graphics 41/tcp # graphics 41/udp # nameserver 42/tcp # Host Name Server nameserver 42/udp # Host Name Server whois 43/tcp # nicname shois 43/udp # nicname mpm-flags 44/tcp # MPM FLAGS Protocol mpm-flags 44/udp # MPM FLAGS Protocol mpm 45/tcp # Message Processing Module [recv] mpm 45/udp # Message Processing Module [recv] mpm-snd 46/tcp # MPM [default send] mpm-snd 46/udp # MPM [default send] ni-ftp 47/tcp # NI FTP ni-ftp 47/udp # NI FTP auditd 48/tcp # Digital Audit Daemon auditd 48/udp # Digital Audit Daemon tacacs 49/tcp # Login Host Protocol (TACACS) tacacs 49/udp # Login Host Protocol (TACACS) re-mail-ck 50/tcp # Remote Mail Checking Protocol re-mail-ck 50/udp # Remote Mail Checking Protocol la-maint 51/tcp # IMP Logical Address Maintenance la-maint 51/udp # IMP Logical Address Maintenance xns-time 52/tcp # XNS Time Protocol xns-time 52/udp # XNS Time Protocol domain 53/tcp # Domain Name Server domain 53/udp # Domain Name Server xns-ch 54/tcp # XNS Clearinghouse xns-ch 54/udp # XNS Clearinghouse isi-gl 55/tcp # ISI Graphics Language isi-gl 55/udp # ISI Graphics Language xns-auth 56/tcp # XNS Authentication xns-auth 56/udp # XNS Authentication priv-term 57/tcp # any private terminal access priv-term 57/udp # any private terminal access xns-mail 58/tcp # XNS Mail xns-mail 58/udp # XNS Mail priv-file 59/tcp # any private file service priv-file 59/udp # any private file service ni-mail 61/tcp # NI MAIL ni-mail 61/udp # NI MAIL acas 62/tcp # ACA Services acas 62/udp # ACA Services via-ftp 63/tcp # VIA Systems - FTP & whois++ via-ftp 63/udp # VIA Systems - FTP & whois++ covia 64/tcp # Communications Integrator (CI) covia 64/udp # Communications Integrator (CI) tacacs-ds 65/tcp # TACACS-Database Service tacacs-ds 65/udp # TACACS-Database Service sql*net 66/tcp # Oracle SQL*NET sql*net 66/udp # Oracle SQL*NET bootps 67/tcp # Bootstrap Protocol Server bootps 67/udp # Bootstrap Protocol Server bootpc 68/tcp # Bootstrap Protocol Client bootpc 68/udp # Bootstrap Protocol Client tftp 69/tcp # Trivial File Transfer tftp 69/udp # Trivial File Transfer gopher 70/tcp # gopher 70/udp # netrjs-1 71/tcp # Remote Job Service netrjs-1 71/udp # Remote Job Service netrjs-2 72/tcp # Remote Job Service netrjs-2 72/udp # Remote Job Service netrjs-3 73/tcp # Remote Job Service netrjs-3 73/udp # Remote Job Service netrjs-4 74/tcp # Remote Job Service netrjs-4 74/udp # Remote Job Service priv-dial 75/tcp # any private dial out service priv-dial 75/udp # any private dial out service deos 76/tcp # Distributed External Object Store deos 76/udp # Distributed External Object Store priv-rje 77/tcp # any private RJE service, netrjs priv-rje 77/udp # any private RJE service, netjrs vettcp 78/tcp # vettcp 78/udp # finger 79/tcp # finger 79/udp # http 80/tcp # World Wide Web HTTP http 80/udp # World Wide Web HTTP hosts2-ns 81/tcp # HOSTS2 Name Server hosts2-ns 81/udp # HOSTS2 Name Server xfer 82/tcp # XFER Utility xfer 82/udp # XFER Utility mit-ml-dev 83/tcp # MIT ML Device mit-ml-dev 83/udp # MIT ML Device ctf 84/tcp # Common Trace Facility ctf 84/udp # Common Trace Facility mit-ml-dev 85/tcp # MIT ML Device mit-ml-dev 85/udp # MIT ML Device mfcobol 86/tcp # Micro Focus Cobol mfcobol 86/udp # Micro Focus Cobol priv-term-l 87/tcp # any private terminal link, ttylink kerberos-sec 88/tcp # Kerberos (v5) kerberos-sec 88/udp # Kerberos (v5) su-mit-tg 89/tcp # SU/MIT Telnet Gateway su-mit-tg 89/udp # SU/MIT Telnet Gateway dnsix 90/tcp # DNSIX Securit Attribute Token Map dnsix 90/udp # DNSIX Securit Attribute Token Map mit-dov 91/tcp # MIT Dover Spooler mit-dov 91/udp # MIT Dover Spooler npp 92/tcp # Network Printing Protocol npp 92/udp # Network Printing Protocol dcp 93/tcp # Device Control Protocol dcp 93/udp # Device Control Protocol objcall 94/tcp # Tivoli Object Dispatcher objcall 94/udp # Tivoli Object Dispatcher supdup 95/tcp # BSD supdupd(8) supdup 95/udp # dixie 96/tcp # DIXIE Protocol Specification dixie 96/udp # DIXIE Protocol Specification swift-rvf 97/tcp # Swift Remote Virtural File Protocol swift-rvf 97/udp # Swift Remote Virtural File Protocol linuxconf 98/tcp # linuxconf tacnews 98/udp # TAC News metagram 99/tcp # Metagram Relay metagram 99/udp # Metagram Relay newacct 100/tcp # [unauthorized use] hostname 101/tcp # hostnames NIC Host Name Server hostname 101/udp # hostnames NIC Host Name Server iso-tsap 102/tcp # tsap ISO-TSAP Class 0 iso-tsap 102/udp # tsap ISO-TSAP Class 0 gppitnp 103/tcp # Genesis Point-to-Point Trans Net, or x400 ISO Email gppitnp 103/udp # Genesis Point-to-Point Trans Net acr-nema 104/tcp # ACR-NEMA Digital Imag. & Comm. 300 acr-nema 104/udp # ACR-NEMA Digital Imag. & Comm. 300 csnet-ns 105/tcp # Mailbox Name Nameserver csnet-ns 105/udp # Mailbox Name Nameserver pop3pw 106/tcp # Eudora compatible PW changer 3com-tsmux 106/udp # rtelnet 107/tcp # Remote Telnet rtelnet 107/udp # Remote Telnet Service snagas 108/tcp # SNA Gateway Access Server snagas 108/udp # SNA Gateway Access Server pop-2 109/tcp # PostOffice V.2 pop-2 109/udp # PostOffice V.2 pop-3 110/tcp # PostOffice V.3 pop-3 110/udp # PostOffice V.3 sunrpc 111/tcp # portmapper, rpcbind sunrpc 111/udp # portmapper, rpcbind mcidas 112/tcp # McIDAS Data Transmission Protocol mcidas 112/udp # McIDAS Data Transmission Protocol auth 113/tcp # ident, tap, Authentication Service auth 113/udp # ident, tap, Authentication Service audionews 114/tcp # Audio News Multicast audionews 114/udp # Audio News Multicast sftp 115/tcp # Simple File Transfer Protocol sftp 115/udp # Simple File Transfer Protocol ansanotify 116/tcp # ANSA REX Notify ansanotify 116/udp # ANSA REX Notify uucp-path 117/tcp # UUCP Path Service uucp-path 117/udp # UUCP Path Service sqlserv 118/tcp # SQL Services sqlserv 118/udp # SQL Services nntp 119/tcp # Network News Transfer Protocol nntp 119/udp # Network News Transfer Protocol cfdptkt 120/tcp # cfdptkt 120/udp # erpc 121/tcp # Encore Expedited Remote Pro.Call erpc 121/udp # Encore Expedited Remote Pro.Call smakynet 122/tcp # smakynet 122/udp # ntp 123/tcp # Network Time Protocol ntp 123/udp # Network Time Protocol ansatrader 124/tcp # ANSA REX Trader ansatrader 124/udp # ANSA REX Trader locus-map 125/tcp # Locus PC-Interface Net Map Ser locus-map 125/udp # Locus PC-Interface Net Map Ser unitary 126/tcp # Unisys Unitary Login unitary 126/udp # Unisys Unitary Login locus-con 127/tcp # Locus PC-Interface Conn Server locus-con 127/udp # Locus PC-Interface Conn Server gss-xlicen 128/tcp # GSS X License Verification gss-xlicen 128/udp # GSS X License Verification pwdgen 129/tcp # Password Generator Protocol pwdgen 129/udp # Password Generator Protocol cisco-fna 130/tcp # cisco FNATIVE cisco-fna 130/udp # cisco FNATIVE cisco-tna 131/tcp # cisco TNATIVE cisco-tna 131/udp # cisco TNATIVE cisco-sys 132/tcp # cisco SYSMAINT cisco-sys 132/udp # cisco SYSMAINT statsrv 133/tcp # Statistics Service statsrv 133/udp # Statistics Service ingres-net 134/tcp # INGRES-NET Service ingres-net 134/udp # INGRES-NET Service loc-srv 135/tcp # NCS local location broker loc-srv 135/udp # Location Service profile 136/tcp # PROFILE Naming System profile 136/udp # PROFILE Naming System netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp # NETBIOS Name Service netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp # NETBIOS Datagram Service netbios-ssn 139/tcp # NETBIOS Session Service netbios-ssn 139/udp # NETBIOS Session Service emfis-data 140/tcp # EMFIS Data Service emfis-data 140/udp # EMFIS Data Service emfis-cntl 141/tcp # EMFIS Control Service emfis-cntl 141/udp # EMFIS Control Service bl-idm 142/tcp # Britton-Lee IDM bl-idm 142/udp # Britton-Lee IDM imap2 143/tcp # Interim Mail Access Protocol v2 imap2 143/udp # Interim Mail Access Protocol v2 news 144/tcp # NewS window system news 144/udp # NewS window system uaac 145/tcp # UAAC Protocol uaac 145/udp # UAAC Protocol iso-tp0 146/tcp # iso-tp0 146/udp # iso-ip 147/tcp # iso-ip 147/udp # cronus 148/tcp # CRONUS-SUPPORT cronus 148/udp # CRONUS-SUPPORT aed-512 149/tcp # AED 512 Emulation Service aed-512 149/udp # AED 512 Emulation Service sql-net 150/tcp # sql-net 150/udp # hems 151/tcp # hems 151/udp # bftp 152/tcp # Background File Transfer Program bftp 152/udp # Background File Transfer Program sgmp 153/tcp # sgmp 153/udp # netsc-prod 154/tcp # netsc-prod 154/udp # netsc-dev 155/tcp # netsc-dev 155/udp # sqlsrv 156/tcp # SQL Service sqlsrv 156/udp # SQL Service knet-cmp 157/tcp # KNET/VM Command/Message Protocol knet-cmp 157/udp # KNET/VM Command/Message Protocol pcmail-srv 158/tcp # PCMail Server pcmail-srv 158/udp # PCMail Server nss-routing 159/tcp # nss-routing 159/udp # sgmp-traps 160/tcp # sgmp-traps 160/udp # snmp 161/tcp # snmp 161/udp # Simple Net Mgmt Proto snmptrap 162/tcp # snmp-trap snmptrap 162/udp # snmp-trap cmip-man 163/tcp # CMIP/TCP Manager cmip-man 163/udp # CMIP/TCP Manager cmip-agent 164/tcp # CMIP/TCP Agent smip-agent 164/udp # CMIP/TCP Agent xns-courier 165/tcp # Xerox xns-courier 165/udp # Xerox s-net 166/tcp # Sirius Systems s-net 166/udp # Sirius Systems namp 167/tcp # namp 167/udp # rsvd 168/tcp # rsvd 168/udp # send 169/tcp # send 169/udp # print-srv 170/tcp # Network PostScript print-srv 170/udp # Network PostScript multiplex 171/tcp # Network Innovations Multiplex multiplex 171/udp # Network Innovations Multiplex cl-1 172/tcp # Network Innovations CL/1 cl-1 172/udp # Network Innovations CL/1 xyplex-mux 173/tcp # xyplex-mux 173/udp # mailq 174/tcp # mailq 174/udp # vmnet 175/tcp # vmnet 175/udp # genrad-mux 176/tcp # genrad-mux 176/udp # xdmcp 177/tcp # X Display Mgr. Control Proto xdmcp 177/udp # X Display Manager Control Protocol nextstep 178/tcp # NextStep Window Server nextstep 178/udp # NextStep Window Server bgp 179/tcp # Border Gateway Protocol bgp 179/udp # Border Gateway Protocol ris 180/tcp # Intergraph ris 180/udp # Intergraph unify 181/tcp # unify 181/udp # audit 182/tcp # Unisys Audit SITP audit 182/udp # Unisys Audit SITP ocbinder 183/tcp # ocbinder 183/udp # ocserver 184/tcp # ocserver 184/udp # remote-kis 185/tcp # remote-kis 185/udp # kis 186/tcp # KIS Protocol kis 186/udp # KIS Protocol aci 187/tcp # Application Communication Interface aci 187/udp # Application Communication Interface mumps 188/tcp # Plus Five's MUMPS mumps 188/udp # Plus Five's MUMPS qft 189/tcp # Queued File Transport qft 189/udp # Queued File Transport gacp 190/tcp # Gateway Access Control Protocol cacp 190/udp # Gateway Access Control Protocol prospero 191/tcp # Prospero Directory Service prospero 191/udp # Prospero Directory Service osu-nms 192/tcp # OSU Network Monitoring System osu-nms 192/udp # OSU Network Monitoring System srmp 193/tcp # Spider Remote Monitoring Protocol srmp 193/udp # Spider Remote Monitoring Protocol irc 194/tcp # Internet Relay Chat irc 194/udp # Internet Relay Chat Protocol dn6-nlm-aud 195/tcp # DNSIX Network Level Module Audit dn6-nlm-aud 195/udp # DNSIX Network Level Module Audit dn6-smm-red 196/tcp # DNSIX Session Mgt Module Audit Redir dn6-smm-red 196/udp # DNSIX Session Mgt Module Audit Redir dls 197/tcp # Directory Location Service dls 197/udp # Directory Location Service dls-mon 198/tcp # Directory Location Service Monitor dls-mon 198/udp # Directory Location Service Monitor smux 199/tcp # SNMP Unix Multiplexer smux 199/udp # src 200/tcp # IBM System Resource Controller src 200/udp # IBM System Resource Controller at-rtmp 201/tcp # AppleTalk Routing Maintenance at-rtmp 201/udp # AppleTalk Routing Maintenance at-nbp 202/tcp # AppleTalk Name Binding at-nbp 202/udp # AppleTalk Name Binding at-3 203/tcp # AppleTalk Unused at-3 203/udp # AppleTalk Unused at-echo 204/tcp # AppleTalk Echo at-echo 204/udp # AppleTalk Echo at-5 205/tcp # AppleTalk Unused at-5 205/udp # AppleTalk Unused at-zis 206/tcp # AppleTalk Zone Information at-zis 206/udp # AppleTalk Zone Information at-7 207/tcp # AppleTalk Unused at-7 207/udp # AppleTalk Unused at-8 208/tcp # AppleTalk Unused at-8 208/udp # AppleTalk Unused tam 209/tcp # Trivial Authenticated Mail Protocol tam 209/udp # Trivial Authenticated Mail Protocol z39.50 210/tcp # wais, ANSI Z39.50 z39.50 210/udp # wais, ANSI Z39.50 914c-g 211/tcp # Texas Instruments 914C/G Terminal 914c-g 211/udp # Texas Instruments 914C/G Terminal anet 212/tcp # ATEXSSTR anet 212/udp # ATEXSSTR ipx 213/tcp # ipx 213/udp # vmpwscs 214/tcp # vmpwscs 214/udp # softpc 215/tcp # Insignia Solutions softpc 215/udp # Insignia Solutions atls 216/tcp # Access Technology License Server atls 216/udp # Access Technology License Server dbase 217/tcp # dBASE Unix dbase 217/udp # dBASE Unix mpp 218/tcp # Netix Message Posting Protocol mpp 218/udp # Netix Message Posting Protocol uarps 219/tcp # Unisys ARPs uarps 219/udp # Unisys ARPs imap3 220/tcp # Interactive Mail Access Protocol v3 imap3 220/udp # Interactive Mail Access Protocol v3 fln-spx 221/tcp # Berkeley rlogind with SPX auth fln-spx 221/udp # Berkeley rlogind with SPX auth rsh-spx 222/tcp # Berkeley rshd with SPX auth rsh-spx 222/udp # Berkeley rshd with SPX auth cdc 223/tcp # Certificate Distribution Center cdc 223/udp # Certificate Distribution Center direct 242/tcp # direct 242/udp # sur-meas 243/tcp # Survey Measurement sur-meas 243/udp # Survey Measurement dayna 244/tcp # dayna 244/udp # link 245/tcp # link 245/udp # dsp3270 246/tcp # Display Systems Protocol dsp3270 246/udp # Display Systems Protocol subntbcst_tftp 247/tcp # subntbcst_tftp 247/udp # bhfhs 248/tcp # bhfhs 248/udp # rap 256/tcp # rap 256/udp # set 257/tcp # secure electronic transaction set 257/udp # secure electronic transaction yak-chat 258/tcp # yak winsock personal chat yak-chat 258/udp # yak winsock personal chat esro-gen 259/tcp # efficient short remote operations esro-gen 259/udp # efficient short remote operations openport 260/tcp # openport 260/udp # nsiiops 261/tcp # iiop name service over tls/ssl nsiiops 261/udp # iiop name service over tls/ssl arcisdms 262/tcp # arcisdms 262/udp # hdap 263/tcp # hdap 263/udp # bgmp 264/tcp # bgmp 264/udp # http-mgmt 280/tcp # http-mgmt 280/udp # personal-link 281/tcp # personal-link 281/udp # cableport-ax 282/tcp # cable port a/x cableport-ax 282/udp # cable port a/x novastorbakcup 308/tcp # novastor backup novastorbakcup 308/udp # novastor backup entrusttime 309/tcp # entrusttime 309/udp # bhmds 310/tcp # bhmds 310/udp # asip-webadmin 311/tcp # appleshare ip webadmin asip-webadmin 311/udp # appleshare ip webadmin vslmp 312/tcp # vslmp 312/udp # magenta-logic 313/tcp # magenta-logic 313/udp # opalis-robot 314/tcp # opalis-robot 314/udp # dpsi 315/tcp # dpsi 315/udp # decauth 316/tcp # decauth 316/udp # zannet 317/tcp # zannet 317/udp # pip 321/tcp # pip 321/udp # pdap 344/tcp # Prospero Data Access Protocol pdap 344/udp # Prospero Data Access Protocol pawserv 345/tcp # Perf Analysis Workbench pawserv 345/udp # Perf Analysis Workbench zserv 346/tcp # Zebra server zserv 346/udp # Zebra server fatserv 347/tcp # Fatmen Server fatserv 347/udp # Fatmen Server csi-sgwp 348/tcp # Cabletron Management Protocol csi-sgwp 348/udp # Cabletron Management Protocol mftp 349/tcp # mftp 349/udp # matip-type-a 350/tcp # MATIP Type A matip-type-a 350/udp # matip-type-b 351/tcp # MATIP Type B or bhoetty matip-type-b 351/udp # MATIP Type B or bhoetty dtag-ste-sb 352/tcp # DTAG, or bhoedap4 dtag-ste-sb 352/udp # DTAG, or bhoedap4 ndsauth 353/tcp # ndsauth 353/udp # bh611 354/tcp # bh611 354/udp # datex-asn 355/tcp # datex-asn 355/udp # cloanto-net-1 356/tcp # Cloanto Net 1 cloanto-net-1 356/udp # bhevent 357/tcp # bhevent 357/udp # shrinkwrap 358/tcp # shrinkwrap 358/udp # tenebris_nts 359/tcp # Tenebris Network Trace Service tenebris_nts 359/udp # Tenebris Network Trace Service scoi2odialog 360/tcp # scoi2odialog 360/udp # semantix 361/tcp # semantix 361/udp # srssend 362/tcp # SRS Send srssend 362/udp # SRS Send rsvp_tunnel 363/tcp # rsvp_tunnel 363/udp # aurora-cmgr 364/tcp # aurora-cmgr 364/udp # dtk 365/tcp # Deception Tool Kit (lame -- see www.all.net) dtk 365/udp # Deception Tool Kit (lame -- see www.all.net) odmr 366/tcp # odmr 366/udp # mortgageware 367/tcp # mortgageware 367/udp # qbikgdp 368/tcp # qbikgdp 368/udp # rpc2portmap 369/tcp # rpc2portmap 369/udp # codaauth2 370/tcp # codaauth2 370/udp # clearcase 371/tcp # clearcase 371/udp # ulistserv 372/tcp # Unix Listserv ulistserv 372/udp # Unix Listserv legent-1 373/tcp # Legent Corporation (now Computer Associates Intl.) legent-1 373/udp # Legent Corporation (now Computer Associates Intl.) legent-2 374/tcp # Legent Corporation (now Computer Associates Intl.) legent-2 374/udp # Legent Corporation (now Computer Associates Intl.) hassle 375/tcp # hassle 375/udp # nip 376/tcp # Amiga Envoy Network Inquiry Proto nip 376/udp # Amiga Envoy Network Inquiry Proto tnETOS 377/tcp # NEC Corporation tnETOS 377/udp # NEC Corporation dsETOS 378/tcp # NEC Corporation dsETOS 378/udp # NEC Corporation is99c 379/tcp # TIA/EIA/IS-99 modem client is99c 379/udp # TIA/EIA/IS-99 modem client is99s 380/tcp # TIA/EIA/IS-99 modem server is99s 380/udp # TIA/EIA/IS-99 modem server hp-collector 381/tcp # hp performance data collector hp-collector 381/udp # hp performance data collector hp-managed-node 382/tcp # hp performance data managed node hp-managed-node 382/udp # hp performance data managed node hp-alarm-mgr 383/tcp # hp performance data alarm manager hp-alarm-mgr 383/udp # hp performance data alarm manager arns 384/tcp # A Remote Network Server System arns 384/udp # A Remote Network Server System ibm-app 385/tcp # IBM Application ibm-app 385/udp # IBM Application asa 386/tcp # ASA Message Router Object Def. asa 386/udp # ASA Message Router Object Def. aurp 387/tcp # Appletalk Update-Based Routing Pro. aurp 387/udp # Appletalk Update-Based Routing Pro. unidata-ldm 388/tcp # Unidata LDM Version 4 unidata-ldm 388/udp # Unidata LDM Version 4 ldap 389/tcp # Lightweight Directory Access Protocol ldap 389/udp # Lightweight Directory Access Protocol uis 390/tcp # uis 390/udp # synotics-relay 391/tcp # SynOptics SNMP Relay Port synotics-relay 391/udp # SynOptics SNMP Relay Port synotics-broker 392/tcp # SynOptics Port Broker Port synotics-broker 392/udp # SynOptics Port Broker Port dis 393/tcp # Data Interpretation System dis 393/udp # Data Interpretation System embl-ndt 394/tcp # EMBL Nucleic Data Transfer embl-ndt 394/udp # EMBL Nucleic Data Transfer netcp 395/tcp # NETscout Control Protocol netcp 395/udp # NETscout Control Protocol netware-ip 396/tcp # Novell Netware over IP netware-ip 396/udp # Novell Netware over IP mptn 397/tcp # Multi Protocol Trans. Net. mptn 397/udp # Multi Protocol Trans. Net. kryptolan 398/tcp # kryptolan 398/udp # iso-tsap-c2 399/tcp # ISO-TSAP Class 2 iso-tsap-c2 399/udp # ISO-TSAP Class 2 work-sol 400/tcp # Workstation Solutions work-sol 400/udp # Workstation Solutions ups 401/tcp # Uninterruptible Power Supply ups 401/udp # Uninterruptible Power Supply genie 402/tcp # Genie Protocol genie 402/udp # Genie Protocol decap 403/tcp # decap 403/udp # nced 404/tcp # nced 404/udp # ncld 405/tcp # ncld 405/udp # imsp 406/tcp # Interactive Mail Support Protocol imsp 406/udp # Interactive Mail Support Protocol timbuktu 407/tcp # timbuktu 407/udp # prm-sm 408/tcp # Prospero Resource Manager Sys. Man. prm-sm 408/udp # Prospero Resource Manager Sys. Man. prm-nm 409/tcp # Prospero Resource Manager Node Man. prm-nm 409/udp # Prospero Resource Manager Node Man. decladebug 410/tcp # DECLadebug Remote Debug Protocol decladebug 410/udp # DECLadebug Remote Debug Protocol rmt 411/tcp # Remote MT Protocol rmt 411/udp # Remote MT Protocol synoptics-trap 412/tcp # Trap Convention Port synoptics-trap 412/udp # Trap Convention Port smsp 413/tcp # smsp 413/udp # infoseek 414/tcp # infoseek 414/udp # bnet 415/tcp # bnet 415/udp # silverplatter 416/tcp # silverplatter 416/udp # onmux 417/tcp # onmux 417/udp # hyper-g 418/tcp # hyper-g 418/udp # ariel1 419/tcp # ariel1 419/udp # smpte 420/tcp # smpte 420/udp # ariel2 421/tcp # ariel2 421/udp # ariel3 422/tcp # ariel3 422/udp # opc-job-start 423/tcp # IBM Operations Planning and Control Start opc-job-start 423/udp # IBM Operations Planning and Control Start opc-job-track 424/tcp # IBM Operations Planning and Control Track opc-job-track 424/udp # IBM Operations Planning and Control Track icad-el 425/tcp # icad-el 425/udp # smartsdp 426/tcp # smartsdp 426/udp # svrloc 427/tcp # Server Location svrloc 427/udp # Server Location ocs_cmu 428/tcp # ocs_cmu 428/udp # ocs_amu 429/tcp # ocs_amu 429/udp # utmpsd 430/tcp # utmpsd 430/udp # utmpcd 431/tcp # utmpcd 431/udp # iasd 432/tcp # iasd 432/udp # nnsp 433/tcp # Usenet, Network News Transfer nnsp 433/udp # mobileip-agent 434/tcp # mobileip-agent 434/udp # mobilip-mn 435/tcp # mobilip-mn 435/udp # dna-cml 436/tcp # dna-cml 436/udp # comscm 437/tcp # comscm 437/udp # dsfgw 438/tcp # dsfgw 438/udp # dasp 439/tcp # dasp 439/udp # sgcp 440/tcp # sgcp 440/udp # decvms-sysmgt 441/tcp # decvms-sysmgt 441/udp # cvc_hostd 442/tcp # cvc_hostd 442/udp # https 443/tcp # secure http (SSL) https 443/udp # snpp 444/tcp # Simple Network Paging Protocol snpp 444/udp # Simple Network Paging Protocol microsoft-ds 445/tcp # microsoft-ds 445/udp # ddm-rdb 446/tcp # ddm-rdb 446/udp # ddm-dfm 447/tcp # ddm-dfm 447/udp # ddm-ssl 448/tcp # ddm-byte ddm-ssl 448/udp # ddm-byte as-servermap 449/tcp # AS Server Mapper as-servermap 449/udp # AS Server Mapper tserver 450/tcp # tserver 450/udp # sfs-smp-net 451/tcp # Cray Network Semaphore server sfs-smp-net 451/udp # Cray Network Semaphore server sfs-config 452/tcp # Cray SFS config server sfs-config 452/udp # Cray SFS config server creativeserver 453/tcp # creativeserver 453/udp # contentserver 454/tcp # contentserver 454/udp # creativepartnr 455/tcp # creativepartnr 455/udp # macon-tcp 456/tcp # macon-udp 456/udp # scohelp 457/tcp # scohelp 457/udp # appleqtc 458/tcp # apple quick time appleqtc 458/udp # apple quick time ampr-rcmd 459/tcp # ampr-rcmd 459/udp # skronk 460/tcp # skronk 460/udp # datasurfsrv 461/tcp # datasurfsrv 461/udp # datasurfsrvsec 462/tcp # datasurfsrvsec 462/udp # alpes 463/tcp # alpes 463/udp # kpasswd5 464/tcp # Kerberos (v5) kpasswd5 464/udp # Kerberos (v5) smtps 465/tcp # smtp protocol over TLS/SSL (was ssmtp) smtps 465/udp # smtp protocol over TLS/SSL (was ssmtp) digital-vrc 466/tcp # digital-vrc 466/udp # mylex-mapd 467/tcp # mylex-mapd 467/udp # photuris 468/tcp # Photuris Key Management photuris 468/udp # rcp 469/tcp # Radio Control Protocol rcp 469/udp # Radio Control Protocol scx-proxy 470/tcp # scx-proxy 470/udp # mondex 471/tcp # mondex 471/udp # ljk-login 472/tcp # ljk-login 472/udp # hybrid-pop 473/tcp # hybrid-pop 473/udp # tn-tl-w1 474/tcp # tn-tl-w2 474/udp # tcpnethaspsrv 475/tcp # tcpnethaspsrv 475/udp # tn-tl-fd1 476/tcp # tn-tl-fd1 476/udp # ss7ns 477/tcp # ss7ns 477/udp # spsc 478/tcp # spsc 478/udp # iafserver 479/tcp # iafserver 479/udp # loadsrv 480/tcp # iafdbase 480/udp # dvs 481/tcp # ph 481/udp # bgs-nsi 482/tcp # xlog 482/udp # ulpnet 483/tcp # ulpnet 483/udp # integra-sme 484/tcp # Integra Software Management Environment integra-sme 484/udp # Integra Software Management Environment powerburst 485/tcp # Air Soft Power Burst powerburst 485/udp # Air Soft Power Burst sstats 486/tcp # avian 486/udp # saft 487/tcp # saft Simple Asynchronous File Transfer saft 487/udp # saft Simple Asynchronous File Transfer gss-http 488/tcp # gss-http 488/udp # nest-protocol 489/tcp # nest-protocol 489/udp # micom-pfs 490/tcp # micom-pfs 490/udp # go-login 491/tcp # go-login 491/udp # ticf-1 492/tcp # Transport Independent Convergence for FNA ticf-1 492/udp # Transport Independent Convergence for FNA ticf-2 493/tcp # Transport Independent Convergence for FNA ticf-2 493/udp # Transport Independent Convergence for FNA pov-ray 494/tcp # pov-ray 494/udp # intecourier 495/tcp # intecourier 495/udp # pim-rp-disc 496/tcp # pim-rp-disc 496/udp # dantz 497/tcp # dantz 497/udp # siam 498/tcp # siam 498/udp # iso-ill 499/tcp # ISO ILL Protocol iso-ill 499/udp # ISO ILL Protocol isakmp 500/tcp # isakmp 500/udp # stmf 501/tcp # stmf 501/udp # asa-appl-proto 502/tcp # asa-appl-proto 502/udp # intrinsa 503/tcp # intrinsa 503/udp # citadel 504/tcp # citadel 504/udp # mailbox-lm 505/tcp # mailbox-lm 505/udp # ohimsrv 506/tcp # ohimsrv 506/udp # crs 507/tcp # crs 507/udp # xvttp 508/tcp # xvttp 508/udp # snare 509/tcp # snare 509/udp # fcp 510/tcp # FirstClass Protocol fcp 510/udp # FirstClass Protocol passgo 511/tcp # passgo 511/udp # exec 512/tcp # BSD rexecd(8) biff 512/udp # comsat login 513/tcp # BSD rlogind(8) who 513/udp # BSD rwhod(8) shell 514/tcp # BSD rshd(8) syslog 514/udp # BSD syslogd(8) printer 515/tcp # spooler (lpd) printer 515/udp # spooler (lpd) videotex 516/tcp # videotex 516/udp # talk 517/tcp # like tenex link, but across talk 517/udp # BSD talkd(8) ntalk 518/tcp # (talkd) ntalk 518/udp # (talkd) utime 519/tcp # unixtime utime 519/udp # unixtime efs 520/tcp # extended file name server route 520/udp # router routed -- RIP ripng 521/tcp # ripng 521/udp # ulp 522/tcp # ulp 522/udp # ibm-db2 523/tcp # ibm-db2 523/udp # ncp 524/tcp # ncp 524/udp # timed 525/tcp # timeserver timed 525/udp # timeserver tempo 526/tcp # newdate tempo 526/udp # newdate stx 527/tcp # Stock IXChange stx 527/udp # Stock IXChange custix 528/tcp # Customer IXChange custix 528/udp # Customer IXChange irc-serv 529/tcp # irc-serv 529/udp # courier 530/tcp # rpc courier 530/udp # rpc conference 531/tcp # chat conference 531/udp # chat netnews 532/tcp # readnews netnews 532/udp # readnews netwall 533/tcp # for emergency broadcasts netwall 533/udp # for emergency broadcasts mm-admin 534/tcp # MegaMedia Admin mm-admin 534/udp # MegaMedia Admin iiop 535/tcp # iiop 535/udp # opalis-rdv 536/tcp # opalis-rdv 536/udp # nmsp 537/tcp # Networked Media Streaming Protocol nmsp 537/udp # Networked Media Streaming Protocol gdomap 538/tcp # gdomap 538/udp # apertus-ldp 539/tcp # Apertus Technologies Load Determination apertus-ldp 539/udp # Apertus Technologies Load Determination uucp 540/tcp # uucpd uucp 540/udp # uucpd uucp-rlogin 541/tcp # uucp-rlogin 541/udp # commerce 542/tcp # commerce 542/udp # klogin 543/tcp # Kerberos (v4/v5) klogin 543/udp # Kerberos (v4/v5) kshell 544/tcp # krcmd Kerberos (v4/v5) kshell 544/udp # krcmd Kerberos (v4/v5) ekshell 545/tcp # Kerberos encrypted remote shell -kfall appleqtcsrvr 545/udp # dhcpv6-client 546/tcp # DHCPv6 Client dhcpv6-client 546/udp # DHCPv6 Client dhcpv6-server 547/tcp # DHCPv6 Server dhcpv6-server 547/udp # DHCPv6 Server afpovertcp 548/tcp # AFP over TCP afpovertcp 548/udp # AFP over UDP idfp 549/tcp # idfp 549/udp # new-rwho 550/tcp # new-who new-rwho 550/udp # new-who cybercash 551/tcp # cybercash 551/udp # deviceshare 552/tcp # deviceshare 552/udp # pirp 553/tcp # pirp 553/udp # rtsp 554/tcp # Real Time Stream Control Protocol rtsp 554/udp # Real Time Stream Control Protocol dsf 555/tcp # dsf 555/udp # remotefs 556/tcp # rfs, rfs_server, Brunhoff remote filesystem remotefs 556/udp # rfs, rfs_server, Brunhoff remote filesystem openvms-sysipc 557/tcp # openvms-sysipc 557/udp # sdnskmp 558/tcp # sdnskmp 558/udp # teedtap 559/tcp # teedtap 559/udp # rmonitor 560/tcp # rmonitord rmonitor 560/udp # rmonitord monitor 561/tcp # monitor 561/udp # chshell 562/tcp # chcmd chshell 562/udp # chcmd snews 563/tcp # snews 563/udp # 9pfs 564/tcp # plan 9 file service 9pfs 564/udp # plan 9 file service whoami 565/tcp # whoami 565/udp # streettalk 566/tcp # banyan-rpc 567/tcp # banyan-rpc 567/udp # ms-shuttle 568/tcp # Microsoft shuttle ms-shuttle 568/udp # Microsoft shuttle ms-rome 569/tcp # Microsoft rome ms-rome 569/udp # Microsoft rome meter 570/tcp # demon meter 570/udp # demon umeter 571/tcp # udemon umeter 571/udp # udemon sonar 572/tcp # sonar 572/udp # banyan-vip 573/tcp # banyan-vip 573/udp # ftp-agent 574/tcp # FTP Software Agent System ftp-agent 574/udp # FTP Software Agent System vemmi 575/tcp # vemmi 575/udp # ipcd 576/tcp # ipcd 576/udp # vnas 577/tcp # vnas 577/udp # ipdd 578/tcp # ipdd 578/udp # decbsrv 579/tcp # decbsrv 579/udp # sntp-heartbeat 580/tcp # sntp-heartbeat 580/udp # bdp 581/tcp # Bundle Discovery Protocol bdp 581/udp # Bundle Discovery Protocol scc-security 582/tcp # scc-security 582/udp # philips-vc 583/tcp # Philips Video-Conferencing philips-vc 583/udp # Philips Video-Conferencing keyserver 584/tcp # keyserver 584/udp # imap4-ssl 585/tcp # IMAP4+SSL (use of 585 is not recommended, imap4-ssl 585/udp # use 993 instead) password-chg 586/tcp # password-chg 586/udp # submission 587/tcp # submission 587/udp # cal 588/tcp # cal 588/udp # eyelink 589/tcp # eyelink 589/udp # tns-cml 590/tcp # tns-cml 590/udp # http-alt 591/tcp # FileMaker, Inc. - HTTP Alternate http-alt 591/udp # FileMaker, Inc. - HTTP Alternate eudora-set 592/tcp # eudora-set 592/udp # http-rpc-epmap 593/tcp # HTTP RPC Ep Map http-rpc-epmap 593/udp # HTTP RPC Ep Map tpip 594/tcp # tpip 594/udp # cab-protocol 595/tcp # cab-protocol 595/udp # smsd 596/tcp # smsd 596/udp # ptcnameservice 597/tcp # PTC Name Service ptcnameservice 597/udp # PTC Name Service sco-websrvrmg3 598/tcp # SCO Web Server Manager 3 sco-websrvrmg3 598/udp # SCO Web Server Manager 3 acp 599/tcp # Aeolon Core Protocol acp 599/udp # Aeolon Core Protocol ipcserver 600/tcp # Sun IPC server ipcserver 600/udp # Sun IPC server urm 606/tcp # Cray Unified Resource Manager urm 606/udp # Cray Unified Resource Manager nqs 607/tcp # nqs 607/udp # sift-uft 608/tcp # Sender-Initiated/Unsolicited File Transfer sift-uft 608/udp # Sender-Initiated/Unsolicited File Transfer npmp-trap 609/tcp # npmp-trap 609/udp # npmp-local 610/tcp # npmp-local 610/udp # npmp-gui 611/tcp # npmp-gui 611/udp # qmqp 628/tcp # Qmail Quick Mail Queueing cups 631/tcp # http://www.cups.org (Common UNIX Printing System) ginad 634/tcp # ginad 634/udp # mount 635/udp # NFS Mount Service ldapssl 636/tcp # LDAP over SSL pcnfs 640/udp # PC-NFS DOS Authentication bwnfs 650/udp # BW-NFS DOS Authentication doom 666/tcp # doom Id Software doom 666/udp # doom Id Software resvc 691/tcp # The Microsoft Exchange 2000 Server Routing Service elcsd 704/tcp # errlog copy/server daemon elcsd 704/udp # errlog copy/server daemon entrustmanager 709/tcp # EntrustManager - NorTel DES auth network see 389/tcp entrustmanager 709/udp # EntrustManager - NorTel DES auth network see 389/tcp netviewdm1 729/tcp # IBM NetView DM/6000 Server/Client netviewdm1 729/udp # IBM NetView DM/6000 Server/Client netviewdm2 730/tcp # IBM NetView DM/6000 send/tcp netviewdm2 730/udp # IBM NetView DM/6000 send/tcp netviewdm3 731/tcp # IBM NetView DM/6000 receive/tcp netviewdm3 731/udp # IBM NetView DM/6000 receive/tcp sometimes-rpc2 737/udp # Rusersd on my OpenBSD box netcp 740/tcp # NETscout Control Protocol netcp 740/udp # NETscout Control Protocol netgw 741/tcp # netgw 741/udp # netrcs 742/tcp # Network based Rev. Cont. Sys. netrcs 742/udp # Network based Rev. Cont. Sys. flexlm 744/tcp # Flexible License Manager flexlm 744/udp # Flexible License Manager fujitsu-dev 747/tcp # Fujitsu Device Control fujitsu-dev 747/udp # Fujitsu Device Control ris-cm 748/tcp # Russell Info Sci Calendar Manager ris-cm 748/udp # Russell Info Sci Calendar Manager kerberos-adm 749/tcp # Kerberos 5 admin/changepw kerberos-adm 749/udp # Kerberos 5 admin/changepw kerberos 750/tcp # kdc Kerberos (v4) kerberos 750/udp # kdc Kerberos (v4) kerberos_master 751/tcp # Kerberos `kadmin' (v4) kerberos_master 751/udp # Kerberos `kadmin' (v4) qrh 752/tcp # qrh 752/udp # rrh 753/tcp # rrh 753/udp # krb_prop 754/tcp # kerberos/v5 server propagation nlogin 758/tcp # nlogin 758/udp # con 759/tcp # con 759/udp # krbupdate 760/tcp # kreg Kerberos (v4) registration ns 760/udp # kpasswd 761/tcp # kpwd Kerberos (v4) "passwd" rxe 761/udp # quotad 762/tcp # quotad 762/udp # cycleserv 763/tcp # cycleserv 763/udp # omserv 764/tcp # omserv 764/udp # webster 765/tcp # webster 765/udp # phonebook 767/tcp # phone phonebook 767/udp # phone vid 769/tcp # vid 769/udp # cadlock 770/tcp # cadlock 770/udp # rtip 771/tcp # rtip 771/udp # cycleserv2 772/tcp # cycleserv2 772/udp # submit 773/tcp # notify 773/udp # rpasswd 774/tcp # acmaint_dbd 774/udp # entomb 775/tcp # acmaint_transd 775/udp # wpages 776/tcp # wpages 776/udp # wpgs 780/tcp # wpgs 780/udp # hp-collector 781/tcp # hp performance data collector hp-collector 781/udp # hp performance data collector hp-managed-node 782/tcp # hp performance data managed node hp-managed-node 782/udp # hp performance data managed node hp-alarm-mgr 783/tcp # hp performance data alarm manager hp-alarm-mgr 783/udp # hp performance data alarm manager concert 786/tcp # concert 786/udp # controlit 799/tcp mdbs_daemon 800/tcp # mdbs_daemon 800/udp # device 801/tcp # device 801/udp # supfilesrv 871/tcp # SUP server rsync 873/tcp # Rsync server ( http://rsync.samba.org ) accessbuilder 888/tcp # or Audio CD Database accessbuilder 888/udp # ftps-data 989/tcp # ftp protocol, data, over TLS/SSL samba-swat 901/tcp # Samba SWAT tool. Also used by ISS RealSecure. oftep-rpc 950/tcp # Often RPC.statd (on Redhat Linux) rndc 953/tcp # RNDC is used by BIND 9 (& probably other NS) ftps 990/tcp # ftp protocol, control, over TLS/SSL telnets 992/tcp # telnet protocol over TLS/SSL imaps 993/tcp # imap4 protocol over TLS/SSL ircs 994/tcp # irc protocol over TLS/SSL pop3s 995/tcp # POP3 protocol over TLS/SSL xtreelic 996/tcp # XTREE License Server vsinet 996/udp # maitrd 997/tcp # maitrd 997/udp # busboy 998/tcp # puparp 998/udp # garcon 999/tcp # applix 999/udp # Applix ac cadlock 1000/tcp # ock 1000/udp # ufsd 1008/tcp # ufsd # UFS-aware server ufsd 1008/udp # sometimes-rpc1 1012/udp # This is rstatd on my openBSD box kdm 1024/tcp # K Display Manager (KDE version of xdm) listen 1025/tcp # listener RFS remote_file_sharing blackjack 1025/udp # network blackjack nterm 1026/tcp # remote_login network_terminal iad1 1030/tcp # BBN IAD iad1 1030/udp # BBN IAD iad2 1031/tcp # BBN IAD iad2 1031/udp # BBN IAD iad3 1032/tcp # BBN IAD iad3 1032/udp # BBN IAD nim 1058/tcp # nim 1058/udp # nimreg 1059/tcp # nimreg 1059/udp # instl_boots 1067/tcp # Installation Bootstrap Proto. Serv. instl_boots 1067/udp # Installation Bootstrap Proto. Serv. instl_bootc 1068/tcp # Installation Bootstrap Proto. Cli. instl_bootc 1068/udp # Installation Bootstrap Proto. Cli. socks 1080/tcp # socks 1080/udp # ansoft-lm-1 1083/tcp # Anasoft License Manager ansoft-lm-1 1083/udp # Anasoft License Manager ansoft-lm-2 1084/tcp # Anasoft License Manager ansoft-lm-2 1084/udp # Anasoft License Manager xaudio 1103/tcp # Xaserver # X Audio Server kpop 1109/tcp # Pop with Kerberos nfsd-status 1110/tcp # Cluster status info nfsd-keepalive 1110/udp # Client status info msql 1112/tcp # mini-sql server supfiledbg 1127/tcp # SUP debugging nfa 1155/tcp # Network File Access nfa 1155/udp # Network File Access phone 1167/udp # conference calling skkserv 1178/tcp # SKK (kanji input) lupa 1212/tcp # lupa 1212/udp # nerv 1222/tcp # SNI R&D network nerv 1222/udp # SNI R&D network hotline 1234/tcp # msg 1241/tcp # remote message server hermes 1248/tcp # hermes 1248/udp # alta-ana-lm 1346/tcp # Alta Analytics License Manager alta-ana-lm 1346/udp # Alta Analytics License Manager bbn-mmc 1347/tcp # multi media conferencing bbn-mmc 1347/udp # multi media conferencing bbn-mmx 1348/tcp # multi media conferencing bbn-mmx 1348/udp # multi media conferencing sbook 1349/tcp # Registration Network Protocol sbook 1349/udp # Registration Network Protocol editbench 1350/tcp # Registration Network Protocol editbench 1350/udp # Registration Network Protocol equationbuilder 1351/tcp # Digital Tool Works (MIT) equationbuilder 1351/udp # Digital Tool Works (MIT) lotusnotes 1352/tcp # Lotus Note lotusnotes 1352/udp # Lotus Note relief 1353/tcp # Relief Consulting relief 1353/udp # Relief Consulting rightbrain 1354/tcp # RightBrain Software rightbrain 1354/udp # RightBrain Software intuitive-edge 1355/tcp # Intuitive Edge intuitive-edge 1355/udp # Intuitive Edge cuillamartin 1356/tcp # CuillaMartin Company cuillamartin 1356/udp # CuillaMartin Company pegboard 1357/tcp # Electronic PegBoard pegboard 1357/udp # Electronic PegBoard connlcli 1358/tcp # connlcli 1358/udp # ftsrv 1359/tcp # ftsrv 1359/udp # mimer 1360/tcp # mimer 1360/udp # linx 1361/tcp # linx 1361/udp # timeflies 1362/tcp # timeflies 1362/udp # ndm-requester 1363/tcp # Network DataMover Requester ndm-requester 1363/udp # Network DataMover Requester ndm-server 1364/tcp # Network DataMover Server ndm-server 1364/udp # Network DataMover Server adapt-sna 1365/tcp # Network Software Associates adapt-sna 1365/udp # Network Software Associates netware-csp 1366/tcp # Novell NetWare Comm Service Platform netware-csp 1366/udp # Novell NetWare Comm Service Platform dcs 1367/tcp # dcs 1367/udp # screencast 1368/tcp # screencast 1368/udp # gv-us 1369/tcp # GlobalView to Unix Shell gv-us 1369/udp # GlobalView to Unix Shell us-gv 1370/tcp # Unix Shell to GlobalView us-gv 1370/udp # Unix Shell to GlobalView fc-cli 1371/tcp # Fujitsu Config Protocol fc-cli 1371/udp # Fujitsu Config Protocol fc-ser 1372/tcp # Fujitsu Config Protocol fc-ser 1372/udp # Fujitsu Config Protocol chromagrafx 1373/tcp # chromagrafx 1373/udp # molly 1374/tcp # EPI Software Systems molly 1374/udp # EPI Software Systems bytex 1375/tcp # bytex 1375/udp # ibm-pps 1376/tcp # IBM Person to Person Software ibm-pps 1376/udp # IBM Person to Person Software cichlid 1377/tcp # Cichlid License Manager cichlid 1377/udp # Cichlid License Manager elan 1378/tcp # Elan License Manager elan 1378/udp # Elan License Manager dbreporter 1379/tcp # Integrity Solutions dbreporter 1379/udp # Integrity Solutions telesis-licman 1380/tcp # Telesis Network License Manager telesis-licman 1380/udp # Telesis Network License Manager apple-licman 1381/tcp # Apple Network License Manager apple-licman 1381/udp # Apple Network License Manager gwha 1383/tcp # GW Hannaway Network License Manager gwha 1383/udp # GW Hannaway Network License Manager os-licman 1384/tcp # Objective Solutions License Manager os-licman 1384/udp # Objective Solutions License Manager atex_elmd 1385/tcp # Atex Publishing License Manager atex_elmd 1385/udp # Atex Publishing License Manager checksum 1386/tcp # CheckSum License Manager checksum 1386/udp # CheckSum License Manager cadsi-lm 1387/tcp # Computer Aided Design Software Inc LM cadsi-lm 1387/udp # Computer Aided Design Software Inc LM objective-dbc 1388/tcp # Objective Solutions DataBase Cache objective-dbc 1388/udp # Objective Solutions DataBase Cache iclpv-dm 1389/tcp # Document Manager iclpv-dm 1389/udp # Document Manager iclpv-sc 1390/tcp # Storage Controller iclpv-sc 1390/udp # Storage Controller iclpv-sas 1391/tcp # Storage Access Server iclpv-sas 1391/udp # Storage Access Server iclpv-pm 1392/tcp # Print Manager iclpv-pm 1392/udp # Print Manager iclpv-nls 1393/tcp # Network Log Server iclpv-nls 1393/udp # Network Log Server iclpv-nlc 1394/tcp # Network Log Client iclpv-nlc 1394/udp # Network Log Client iclpv-wsm 1395/tcp # PC Workstation Manager software iclpv-wsm 1395/udp # PC Workstation Manager software dvl-activemail 1396/tcp # DVL Active Mail dvl-activemail 1396/udp # DVL Active Mail audio-activmail 1397/tcp # Audio Active Mail audio-activmail 1397/udp # Audio Active Mail video-activmail 1398/tcp # Video Active Mail video-activmail 1398/udp # Video Active Mail cadkey-licman 1399/tcp # Cadkey License Manager cadkey-licman 1399/udp # Cadkey License Manager cadkey-tablet 1400/tcp # Cadkey Tablet Daemon cadkey-tablet 1400/udp # Cadkey Tablet Daemon goldleaf-licman 1401/tcp # Goldleaf License Manager goldleaf-licman 1401/udp # Goldleaf License Manager prm-sm-np 1402/tcp # Prospero Resource Manager prm-sm-np 1402/udp # Prospero Resource Manager prm-nm-np 1403/tcp # Prospero Resource Manager prm-nm-np 1403/udp # Prospero Resource Manager igi-lm 1404/tcp # Infinite Graphics License Manager igi-lm 1404/udp # Infinite Graphics License Manager ibm-res 1405/tcp # IBM Remote Execution Starter ibm-res 1405/udp # IBM Remote Execution Starter netlabs-lm 1406/tcp # NetLabs License Manager netlabs-lm 1406/udp # NetLabs License Manager dbsa-lm 1407/tcp # DBSA License Manager dbsa-lm 1407/udp # DBSA License Manager sophia-lm 1408/tcp # Sophia License Manager sophia-lm 1408/udp # Sophia License Manager here-lm 1409/tcp # Here License Manager here-lm 1409/udp # Here License Manager hiq 1410/tcp # HiQ License Manager hiq 1410/udp # HiQ License Manager af 1411/tcp # AudioFile af 1411/udp # AudioFile innosys 1412/tcp # innosys 1412/udp # innosys-acl 1413/tcp # innosys-acl 1413/udp # ibm-mqseries 1414/tcp # IBM MQSeries ibm-mqseries 1414/udp # IBM MQSeries dbstar 1415/tcp # dbstar 1415/udp # novell-lu6.2 1416/tcp # Novell LU6.2 novell-lu6.2 1416/udp # Novell LU6.2 timbuktu-srv1 1417/tcp # Timbuktu Service 1 Port timbuktu-srv1 1417/udp # Timbuktu Service 1 Port timbuktu-srv2 1418/tcp # Timbuktu Service 2 Port timbuktu-srv2 1418/udp # Timbuktu Service 2 Port timbuktu-srv3 1419/tcp # Timbuktu Service 3 Port timbuktu-srv3 1419/udp # Timbuktu Service 3 Port timbuktu-srv4 1420/tcp # Timbuktu Service 4 Port timbuktu-srv4 1420/udp # Timbuktu Service 4 Port gandalf-lm 1421/tcp # Gandalf License Manager gandalf-lm 1421/udp # Gandalf License Manager autodesk-lm 1422/tcp # Autodesk License Manager autodesk-lm 1422/udp # Autodesk License Manager essbase 1423/tcp # Essbase Arbor Software essbase 1423/udp # Essbase Arbor Software hybrid 1424/tcp # Hybrid Encryption Protocol hybrid 1424/udp # Hybrid Encryption Protocol zion-lm 1425/tcp # Zion Software License Manager zion-lm 1425/udp # Zion Software License Manager sas-1 1426/tcp # Satellite-data Acquisition System 1 sas-1 1426/udp # Satellite-data Acquisition System 1 mloadd 1427/tcp # mloadd monitoring tool mloadd 1427/udp # mloadd monitoring tool informatik-lm 1428/tcp # Informatik License Manager informatik-lm 1428/udp # Informatik License Manager nms 1429/tcp # Hypercom NMS nms 1429/udp # Hypercom NMS tpdu 1430/tcp # Hypercom TPDU tpdu 1430/udp # Hypercom TPDU rgtp 1431/tcp # Reverse Gossip Transport rgtp 1431/udp # Reverse Gossip Transport blueberry-lm 1432/tcp # Blueberry Software License Manager blueberry-lm 1432/udp # Blueberry Software License Manager ms-sql-s 1433/tcp # Microsoft-SQL-Server ms-sql-s 1433/udp # Microsoft-SQL-Server ms-sql-m 1434/tcp # Microsoft-SQL-Monitor ms-sql-m 1434/udp # Microsoft-SQL-Monitor ibm-cics 1435/tcp # ibm-cics 1435/udp # sas-2 1436/tcp # Satellite-data Acquisition System 2 sas-2 1436/udp # Satellite-data Acquisition System 2 tabula 1437/tcp # tabula 1437/udp # eicon-server 1438/tcp # Eicon Security Agent/Server eicon-server 1438/udp # Eicon Security Agent/Server eicon-x25 1439/tcp # Eicon X25/SNA Gateway eicon-x25 1439/udp # Eicon X25/SNA Gateway eicon-slp 1440/tcp # Eicon Service Location Protocol eicon-slp 1440/udp # Eicon Service Location Protocol cadis-1 1441/tcp # Cadis License Management cadis-1 1441/udp # Cadis License Management cadis-2 1442/tcp # Cadis License Management cadis-2 1442/udp # Cadis License Management ies-lm 1443/tcp # Integrated Engineering Software ies-lm 1443/udp # Integrated Engineering Software marcam-lm 1444/tcp # Marcam License Management marcam-lm 1444/udp # Marcam License Management proxima-lm 1445/tcp # Proxima License Manager proxima-lm 1445/udp # Proxima License Manager ora-lm 1446/tcp # Optical Research Associates License Manager ora-lm 1446/udp # Optical Research Associates License Manager apri-lm 1447/tcp # Applied Parallel Research LM apri-lm 1447/udp # Applied Parallel Research LM oc-lm 1448/tcp # OpenConnect License Manager oc-lm 1448/udp # OpenConnect License Manager peport 1449/tcp # peport 1449/udp # dwf 1450/tcp # Tandem Distributed Workbench Facility dwf 1450/udp # Tandem Distributed Workbench Facility infoman 1451/tcp # IBM Information Management infoman 1451/udp # IBM Information Management gtegsc-lm 1452/tcp # GTE Government Systems License Man gtegsc-lm 1452/udp # GTE Government Systems License Man genie-lm 1453/tcp # Genie License Manager genie-lm 1453/udp # Genie License Manager interhdl_elmd 1454/tcp # interHDL License Manager interhdl_elmd 1454/udp # interHDL License Manager esl-lm 1455/tcp # ESL License Manager esl-lm 1455/udp # ESL License Manager dca 1456/tcp # dca 1456/udp # valisys-lm 1457/tcp # Valisys License Manager valisys-lm 1457/udp # Valisys License Manager nrcabq-lm 1458/tcp # Nichols Research Corp. nrcabq-lm 1458/udp # Nichols Research Corp. proshare1 1459/tcp # Proshare Notebook Application proshare1 1459/udp # Proshare Notebook Application proshare2 1460/tcp # Proshare Notebook Application proshare2 1460/udp # Proshare Notebook Application ibm_wrless_lan 1461/tcp # IBM Wireless LAN ibm_wrless_lan 1461/udp # IBM Wireless LAN world-lm 1462/tcp # World License Manager world-lm 1462/udp # World License Manager nucleus 1463/tcp # nucleus 1463/udp # msl_lmd 1464/tcp # MSL License Manager msl_lmd 1464/udp # MSL License Manager pipes 1465/tcp # Pipes Platform pipes 1465/udp # oceansoft-lm 1466/tcp # Ocean Software License Manager oceansoft-lm 1466/udp # Ocean Software License Manager csdmbase 1467/tcp # csdmbase 1467/udp # csdm 1468/tcp # csdm 1468/udp # aal-lm 1469/tcp # Active Analysis Limited License Manager aal-lm 1469/udp # Active Analysis Limited License Manager uaiact 1470/tcp # Universal Analytics uaiact 1470/udp # Universal Analytics csdmbase 1471/tcp # csdmbase 1471/udp # csdm 1472/tcp # csdm 1472/udp # openmath 1473/tcp # openmath 1473/udp # telefinder 1474/tcp # telefinder 1474/udp # taligent-lm 1475/tcp # Taligent License Manager taligent-lm 1475/udp # Taligent License Manager clvm-cfg 1476/tcp # clvm-cfg 1476/udp # ms-sna-server 1477/tcp # ms-sna-server 1477/udp # ms-sna-base 1478/tcp # ms-sna-base 1478/udp # dberegister 1479/tcp # dberegister 1479/udp # pacerforum 1480/tcp # pacerforum 1480/udp # airs 1481/tcp # airs 1481/udp # miteksys-lm 1482/tcp # Miteksys License Manager miteksys-lm 1482/udp # Miteksys License Manager afs 1483/tcp # AFS License Manager afs 1483/udp # AFS License Manager confluent 1484/tcp # Confluent License Manager confluent 1484/udp # Confluent License Manager lansource 1485/tcp # lansource 1485/udp # nms_topo_serv 1486/tcp # nms_topo_serv 1486/udp # localinfosrvr 1487/tcp # localinfosrvr 1487/udp # docstor 1488/tcp # docstor 1488/udp # dmdocbroker 1489/tcp # dmdocbroker 1489/udp # insitu-conf 1490/tcp # insitu-conf 1490/udp # anynetgateway 1491/tcp # anynetgateway 1491/udp # stone-design-1 1492/tcp # stone-design-1 1492/udp # netmap_lm 1493/tcp # netmap_lm 1493/udp # citrix-ica 1494/tcp # citrix-ica 1494/udp # cvc 1495/tcp # cvc 1495/udp # liberty-lm 1496/tcp # liberty-lm 1496/udp # rfx-lm 1497/tcp # rfx-lm 1497/udp # watcom-sql 1498/tcp # watcom-sql 1498/udp # fhc 1499/tcp # Federico Heinz Consultora fhc 1499/udp # Federico Heinz Consultora vlsi-lm 1500/tcp # VLSI License Manager vlsi-lm 1500/udp # VLSI License Manager sas-3 1501/tcp # Satellite-data Acquisition System 3 sas-3 1501/udp # Satellite-data Acquisition System 3 shivadiscovery 1502/tcp # Shiva shivadiscovery 1502/udp # Shiva imtc-mcs 1503/tcp # Databeam imtc-mcs 1503/udp # Databeam evb-elm 1504/tcp # EVB Software Engineering License Manager evb-elm 1504/udp # EVB Software Engineering License Manager funkproxy 1505/tcp # Funk Software, Inc. funkproxy 1505/udp # Funk Software, Inc. utcd 1506/tcp # Universal Time daemon (utcd) utcd 1506/udp # Universal Time daemon (utcd) symplex 1507/tcp # symplex 1507/udp # diagmond 1508/tcp # diagmond 1508/udp # robcad-lm 1509/tcp # Robcad, Ltd. License Manager robcad-lm 1509/udp # Robcad, Ltd. License Manager mvx-lm 1510/tcp # Midland Valley Exploration Ltd. Lic. Man. mvx-lm 1510/udp # Midland Valley Exploration Ltd. Lic. Man. 3l-l1 1511/tcp # 3l-l1 1511/udp # wins 1512/tcp # Microsoft's Windows Internet Name Service wins 1512/udp # Microsoft's Windows Internet Name Service fujitsu-dtc 1513/tcp # Fujitsu Systems Business of America, Inc fujitsu-dtc 1513/udp # Fujitsu Systems Business of America, Inc fujitsu-dtcns 1514/tcp # Fujitsu Systems Business of America, Inc fujitsu-dtcns 1514/udp # Fujitsu Systems Business of America, Inc ifor-protocol 1515/tcp # ifor-protocol 1515/udp # vpad 1516/tcp # Virtual Places Audio data vpad 1516/udp # Virtual Places Audio data vpac 1517/tcp # Virtual Places Audio control vpac 1517/udp # Virtual Places Audio control vpvd 1518/tcp # Virtual Places Video data vpvd 1518/udp # Virtual Places Video data vpvc 1519/tcp # Virtual Places Video control vpvc 1519/udp # Virtual Places Video control atm-zip-office 1520/tcp # atm zip office atm-zip-office 1520/udp # atm zip office ncube-lm 1521/tcp # nCube License Manager ncube-lm 1521/udp # nCube License Manager rna-lm 1522/tcp # Ricardo North America License Manager rna-lm 1522/udp # Ricardo North America License Manager cichild-lm 1523/tcp # cichild-lm 1523/udp # ingreslock 1524/tcp # ingres ingreslock 1524/udp # ingres orasrv 1525/tcp # oracle or Prospero Directory Service non-priv orasrv 1525/udp # oracle pdap-np 1526/tcp # Prospero Data Access Prot non-priv pdap-np 1526/udp # Prospero Data Access Prot non-priv tlisrv 1527/tcp # oracle tlisrv 1527/udp # oracle mciautoreg 1528/tcp # mciautoreg 1528/udp # support 1529/tcp # prmsd gnatsd # cygnus bug tracker coauthor 1529/udp # oracle rap-service 1530/tcp # rap-service 1530/udp # rap-listen 1531/tcp # rap-listen 1531/udp # miroconnect 1532/tcp # miroconnect 1532/udp # virtual-places 1533/tcp # Virtual Places Software virtual-places 1533/udp # Virtual Places Software micromuse-lm 1534/tcp # micromuse-lm 1534/udp # ampr-info 1535/tcp # ampr-info 1535/udp # ampr-inter 1536/tcp # ampr-inter 1536/udp # sdsc-lm 1537/tcp # sdsc-lm 1537/udp # 3ds-lm 1538/tcp # 3ds-lm 1538/udp # intellistor-lm 1539/tcp # Intellistor License Manager intellistor-lm 1539/udp # Intellistor License Manager rds 1540/tcp # rds 1540/udp # rds2 1541/tcp # rds2 1541/udp # gridgen-elmd 1542/tcp # gridgen-elmd 1542/udp # simba-cs 1543/tcp # simba-cs 1543/udp # aspeclmd 1544/tcp # aspeclmd 1544/udp # vistium-share 1545/tcp # vistium-share 1545/udp # abbaccuray 1546/tcp # abbaccuray 1546/udp # laplink 1547/tcp # laplink 1547/udp # axon-lm 1548/tcp # Axon License Manager axon-lm 1548/udp # Axon License Manager shivahose 1549/tcp # Shiva Hose shivasound 1549/udp # Shiva Sound 3m-image-lm 1550/tcp # Image Storage license manager 3M Company 3m-image-lm 1550/udp # Image Storage license manager 3M Company hecmtl-db 1551/tcp # hecmtl-db 1551/udp # pciarray 1552/tcp # pciarray 1552/udp # issd 1600/tcp # issd 1600/udp # radius 1645/udp # radius authentication radacct 1646/udp # radius accounting nkd 1650/tcp # nkd 1650/udp # shiva_confsrvr 1651/tcp # shiva_confsrvr 1651/udp # xnmp 1652/tcp # xnmp 1652/udp # netview-aix-1 1661/tcp # netview-aix-1 1661/udp # netview-aix-2 1662/tcp # netview-aix-2 1662/udp # netview-aix-3 1663/tcp # netview-aix-3 1663/udp # netview-aix-4 1664/tcp # netview-aix-4 1664/udp # netview-aix-5 1665/tcp # netview-aix-5 1665/udp # netview-aix-6 1666/tcp # netview-aix-6 1666/udp # netview-aix-7 1667/tcp # netview-aix-7 1667/udp # netview-aix-8 1668/tcp # netview-aix-8 1668/udp # netview-aix-9 1669/tcp # netview-aix-9 1669/udp # netview-aix-10 1670/tcp # netview-aix-10 1670/udp # netview-aix-11 1671/tcp # netview-aix-11 1671/udp # netview-aix-12 1672/tcp # netview-aix-12 1672/udp # pptp 1723/tcp # Point-to-point tunnelling protocol radius 1812/udp # RADIUS authentication protocol (RFC 2138) radacct 1813/udp # RADIUS accounting protocol (RFC 2139) pcm 1827/tcp # PCM Agent (AutoSecure Policy Compliance Manager licensedaemon 1986/tcp # cisco license management licensedaemon 1986/udp # cisco license management tr-rsrb-p1 1987/tcp # cisco RSRB Priority 1 port tr-rsrb-p1 1987/udp # cisco RSRB Priority 1 port tr-rsrb-p2 1988/tcp # cisco RSRB Priority 2 port tr-rsrb-p2 1988/udp # cisco RSRB Priority 2 port tr-rsrb-p3 1989/tcp # cisco RSRB Priority 3 port tr-rsrb-p3 1989/udp # cisco RSRB Priority 3 port stun-p1 1990/tcp # cisco STUN Priority 1 port stun-p1 1990/udp # cisco STUN Priority 1 port stun-p2 1991/tcp # cisco STUN Priority 2 port stun-p2 1991/udp # cisco STUN Priority 2 port stun-p3 1992/tcp # cisco STUN Priority 3 port stun-p3 1992/udp # cisco STUN Priority 3 port snmp-tcp-port 1993/tcp # cisco SNMP TCP port snmp-tcp-port 1993/udp # cisco SNMP TCP port stun-port 1994/tcp # cisco serial tunnel port stun-port 1994/udp # cisco serial tunnel port perf-port 1995/tcp # cisco perf port perf-port 1995/udp # cisco perf port tr-rsrb-port 1996/tcp # cisco Remote SRB port tr-rsrb-port 1996/udp # cisco Remote SRB port gdp-port 1997/tcp # cisco Gateway Discovery Protocol gdp-port 1997/udp # cisco Gateway Discovery Protocol x25-svc-port 1998/tcp # cisco X.25 service (XOT) x25-svc-port 1998/udp # cisco X.25 service (XOT) tcp-id-port 1999/tcp # cisco identification port tcp-id-port 1999/udp # cisco identification port callbook 2000/tcp # callbook 2000/udp # dc 2001/tcp # or nfr20 web queries wizard 2001/udp # curry globe 2002/tcp # globe 2002/udp # cfingerd 2003/tcp # GNU finger mailbox 2004/tcp # emce 2004/udp # CCWS mm conf deslogin 2005/tcp # encrypted symmetric telnet/login oracle 2005/udp # invokator 2006/tcp # raid-cc 2006/udp # raid dectalk 2007/tcp # raid-am 2007/udp # conf 2008/tcp # terminaldb 2008/udp # news 2009/tcp # whosockami 2009/udp # search 2010/tcp # Or nfr411 pipe_server 2010/udp # raid-cc 2011/tcp # raid servserv 2011/udp # ttyinfo 2012/tcp # raid-ac 2012/udp # raid-am 2013/tcp # raid-cd 2013/udp # troff 2014/tcp # raid-sf 2014/udp # cypress 2015/tcp # raid-cs 2015/udp # bootserver 2016/tcp # bootserver 2016/udp # cypress-stat 2017/tcp # bootclient 2017/udp # terminaldb 2018/tcp # rellpack 2018/udp # whosockami 2019/tcp # about 2019/udp # xinupageserver 2020/tcp # xinupageserver 2020/udp # servexec 2021/tcp # xinuexpansion1 2021/udp # down 2022/tcp # xinuexpansion2 2022/udp # xinuexpansion3 2023/tcp # xinuexpansion3 2023/udp # xinuexpansion4 2024/tcp # xinuexpansion4 2024/udp # ellpack 2025/tcp # xribs 2025/udp # scrabble 2026/tcp # scrabble 2026/udp # shadowserver 2027/tcp # shadowserver 2027/udp # submitserver 2028/tcp # submitserver 2028/udp # device2 2030/tcp # device2 2030/udp # blackboard 2032/tcp # blackboard 2032/udp # glogger 2033/tcp # glogger 2033/udp # scoremgr 2034/tcp # scoremgr 2034/udp # imsldoc 2035/tcp # imsldoc 2035/udp # objectmanager 2038/tcp # objectmanager 2038/udp # lam 2040/tcp # lam 2040/udp # interbase 2041/tcp # interbase 2041/udp # isis 2042/tcp # isis 2042/udp # isis-bcast 2043/tcp # isis-bcast 2043/udp # rimsl 2044/tcp # rimsl 2044/udp # cdfunc 2045/tcp # cdfunc 2045/udp # sdfunc 2046/tcp # sdfunc 2046/udp # dls 2047/tcp # dls 2047/udp # dls-monitor 2048/tcp # dls-monitor 2048/udp # nfs 2049/tcp # networked file system nfs 2049/udp # networked file system distrib-net-losers 2064/tcp # A group of lamers working on a silly closed-source client for solving the RSA cryptographic challenge. This is the keyblock proxy port. dlsrpn 2065/tcp # Data Link Switch Read Port Number dlsrpn 2065/udp # Data Link Switch Read Port Number dlswpn 2067/tcp # Data Link Switch Write Port Number dlswpn 2067/udp # Data Link Switch Write Port Number zephyr-clt 2103/udp # Zephyr serv-hm connection zephyr-hm 2104/udp # Zephyr hostmanager eklogin 2105/tcp # Kerberos (v4) encrypted rlogin eklogin 2105/udp # Kerberos (v4) encrypted rlogin ekshell 2106/tcp # Kerberos (v4) encrypted rshell ekshell 2106/udp # Kerberos (v4) encrypted rshell rkinit 2108/tcp # Kerberos (v4) remote initialization rkinit 2108/udp # Kerberos (v4) remote initialization kx 2111/tcp # X over kerberos kip 2112/tcp # IP over kerberos kauth 2120/tcp # Remote kauth ats 2201/tcp # Advanced Training System Program ats 2201/udp # Advanced Training System Program ivs-video 2232/tcp # IVS Video default ivs-video 2232/udp # IVS Video default ivsd 2241/tcp # IVS Daemon ivsd 2241/udp # IVS Daemon compaqdiag 2301/tcp # Compaq remote diagnostic/management pehelp 2307/tcp # pehelp 2307/udp # cvspserver 2401/tcp # CVS network server cvspserver 2401/udp # CVS network server venus 2430/tcp # venus 2430/udp # venus-se 2431/tcp # venus-se 2431/udp # codasrv 2432/tcp # codasrv 2432/udp # codasrv-se 2433/tcp # codasrv-se 2433/udp # rtsserv 2500/tcp # Resource Tracking system server rtsserv 2500/udp # Resource Tracking system server rtsclient 2501/tcp # Resource Tracking system client rtsclient 2501/udp # Resource Tracking system client hp-3000-telnet 2564/tcp # HP 3000 NS/VT block mode telnet zebrasrv 2600/tcp # zebra service zebra 2601/tcp # zebra vty ripd 2602/tcp # RIPd vty ripngd 2603/tcp # RIPngd vty ospfd 2604/tcp # OSPFd vty bgpd 2605/tcp # BGPd vty webster 2627/tcp # Network dictionary webster 2627/udp # sybase 2638/tcp # Sybase database listen 2766/tcp # System V listener port www-dev 2784/tcp # world wide web - development www-dev 2784/udp # world wide web - development iss-realsec 2998/tcp # ISS RealSecure IDS Remote Console Admin port ppp 3000/tcp # User-level ppp daemon nessusd 3001/tcp # Nessus Security Scanner (www.nessus.org) Daemon deslogin 3005/tcp # encrypted symmetric telnet/login deslogind 3006/tcp # cfs 3049/tcp # cryptographic file system (nfs) (proposed) cfs 3049/udp # cryptographic file system (nfs) distrib-net-proxy 3064/tcp # Stupid closed source distributed.net project proxy port sj3 3086/tcp # SJ3 (kanji input) squid-http 3128/tcp # squid-ipc 3130/udp # vmodem 3141/tcp # vmodem 3141/udp # ccmail 3264/tcp # cc:mail/lotus ccmail 3264/udp # cc:mail/lotus mysql 3306/tcp # mySQL dec-notes 3333/tcp # DEC Notes dec-notes 3333/udp # DEC Notes msrdp 3389/tcp # Micro$oft Remote Display Protocol bmap 3421/tcp # Bull Apprise portmapper bmap 3421/udp # Bull Apprise portmapper prsvp 3455/tcp # RSVP Port prsvp 3455/udp # RSVP Port vat 3456/tcp # VAT default data vat 3456/udp # VAT default data vat-control 3457/tcp # VAT default control vat-control 3457/udp # VAT default control track 3462/tcp # software distribution udt_os 3900/tcp # Unidata UDT OS udt_os 3900/udp # Unidata UDT OS mapper-nodemgr 3984/tcp # MAPPER network node manager mapper-nodemgr 3984/udp # MAPPER network node manager mapper-mapethd 3985/tcp # MAPPER TCP/IP server mapper-mapethd 3985/udp # MAPPER TCP/IP server mapper-ws_ethd 3986/tcp # MAPPER workstation server mapper-ws_ethd 3986/udp # MAPPER workstation server netcheque 4008/tcp # NetCheque accounting netcheque 4008/udp # NetCheque accounting lockd 4045/tcp # lockd 4045/udp # NFS lock daemon/manager nuts_dem 4132/tcp # NUTS Daemon nuts_dem 4132/udp # NUTS Daemon nuts_bootp 4133/tcp # NUTS Bootp Server nuts_bootp 4133/udp # NUTS Bootp Server wincim 4144/tcp # pc windows compuserve.com protocol rwhois 4321/tcp # Remote Who Is rwhois 4321/udp # Remote Who Is msql 4333/tcp # mini-sql server unicall 4343/tcp # unicall 4343/udp # krb524 4444/tcp # Kerberos 5 to 4 ticket xlator krb524 4444/udp # sae-urn 4500/tcp # sae-urn 4500/udp # fax 4557/tcp # FlexFax FAX transmission service hylafax 4559/tcp # HylaFAX client-server protocol rfa 4672/tcp # remote file access server rfa 4672/udp # remote file access server fics 5000/tcp # Free Internet Chess Server commplex-main 5000/udp # commplex-link 5001/tcp # commplex-link 5001/udp # rfe 5002/tcp # Radio Free Ethernet rfe 5002/udp # Radio Free Ethernet telelpathstart 5010/tcp # telelpathstart 5010/udp # telelpathattack 5011/tcp # telelpathattack 5011/udp # mmcc 5050/tcp # multimedia conference control tool mmcc 5050/udp # multimedia conference control tool rmonitor_secure 5145/tcp # rmonitor_secure 5145/udp # aol 5190/tcp # America-Online aol 5190/udp # America-Online aol-1 5191/tcp # AmericaOnline1 aol-1 5191/udp # AmericaOnline1 aol-2 5192/tcp # AmericaOnline2 aol-2 5192/udp # AmericaOnline2 aol-3 5193/tcp # AmericaOnline3 aol-3 5193/udp # AmericaOnline3 sgi-dgl 5232/tcp # SGI Distributed Graphics padl2sim 5236/tcp # padl2sim 5236/udp # hacl-hb 5300/tcp # HA cluster heartbeat hacl-hb 5300/udp # HA cluster heartbeat hacl-gs 5301/tcp # HA cluster general services hacl-gs 5301/udp # HA cluster general services hacl-cfg 5302/tcp # HA cluster configuration hacl-cfg 5302/udp # HA cluster configuration hacl-probe 5303/tcp # HA cluster probing hacl-probe 5303/udp # HA cluster probing hacl-local 5304/tcp # hacl-local 5304/udp # hacl-test 5305/tcp # hacl-test 5305/udp # cfengine 5308/tcp # cfengine 5308/udp # pcduo-old 5400/tcp # RemCon PC-Duo - old port pcduo 5405/tcp # RemCon PC-Duo - new port postgres 5432/tcp # postgres database server securid 5500/udp # SecurID secureidprop 5510/tcp # ACE/Server services sdlog 5520/tcp # ACE/Server services sdserv 5530/tcp # ACE/Server services sdreport 5540/tcp # ACE/Server services sdxauthd 5540/udp # ACE/Server services sdadmind 5550/tcp # ACE/Server services rplay 5555/udp # pcanywheredata 5631/tcp # pcanywherestat 5632/tcp # pcanywherestat 5632/udp # canna 5680/tcp # Canna (Japanese Input) proshareaudio 5713/tcp # proshare conf audio proshareaudio 5713/udp # proshare conf audio prosharevideo 5714/tcp # proshare conf video prosharevideo 5714/udp # proshare conf video prosharedata 5715/tcp # proshare conf data prosharedata 5715/udp # proshare conf data prosharerequest 5716/tcp # proshare conf request prosharerequest 5716/udp # proshare conf request prosharenotify 5717/tcp # proshare conf notify prosharenotify 5717/udp # proshare conf notify vnc 5800/tcp vnc 5801/tcp vnc 5900/tcp # Virtual Network Computer vnc-1 5901/tcp # Virtual Network Computer Display :1 vnc-2 5902/tcp # Virtual Network Computer Display :2 ncd-pref-tcp 5977/tcp # NCD preferences tcp port ncd-diag-tcp 5978/tcp # NCD diagnostic tcp port ncd-conf-tcp 5979/tcp # NCD configuration tcp port ncd-pref 5997/tcp # NCD preferences telnet port ncd-diag 5998/tcp # NCD diagnostic telnet port ncd-conf 5999/tcp # NCD configuration telnet port X11 6000/tcp # X Window server X11:1 6001/tcp # X Window server X11:2 6002/tcp # X Window server X11:3 6003/tcp # X Window server X11:4 6004/tcp # X Window server X11:5 6005/tcp # X Window server X11:6 6006/tcp # X Window server X11:7 6007/tcp # X Window server X11:8 6008/tcp # X Window server X11:9 6009/tcp # X Window server arcserve 6050/tcp # ARCserve agent isdninfo 6105/tcp # isdninfo isdninfo 6106/tcp # i4lmond softcm 6110/tcp # HP SoftBench CM softcm 6110/udp # HP SoftBench CM spc 6111/tcp # HP SoftBench Sub-Process Control spc 6111/udp # HP SoftBench Sub-Process Control dtspc 6112/tcp # CDE subprocess control meta-corp 6141/tcp # Meta Corporation License Manager meta-corp 6141/udp # Meta Corporation License Manager aspentec-lm 6142/tcp # Aspen Technology License Manager aspentec-lm 6142/udp # Aspen Technology License Manager watershed-lm 6143/tcp # Watershed License Manager watershed-lm 6143/udp # Watershed License Manager statsci1-lm 6144/tcp # StatSci License Manager - 1 statsci1-lm 6144/udp # StatSci License Manager - 1 statsci2-lm 6145/tcp # StatSci License Manager - 2 statsci2-lm 6145/udp # StatSci License Manager - 2 lonewolf-lm 6146/tcp # Lone Wolf Systems License Manager lonewolf-lm 6146/udp # Lone Wolf Systems License Manager montage-lm 6147/tcp # Montage License Manager montage-lm 6147/udp # Montage License Manager ricardo-lm 6148/tcp # Ricardo North America License Manager ricardo-lm 6148/udp # Ricardo North America License Manager netop-rc 6502/tcp # NetOp Remote Control (by Danware Data A/S) netop-rc 6502/udp # NetOp Remote Control (by Danware Data A/S) xdsxdm 6558/tcp # xdsxdm 6558/udp # irc-serv 6666/tcp # internet relay chat server irc 6667/tcp # Internet Relay Chat irc 6668/tcp # Internet Relay Chat acmsoda 6969/tcp # acmsoda 6969/udp # napster 6699/tcp # Napster File (MP3) sharing software afs3-fileserver 7000/tcp # file server itself, msdos afs3-fileserver 7000/udp # file server itself afs3-callback 7001/tcp # callbacks to cache managers afs3-callback 7001/udp # callbacks to cache managers afs3-prserver 7002/tcp # users & groups database afs3-prserver 7002/udp # users & groups database afs3-vlserver 7003/tcp # volume location database afs3-vlserver 7003/udp # volume location database afs3-kaserver 7004/tcp # AFS/Kerberos authentication service afs3-kaserver 7004/udp # AFS/Kerberos authentication service afs3-volser 7005/tcp # volume managment server afs3-volser 7005/udp # volume managment server afs3-errors 7006/tcp # error interpretation service afs3-errors 7006/udp # error interpretation service afs3-bos 7007/tcp # basic overseer process afs3-bos 7007/udp # basic overseer process afs3-update 7008/tcp # server-to-server updater afs3-update 7008/udp # server-to-server updater afs3-rmtsys 7009/tcp # remote cache manager service afs3-rmtsys 7009/udp # remote cache manager service ups-onlinet 7010/tcp # onlinet uninterruptable power supplies ups-onlinet 7010/udp # onlinet uninterruptable power supplies font-service 7100/tcp # X Font Service font-service 7100/udp # X Font Service fodms 7200/tcp # FODMS FLIP fodms 7200/udp # FODMS FLIP dlip 7201/tcp # dlip 7201/udp # icb 7326/tcp # Internet Citizen's Band qaz 7597/tcp # Quaz trojan worm cucme-1 7648/udp # cucme live video/audio server cucme-2 7649/udp # cucme live video/audio server cucme-3 7650/udp # cucme live video/audio server cucme-4 7651/udp # cucme live video/audio server jserv 8007/tcp # Apache JServ module ajp13 8009/tcp # http-proxy 8080/tcp # Common HTTP proxy/second web server port blackice-icecap 8081/tcp # ICECap user console blackice-alerts 8082/tcp # BlackIce Alerts sent to this port sun-answerbook 8888/tcp # Sun Answerbook HTTP server seosload 8892/tcp # From the new Computer Associates eTrust ACX zeus-admin 9090/tcp # Zeus admin server jetdirect 9100/tcp # HP JetDirect card man 9535/tcp # man 9535/udp # sd 9876/tcp # Session Director sd 9876/udp # Session Director issa 9991/tcp # ISS System Scanner Agent issc 9992/tcp # ISS System Scanner Console stel 10005/tcp # Secure telnet amanda 10080/udp # Amanda Backup Util amandaidx 10082/tcp # Amanda indexing amidxtape 10083/tcp # Amanda tape indexing pksd 11371/tcp # PGP Public Key Server NetBus 12345/tcp # NetBus backdoor trojan NetBus 12346/tcp # NetBus backdoor trojan isode-dua 17007/tcp # isode-dua 17007/udp # biimenu 18000/tcp # Beckman Instruments, Inc. biimenu 18000/udp # Beckman Instruments, Inc. btx 20005/tcp # xcept4 (Interacts with German Telekom's CEPT videotext service) wnn6 22273/tcp # Wnn6 (Japanese input) wnn6_Cn 22289/tcp # Wnn6 (Chinese input) wnn6_Kr 22305/tcp # Wnn6 (Korean input) wnn6_Tw 22321/tcp # Wnn6 (Taiwanse input) hpnpd 22370/tcp # Hewlett-Packard Network Printer daemon hpnpd 22370/udp # Hewlett-Packard Network Printer daemon wnn6_DS 26208/tcp # Wnn6 (Dserver) Trinoo_Bcast 27444/udp # Trinoo distributed attack tool Master -> Bcast Daemon communication Trinoo_Master 27665/tcp # Trinoo distributed attack tool Master server control port Quake3Server 27960/udp # Quake 3 Arena Server Trinoo_Register 31335/udp # Trinoo distributed attack tool Bcast Daemon registration port BackOrifice 31337/udp # cDc Back Orifice remote admin tool Elite 31337/tcp # Sometimes interesting stuff can be found here sometimes-rpc3 32770/tcp # Sometimes an RPC port on my Solaris box sometimes-rpc4 32770/udp # Sometimes an RPC port on my Solaris box sometimes-rpc5 32771/tcp # Sometimes an RPC port on my Solaris box (rusersd) sometimes-rpc6 32771/udp # Sometimes an RPC port on my Solaris box (rusersd) sometimes-rpc7 32772/tcp # Sometimes an RPC port on my Solaris box (status) sometimes-rpc8 32772/udp # Sometimes an RPC port on my Solaris box (status) sometimes-rpc9 32773/tcp # Sometimes an RPC port on my Solaris box (rquotad) sometimes-rpc10 32773/udp # Sometimes an RPC port on my Solaris box (rquotad) sometimes-rpc11 32774/tcp # Sometimes an RPC port on my Solaris box (rusersd) sometimes-rpc12 32774/udp # Sometimes an RPC port on my Solaris box (rusersd) sometimes-rpc13 32775/tcp # Sometimes an RPC port on my Solaris box (status) sometimes-rpc14 32775/udp # Sometimes an RPC port on my Solaris box (status) sometimes-rpc15 32776/tcp # Sometimes an RPC port on my Solaris box (sprayd) sometimes-rpc16 32776/udp # Sometimes an RPC port on my Solaris box (sprayd) sometimes-rpc17 32777/tcp # Sometimes an RPC port on my Solaris box (walld) sometimes-rpc18 32777/udp # Sometimes an RPC port on my Solaris box (walld) sometimes-rpc19 32778/tcp # Sometimes an RPC port on my Solaris box (rstatd) sometimes-rpc20 32778/udp # Sometimes an RPC port on my Solaris box (rstatd) sometimes-rpc21 32779/tcp # Sometimes an RPC port on my Solaris box sometimes-rpc22 32779/udp # Sometimes an RPC port on my Solaris box sometimes-rpc23 32780/tcp # Sometimes an RPC port on my Solaris box sometimes-rpc24 32780/udp # Sometimes an RPC port on my Solaris box sometimes-rpc25 32786/tcp # Sometimes an RPC port (mountd) sometimes-rpc26 32786/udp # Sometimes an RPC port sometimes-rpc27 32787/tcp # Sometimes an RPC port dmispd (DMI Service Provider) sometimes-rpc28 32787/udp # Sometimes an RPC port sygatefw 39213/udp # Sygate Firewall management port version 3.0 build 521 and above reachout 43188/tcp coldfusion-auth 44442/tcp # ColdFusion Advanced Security/Siteminder Authentication Port (by Allaire/Netegrity) coldfusion-auth 44443/tcp # ColdFusion Advanced Security/Siteminder Authentication Port (by Allaire/Netegrity) ciscopop 45000/udp # Cisco Postoffice Protocol for Cisco Secure IDS dbbrowse 47557/tcp # Databeam Corporation dbbrowse 47557/udp # Databeam Corporation bo2k 54320/tcp # Back Orifice 2K Default Port bo2k 54321/udp # Back Orifice 2K Default Port pcanywhere 65301/tcp ��������������������������������������������������������mason-1.0.0.orig/portsdb-services�������������������������������������������������������������������0100644�0007657�0000764�00001312537�07467670714�015716� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������tcpmux 1/udp TCP Port Service Multiplexer tcpmux 1/tcp TCP Port Service Multiplexer compressnet 2/udp Management Utility compressnet 2/tcp Management Utility compressnet 3/udp Compression Process compressnet 3/tcp Compression Process rje 5/udp Remote Job Entry rje 5/tcp Remote Job Entry echo 7/udp Echo echo 7/tcp Echo discard 9/udp Discard discard 9/tcp Discard systat 11/udp Active Users systat 11/tcp Active Users daytime 13/udp Daytime (RFC 867) daytime 13/tcp Daytime (RFC 867) qotd 17/tcp Quote of the Day qotd 17/udp Quote of the Day msp 18/udp Message Send Protocol msp 18/tcp Message Send Protocol chargen 19/udp Character Generator chargen 19/tcp Character Generator ftp-data 20/tcp File Transfer [Default Data] ftp-data 20/udp File Transfer [Default Data] ftp 21/udp File Transfer [Control] ftp 21/tcp File Transfer [Control] # Fernando Montenegro audiogalaxy 21/tcp www.audiogalaxy.com ssh 22/udp SSH Remote Login Protocol ssh 22/tcp SSH Remote Login Protocol # Scott A. McIntyre pcanywhere 22/udp http://www.symantec.com telnet 23/udp Telnet telnet 23/tcp Telnet smtp 25/udp Simple Mail Transfer smtp 25/tcp Simple Mail Transfer nsw-fe 27/udp NSW User System FE nsw-fe 27/tcp NSW User System FE msg-icp 29/udp MSG ICP msg-icp 29/tcp MSG ICP msg-auth 31/udp MSG Authentication msg-auth 31/tcp MSG Authentication # Scott A. McIntyre masters-paradise 31/tcp dsp 33/tcp Display Support Protocol dsp 33/udp Display Support Protocol time 37/udp Time time 37/tcp Time rap 38/tcp Route Access Protocol rap 38/udp Route Access Protocol rlp 39/udp Resource Location Protocol rlp 39/tcp Resource Location Protocol graphics 41/udp Graphics graphics 41/tcp Graphics nameserver 42/udp Host Name Server nameserver 42/tcp Host Name Server name 42/udp Host Name Server name 42/tcp Host Name Server nicname 43/udp Who Is nicname 43/tcp Who Is # Rick Payne whois 43/tcp mpm-flags 44/udp MPM FLAGS Protocol mpm-flags 44/tcp MPM FLAGS Protocol mpm 45/udp Message Processing Module [recv] mpm 45/tcp Message Processing Module [recv] mpm-snd 46/udp MPM [default send] mpm-snd 46/tcp MPM [default send] ni-ftp 47/udp NI FTP ni-ftp 47/tcp NI FTP auditd 48/udp Digital Audit Daemon auditd 48/tcp Digital Audit Daemon tacacs 49/udp Login Host Protocol (TACACS) tacacs 49/tcp Login Host Protocol (TACACS) re-mail-ck 50/udp Remote Mail Checking Protocol re-mail-ck 50/tcp Remote Mail Checking Protocol la-maint 51/udp IMP Logical Address Maintenance la-maint 51/tcp IMP Logical Address Maintenance xns-time 52/udp XNS Time Protocol xns-time 52/tcp XNS Time Protocol domain 53/udp Domain Name Server domain 53/tcp Domain Name Server xns-ch 54/udp XNS Clearinghouse xns-ch 54/tcp XNS Clearinghouse isi-gl 55/udp ISI Graphics Language isi-gl 55/tcp ISI Graphics Language xns-auth 56/tcp XNS Authentication xns-auth 56/udp XNS Authentication xns-mail 58/udp XNS Mail xns-mail 58/tcp XNS Mail ni-mail 61/tcp NI MAIL ni-mail 61/udp NI MAIL acas 62/udp ACA Services acas 62/tcp ACA Services whois++ 63/udp whois++ whois++ 63/tcp whois++ covia 64/tcp Communications Integrator (CI) covia 64/udp Communications Integrator (CI) tacacs-ds 65/tcp TACACS-Database Service tacacs-ds 65/udp TACACS-Database Service sql*net 66/udp Oracle SQL*NET sql*net 66/tcp Oracle SQL*NET bootps 67/tcp Bootstrap Protocol Server bootps 67/udp Bootstrap Protocol Server bootpc 68/udp Bootstrap Protocol Client bootpc 68/tcp Bootstrap Protocol Client tftp 69/tcp Trivial File Transfer tftp 69/udp Trivial File Transfer gopher 70/udp Gopher gopher 70/tcp Gopher netrjs-1 71/udp Remote Job Service netrjs-1 71/tcp Remote Job Service netrjs-2 72/udp Remote Job Service netrjs-2 72/tcp Remote Job Service netrjs-3 73/udp Remote Job Service netrjs-3 73/tcp Remote Job Service netrjs-4 74/tcp Remote Job Service netrjs-4 74/udp Remote Job Service deos 76/tcp Distributed External Object Store deos 76/udp Distributed External Object Store vettcp 78/udp vettcp vettcp 78/tcp vettcp finger 79/udp Finger finger 79/tcp Finger www-http 80/udp World Wide Web HTTP www 80/tcp World Wide Web HTTP http 80/udp World Wide Web HTTP http 80/tcp World Wide Web HTTP www 80/udp World Wide Web HTTP www-http 80/tcp World Wide Web HTTP # Scott A. McIntyre nimda 80/tcp http://www.cert.org/advisories/CA-2001-26.html hosts2-ns 81/tcp HOSTS2 Name Server hosts2-ns 81/udp HOSTS2 Name Server xfer 82/udp XFER Utility xfer 82/tcp XFER Utility mit-ml-dev 83/udp MIT ML Device mit-ml-dev 83/tcp MIT ML Device ctf 84/udp Common Trace Facility ctf 84/tcp Common Trace Facility mit-ml-dev 85/tcp MIT ML Device mit-ml-dev 85/udp MIT ML Device mfcobol 86/tcp Micro Focus Cobol mfcobol 86/udp Micro Focus Cobol kerberos 88/udp Kerberos kerberos 88/tcp Kerberos su-mit-tg 89/udp SU/MIT Telnet Gateway su-mit-tg 89/tcp SU/MIT Telnet Gateway dnsix 90/udp DNSIX Securit Attribute Token Map dnsix 90/tcp DNSIX Securit Attribute Token Map mit-dov 91/udp MIT Dover Spooler mit-dov 91/tcp MIT Dover Spooler npp 92/udp Network Printing Protocol npp 92/tcp Network Printing Protocol dcp 93/udp Device Control Protocol dcp 93/tcp Device Control Protocol objcall 94/udp Tivoli Object Dispatcher objcall 94/tcp Tivoli Object Dispatcher supdup 95/tcp SUPDUP supdup 95/udp SUPDUP dixie 96/tcp DIXIE Protocol Specification dixie 96/udp DIXIE Protocol Specification swift-rvf 97/tcp Swift Remote Virtural File Protocol swift-rvf 97/udp Swift Remote Virtural File Protocol tacnews 98/udp TAC News tacnews 98/tcp TAC News # matt moore linuxconf 98/tcp www.linux.org metagram 99/udp Metagram Relay metagram 99/tcp Metagram Relay newacct 100/tcp [unauthorized use] hostname 101/udp NIC Host Name Server hostname 101/tcp NIC Host Name Server iso-tsap 102/udp ISO-TSAP Class 0 iso-tsap 102/tcp ISO-TSAP Class 0 gppitnp 103/udp Genesis Point-to-Point Trans Net gppitnp 103/tcp Genesis Point-to-Point Trans Net acr-nema 104/udp ACR-NEMA Digital Imag. & Comm. 300 acr-nema 104/tcp ACR-NEMA Digital Imag. & Comm. 300 csnet-ns 105/tcp Mailbox Name Nameserver cso 105/udp CCSO name server protocol csnet-ns 105/udp Mailbox Name Nameserver cso 105/tcp CCSO name server protocol 3com-tsmux 106/tcp 3COM-TSMUX 3com-tsmux 106/udp 3COM-TSMUX rtelnet 107/udp Remote Telnet Service rtelnet 107/tcp Remote Telnet Service snagas 108/udp SNA Gateway Access Server snagas 108/tcp SNA Gateway Access Server pop2 109/udp Post Office Protocol - Version 2 pop2 109/tcp Post Office Protocol - Version 2 pop3 110/udp Post Office Protocol - Version 3 pop3 110/tcp Post Office Protocol - Version 3 sunrpc 111/udp SUN Remote Procedure Call sunrpc 111/tcp SUN Remote Procedure Call mcidas 112/udp McIDAS Data Transmission Protocol mcidas 112/tcp McIDAS Data Transmission Protocol auth 113/udp Authentication Service auth 113/tcp Authentication Service ident 113/tcp audionews 114/udp Audio News Multicast audionews 114/tcp Audio News Multicast sftp 115/udp Simple File Transfer Protocol sftp 115/tcp Simple File Transfer Protocol ansanotify 116/udp ANSA REX Notify ansanotify 116/tcp ANSA REX Notify uucp-path 117/udp UUCP Path Service uucp-path 117/tcp UUCP Path Service sqlserv 118/tcp SQL Services sqlserv 118/udp SQL Services nntp 119/udp Network News Transfer Protocol nntp 119/tcp Network News Transfer Protocol cfdptkt 120/tcp CFDPTKT cfdptkt 120/udp CFDPTKT erpc 121/udp Encore Expedited Remote Pro.Call erpc 121/tcp Encore Expedited Remote Pro.Call smakynet 122/tcp SMAKYNET smakynet 122/udp SMAKYNET ntp 123/tcp Network Time Protocol ntp 123/udp Network Time Protocol ansatrader 124/udp ANSA REX Trader ansatrader 124/tcp ANSA REX Trader locus-map 125/tcp Locus PC-Interface Net Map Ser locus-map 125/udp Locus PC-Interface Net Map Ser nxedit 126/tcp NXEdit nxedit 126/udp NXEdit locus-con 127/udp Locus PC-Interface Conn Server locus-con 127/tcp Locus PC-Interface Conn Server gss-xlicen 128/tcp GSS X License Verification gss-xlicen 128/udp GSS X License Verification pwdgen 129/udp Password Generator Protocol pwdgen 129/tcp Password Generator Protocol cisco-fna 130/udp cisco FNATIVE cisco-fna 130/tcp cisco FNATIVE cisco-tna 131/udp cisco TNATIVE cisco-tna 131/tcp cisco TNATIVE cisco-sys 132/udp cisco SYSMAINT cisco-sys 132/tcp cisco SYSMAINT statsrv 133/udp Statistics Service statsrv 133/tcp Statistics Service ingres-net 134/udp INGRES-NET Service ingres-net 134/tcp INGRES-NET Service epmap 135/udp DCE endpoint resolution epmap 135/tcp DCE endpoint resolution profile 136/udp PROFILE Naming System profile 136/tcp PROFILE Naming System netbios-ns 137/tcp NETBIOS Name Service netbios-ns 137/udp NETBIOS Name Service netbios-dgm 138/udp NETBIOS Datagram Service netbios-dgm 138/tcp NETBIOS Datagram Service netbios-ssn 139/udp NETBIOS Session Service netbios-ssn 139/tcp NETBIOS Session Service emfis-data 140/tcp EMFIS Data Service emfis-data 140/udp EMFIS Data Service emfis-cntl 141/udp EMFIS Control Service emfis-cntl 141/tcp EMFIS Control Service bl-idm 142/tcp Britton-Lee IDM bl-idm 142/udp Britton-Lee IDM imap 143/tcp Internet Message Access Protocol imap 143/udp Internet Message Access Protocol uma 144/udp Universal Management Architecture uma 144/tcp Universal Management Architecture uaac 145/udp UAAC Protocol uaac 145/tcp UAAC Protocol iso-tp0 146/tcp ISO-IP0 iso-tp0 146/udp ISO-IP0 iso-ip 147/tcp ISO-IP iso-ip 147/udp ISO-IP jargon 148/udp Jargon jargon 148/tcp Jargon aed-512 149/tcp AED 512 Emulation Service aed-512 149/udp AED 512 Emulation Service sql-net 150/udp SQL-NET sql-net 150/tcp SQL-NET hems 151/tcp HEMS hems 151/udp HEMS bftp 152/udp Background File Transfer Program bftp 152/tcp Background File Transfer Program sgmp 153/udp SGMP sgmp 153/tcp SGMP netsc-prod 154/udp NETSC netsc-prod 154/tcp NETSC netsc-dev 155/udp NETSC netsc-dev 155/tcp NETSC sqlsrv 156/udp SQL Service sqlsrv 156/tcp SQL Service knet-cmp 157/tcp KNET/VM Command/Message Protocol knet-cmp 157/udp KNET/VM Command/Message Protocol pcmail-srv 158/udp PCMail Server pcmail-srv 158/tcp PCMail Server nss-routing 159/udp NSS-Routing nss-routing 159/tcp NSS-Routing sgmp-traps 160/tcp SGMP-TRAPS sgmp-traps 160/udp SGMP-TRAPS snmp 161/udp SNMP snmp 161/tcp SNMP snmptrap 162/tcp SNMPTRAP snmptrap 162/udp SNMPTRAP cmip-man 163/tcp CMIP/TCP Manager cmip-man 163/udp CMIP/TCP Manager cmip-agent 164/tcp CMIP/TCP Agent cmip-agent 164/udp CMIP/TCP Agent xns-courier 165/udp Xerox xns-courier 165/tcp Xerox s-net 166/tcp Sirius Systems s-net 166/udp Sirius Systems namp 167/tcp NAMP namp 167/udp NAMP rsvd 168/udp RSVD rsvd 168/tcp RSVD send 169/tcp SEND send 169/udp SEND print-srv 170/udp Network PostScript print-srv 170/tcp Network PostScript multiplex 171/udp Network Innovations Multiplex multiplex 171/tcp Network Innovations Multiplex cl/1 172/tcp Network Innovations CL/1 cl/1 172/udp Network Innovations CL/1 xyplex-mux 173/tcp Xyplex xyplex-mux 173/udp Xyplex mailq 174/tcp MAILQ mailq 174/udp MAILQ vmnet 175/udp VMNET vmnet 175/tcp VMNET genrad-mux 176/tcp GENRAD-MUX genrad-mux 176/udp GENRAD-MUX xdmcp 177/udp X Display Manager Control Protocol xdmcp 177/tcp X Display Manager Control Protocol nextstep 178/udp NextStep Window Server nextstep 178/tcp NextStep Window Server bgp 179/udp Border Gateway Protocol bgp 179/tcp Border Gateway Protocol ris 180/udp Intergraph ris 180/tcp Intergraph unify 181/tcp Unify unify 181/udp Unify audit 182/udp Unisys Audit SITP audit 182/tcp Unisys Audit SITP ocbinder 183/udp OCBinder ocbinder 183/tcp OCBinder ocserver 184/udp OCServer ocserver 184/tcp OCServer remote-kis 185/udp Remote-KIS remote-kis 185/tcp Remote-KIS kis 186/tcp KIS Protocol kis 186/udp KIS Protocol aci 187/udp Application Communication Interface aci 187/tcp Application Communication Interface mumps 188/tcp Plus Five's MUMPS mumps 188/udp Plus Five's MUMPS qft 189/udp Queued File Transport qft 189/tcp Queued File Transport gacp 190/tcp Gateway Access Control Protocol gacp 190/udp Gateway Access Control Protocol prospero 191/tcp Prospero Directory Service prospero 191/udp Prospero Directory Service osu-nms 192/tcp OSU Network Monitoring System osu-nms 192/udp OSU Network Monitoring System srmp 193/udp Spider Remote Monitoring Protocol srmp 193/tcp Spider Remote Monitoring Protocol irc 194/tcp Internet Relay Chat Protocol irc 194/udp Internet Relay Chat Protocol dn6-nlm-aud 195/tcp DNSIX Network Level Module Audit dn6-nlm-aud 195/udp DNSIX Network Level Module Audit dn6-smm-red 196/tcp DNSIX Session Mgt Module Audit Redir dn6-smm-red 196/udp DNSIX Session Mgt Module Audit Redir dls 197/udp Directory Location Service dls 197/tcp Directory Location Service dls-mon 198/tcp Directory Location Service Monitor dls-mon 198/udp Directory Location Service Monitor smux 199/udp SMUX smux 199/tcp SMUX src 200/udp IBM System Resource Controller src 200/tcp IBM System Resource Controller at-rtmp 201/udp AppleTalk Routing Maintenance at-rtmp 201/tcp AppleTalk Routing Maintenance at-nbp 202/udp AppleTalk Name Binding at-nbp 202/tcp AppleTalk Name Binding at-3 203/udp AppleTalk Unused at-3 203/tcp AppleTalk Unused at-echo 204/tcp AppleTalk Echo at-echo 204/udp AppleTalk Echo at-5 205/udp AppleTalk Unused at-5 205/tcp AppleTalk Unused at-zis 206/tcp AppleTalk Zone Information at-zis 206/udp AppleTalk Zone Information at-7 207/udp AppleTalk Unused at-7 207/tcp AppleTalk Unused at-8 208/tcp AppleTalk Unused at-8 208/udp AppleTalk Unused qmtp 209/udp The Quick Mail Transfer Protocol qmtp 209/tcp The Quick Mail Transfer Protocol z39.50 210/tcp ANSI Z39.50 z39.50 210/udp ANSI Z39.50 914c/g 211/tcp Texas Instruments 914C/G Terminal 914c/g 211/udp Texas Instruments 914C/G Terminal anet 212/tcp ATEXSSTR anet 212/udp ATEXSSTR ipx 213/tcp IPX ipx 213/udp IPX vmpwscs 214/udp VM PWSCS vmpwscs 214/tcp VM PWSCS softpc 215/tcp Insignia Solutions softpc 215/udp Insignia Solutions cailic 216/tcp Computer Associates Int'l License Server cailic 216/udp Computer Associates Int'l License Server dbase 217/udp dBASE Unix dbase 217/tcp dBASE Unix mpp 218/udp Netix Message Posting Protocol mpp 218/tcp Netix Message Posting Protocol uarps 219/udp Unisys ARPs uarps 219/tcp Unisys ARPs imap3 220/tcp Interactive Mail Access Protocol v3 imap3 220/udp Interactive Mail Access Protocol v3 fln-spx 221/tcp Berkeley rlogind with SPX auth fln-spx 221/udp Berkeley rlogind with SPX auth rsh-spx 222/udp Berkeley rshd with SPX auth rsh-spx 222/tcp Berkeley rshd with SPX auth cdc 223/tcp Certificate Distribution Center cdc 223/udp Certificate Distribution Center masqdialer 224/udp masqdialer masqdialer 224/tcp masqdialer direct 242/tcp Direct direct 242/udp Direct sur-meas 243/udp Survey Measurement sur-meas 243/tcp Survey Measurement inbusiness 244/udp inbusiness inbusiness 244/tcp inbusiness link 245/udp LINK link 245/tcp LINK dsp3270 246/udp Display Systems Protocol dsp3270 246/tcp Display Systems Protocol subntbcst_tftp 247/udp SUBNTBCST_TFTP subntbcst_tftp 247/tcp SUBNTBCST_TFTP bhfhs 248/udp bhfhs bhfhs 248/tcp bhfhs rap 256/tcp RAP rap 256/udp RAP # Alex Butcher fw1 256/tcp http://www.checkpoint.com/ # Kev Pearce fw1-sync 256/tcp set 257/tcp Secure Electronic Transaction set 257/udp Secure Electronic Transaction # Alex Butcher fw1_log 257/tcp http://www.checkpoint.com/ # Alex Butcher fw1_log 257/tcp http://www.checkpoint.com/ yak-chat 258/udp Yak Winsock Personal Chat yak-chat 258/tcp Yak Winsock Personal Chat # Alex Butcher fw1_mgmt 258/tcp http://www.checkpoint.com/ esro-gen 259/tcp Efficient Short Remote Operations esro-gen 259/udp Efficient Short Remote Operations # Alex Butcher rdp 259/udp http://www.checkpoint.com/ # Alex Butcher fw1_clntauth 259/tcp http://www.checkpoint.com/ openport 260/udp Openport openport 260/tcp Openport # Alex Butcher fw1_snmp 260/tcp http://www.checkpoint.com/ # Dave Hoggan fw1_snmp 260/udp nsiiops 261/udp IIOP Name Service over TLS/SSL nsiiops 261/tcp IIOP Name Service over TLS/SSL # Alex Butcher fw1_snauth 261/tcp http://www.checkpoint.com/ arcisdms 262/udp Arcisdms arcisdms 262/tcp Arcisdms hdap 263/tcp HDAP hdap 263/udp HDAP bgmp 264/tcp BGMP bgmp 264/udp BGMP x-bone-ctl 265/tcp X-Bone CTL x-bone-ctl 265/udp X-Bone CTL sst 266/udp SCSI on ST sst 266/tcp SCSI on ST td-service 267/udp Tobit David Service Layer td-service 267/tcp Tobit David Service Layer td-replica 268/tcp Tobit David Replica td-replica 268/udp Tobit David Replica http-mgmt 280/udp http-mgmt http-mgmt 280/tcp http-mgmt personal-link 281/tcp Personal Link personal-link 281/udp Personal Link cableport-ax 282/udp Cable Port A/X cableport-ax 282/tcp Cable Port A/X rescap 283/udp rescap rescap 283/tcp rescap corerjd 284/tcp corerjd corerjd 284/udp corerjd fxp-1 286/udp FXP-1 fxp-1 286/tcp FXP-1 k-block 287/udp K-BLOCK k-block 287/tcp K-BLOCK novastorbakcup 308/udp Novastor Backup novastorbakcup 308/tcp Novastor Backup entrusttime 309/udp EntrustTime entrusttime 309/tcp EntrustTime bhmds 310/udp bhmds bhmds 310/tcp bhmds asip-webadmin 311/udp AppleShare IP WebAdmin asip-webadmin 311/tcp AppleShare IP WebAdmin vslmp 312/tcp VSLMP vslmp 312/udp VSLMP magenta-logic 313/tcp Magenta Logic magenta-logic 313/udp Magenta Logic opalis-robot 314/tcp Opalis Robot opalis-robot 314/udp Opalis Robot dpsi 315/udp DPSI dpsi 315/tcp DPSI decauth 316/tcp decAuth decauth 316/udp decAuth zannet 317/tcp Zannet zannet 317/udp Zannet pkix-timestamp 318/tcp PKIX TimeStamp pkix-timestamp 318/udp PKIX TimeStamp ptp-event 319/tcp PTP Event ptp-event 319/udp PTP Event ptp-general 320/udp PTP General ptp-general 320/tcp PTP General pip 321/udp PIP pip 321/tcp PIP rtsps 322/tcp RTSPS rtsps 322/udp RTSPS texar 333/tcp Texar Security Port texar 333/udp Texar Security Port pdap 344/tcp Prospero Data Access Protocol pdap 344/udp Prospero Data Access Protocol pawserv 345/tcp Perf Analysis Workbench pawserv 345/udp Perf Analysis Workbench zserv 346/udp Zebra server zserv 346/tcp Zebra server fatserv 347/tcp Fatmen Server fatserv 347/udp Fatmen Server csi-sgwp 348/udp Cabletron Management Protocol csi-sgwp 348/tcp Cabletron Management Protocol mftp 349/udp mftp mftp 349/tcp mftp matip-type-a 350/udp MATIP Type A matip-type-a 350/tcp MATIP Type A bhoetty 351/udp bhoetty bhoetty 351/tcp bhoetty (added 5/21/97) matip-type-b 351/tcp MATIP Type B matip-type-b 351/udp MATIP Type B dtag-ste-sb 352/tcp DTAG (assigned long ago) bhoedap4 352/tcp bhoedap4 (added 5/21/97) dtag-ste-sb 352/udp DTAG bhoedap4 352/udp bhoedap4 ndsauth 353/tcp NDSAUTH ndsauth 353/udp NDSAUTH bh611 354/udp bh611 bh611 354/tcp bh611 datex-asn 355/udp DATEX-ASN datex-asn 355/tcp DATEX-ASN cloanto-net-1 356/tcp Cloanto Net 1 cloanto-net-1 356/udp Cloanto Net 1 bhevent 357/tcp bhevent bhevent 357/udp bhevent shrinkwrap 358/tcp Shrinkwrap shrinkwrap 358/udp Shrinkwrap nsrmp 359/udp Network Security Risk Management Protocol nsrmp 359/tcp Network Security Risk Management Protocol scoi2odialog 360/udp scoi2odialog scoi2odialog 360/tcp scoi2odialog semantix 361/udp Semantix semantix 361/tcp Semantix srssend 362/udp SRS Send srssend 362/tcp SRS Send rsvp_tunnel 363/udp RSVP Tunnel rsvp_tunnel 363/tcp RSVP Tunnel aurora-cmgr 364/tcp Aurora CMGR aurora-cmgr 364/udp Aurora CMGR dtk 365/tcp DTK dtk 365/udp DTK odmr 366/udp ODMR odmr 366/tcp ODMR mortgageware 367/udp MortgageWare mortgageware 367/tcp MortgageWare qbikgdp 368/udp QbikGDP qbikgdp 368/tcp QbikGDP rpc2portmap 369/udp rpc2portmap rpc2portmap 369/tcp rpc2portmap codaauth2 370/udp codaauth2 codaauth2 370/tcp codaauth2 clearcase 371/tcp Clearcase clearcase 371/udp Clearcase ulistproc 372/tcp ListProcessor ulistproc 372/udp ListProcessor legent-1 373/udp Legent Corporation legent-1 373/tcp Legent Corporation legent-2 374/tcp Legent Corporation legent-2 374/udp Legent Corporation hassle 375/udp Hassle hassle 375/tcp Hassle nip 376/udp Amiga Envoy Network Inquiry Proto nip 376/tcp Amiga Envoy Network Inquiry Proto tnetos 377/udp NEC Corporation tnetos 377/tcp NEC Corporation dsetos 378/tcp NEC Corporation dsetos 378/udp NEC Corporation is99c 379/tcp TIA/EIA/IS-99 modem client is99c 379/udp TIA/EIA/IS-99 modem client is99s 380/udp TIA/EIA/IS-99 modem server is99s 380/tcp TIA/EIA/IS-99 modem server hp-collector 381/tcp hp performance data collector hp-collector 381/udp hp performance data collector hp-managed-node 382/udp hp performance data managed node hp-managed-node 382/tcp hp performance data managed node hp-alarm-mgr 383/tcp hp performance data alarm manager hp-alarm-mgr 383/udp hp performance data alarm manager arns 384/udp A Remote Network Server System arns 384/tcp A Remote Network Server System ibm-app 385/tcp IBM Application ibm-app 385/udp IBM Application asa 386/udp ASA Message Router Object Def. asa 386/tcp ASA Message Router Object Def. aurp 387/tcp Appletalk Update-Based Routing Pro. aurp 387/udp Appletalk Update-Based Routing Pro. unidata-ldm 388/udp Unidata LDM unidata-ldm 388/tcp Unidata LDM ldap 389/tcp Lightweight Directory Access Protocol ldap 389/udp Lightweight Directory Access Protocol uis 390/tcp UIS uis 390/udp UIS synotics-relay 391/tcp SynOptics SNMP Relay Port synotics-relay 391/udp SynOptics SNMP Relay Port synotics-broker 392/udp SynOptics Port Broker Port synotics-broker 392/tcp SynOptics Port Broker Port meta5 393/tcp Meta5 meta5 393/udp Meta5 embl-ndt 394/udp EMBL Nucleic Data Transfer embl-ndt 394/tcp EMBL Nucleic Data Transfer netcp 395/udp NETscout Control Protocol netcp 395/tcp NETscout Control Protocol netware-ip 396/udp Novell Netware over IP netware-ip 396/tcp Novell Netware over IP mptn 397/tcp Multi Protocol Trans. Net. mptn 397/udp Multi Protocol Trans. Net. kryptolan 398/udp Kryptolan kryptolan 398/tcp Kryptolan iso-tsap-c2 399/tcp ISO Transport Class 2 Non-Control over TCP iso-tsap-c2 399/udp ISO Transport Class 2 Non-Control over TCP work-sol 400/udp Workstation Solutions work-sol 400/tcp Workstation Solutions ups 401/tcp Uninterruptible Power Supply ups 401/udp Uninterruptible Power Supply genie 402/udp Genie Protocol genie 402/tcp Genie Protocol decap 403/udp decap decap 403/tcp decap nced 404/tcp nced nced 404/udp nced ncld 405/udp ncld ncld 405/tcp ncld imsp 406/udp Interactive Mail Support Protocol imsp 406/tcp Interactive Mail Support Protocol timbuktu 407/udp Timbuktu timbuktu 407/tcp Timbuktu prm-sm 408/tcp Prospero Resource Manager Sys. Man. prm-sm 408/udp Prospero Resource Manager Sys. Man. prm-nm 409/tcp Prospero Resource Manager Node Man. prm-nm 409/udp Prospero Resource Manager Node Man. decladebug 410/udp DECLadebug Remote Debug Protocol decladebug 410/tcp DECLadebug Remote Debug Protocol rmt 411/udp Remote MT Protocol rmt 411/tcp Remote MT Protocol synoptics-trap 412/tcp Trap Convention Port synoptics-trap 412/udp Trap Convention Port # James Van Houten direct-connect-file-sharing 412/tcp http://www.neo-modus.com smsp 413/udp Storage Management Services Protocol smsp 413/tcp Storage Management Services Protocol infoseek 414/tcp InfoSeek infoseek 414/udp InfoSeek bnet 415/udp BNet bnet 415/tcp BNet silverplatter 416/udp Silverplatter silverplatter 416/tcp Silverplatter onmux 417/tcp Onmux onmux 417/udp Onmux hyper-g 418/udp Hyper-G hyper-g 418/tcp Hyper-G ariel1 419/udp Ariel ariel1 419/tcp Ariel smpte 420/udp SMPTE smpte 420/tcp SMPTE ariel2 421/tcp Ariel ariel2 421/udp Ariel ariel3 422/udp Ariel ariel3 422/tcp Ariel opc-job-start 423/udp IBM Operations Planning and Control Start opc-job-start 423/tcp IBM Operations Planning and Control Start opc-job-track 424/udp IBM Operations Planning and Control Track opc-job-track 424/tcp IBM Operations Planning and Control Track icad-el 425/udp ICAD icad-el 425/tcp ICAD smartsdp 426/udp smartsdp smartsdp 426/tcp smartsdp svrloc 427/tcp Server Location svrloc 427/udp Server Location ocs_cmu 428/tcp OCS_CMU ocs_cmu 428/udp OCS_CMU ocs_amu 429/udp OCS_AMU ocs_amu 429/tcp OCS_AMU utmpsd 430/udp UTMPSD utmpsd 430/tcp UTMPSD utmpcd 431/udp UTMPCD utmpcd 431/tcp UTMPCD iasd 432/udp IASD iasd 432/tcp IASD nnsp 433/tcp NNSP nnsp 433/udp NNSP mobileip-agent 434/tcp MobileIP-Agent mobileip-agent 434/udp MobileIP-Agent mobilip-mn 435/tcp MobilIP-MN mobilip-mn 435/udp MobilIP-MN dna-cml 436/udp DNA-CML dna-cml 436/tcp DNA-CML comscm 437/tcp comscm comscm 437/udp comscm dsfgw 438/udp dsfgw dsfgw 438/tcp dsfgw dasp 439/udp dasp tommy@inlab.m.eunet.de dasp 439/tcp dasp Thomas Obermair sgcp 440/udp sgcp sgcp 440/tcp sgcp decvms-sysmgt 441/tcp decvms-sysmgt decvms-sysmgt 441/udp decvms-sysmgt cvc_hostd 442/udp cvc_hostd cvc_hostd 442/tcp cvc_hostd https 443/udp http protocol over TLS/SSL https 443/tcp http protocol over TLS/SSL snpp 444/tcp Simple Network Paging Protocol snpp 444/udp Simple Network Paging Protocol microsoft-ds 445/tcp Microsoft-DS microsoft-ds 445/udp Microsoft-DS ddm-rdb 446/udp DDM-RDB ddm-rdb 446/tcp DDM-RDB ddm-dfm 447/udp DDM-RFM ddm-dfm 447/tcp DDM-RFM ddm-ssl 448/udp DDM-SSL ddm-ssl 448/tcp DDM-SSL as-servermap 449/tcp AS Server Mapper as-servermap 449/udp AS Server Mapper tserver 450/udp TServer tserver 450/tcp TServer sfs-smp-net 451/udp Cray Network Semaphore server sfs-smp-net 451/tcp Cray Network Semaphore server sfs-config 452/tcp Cray SFS config server sfs-config 452/udp Cray SFS config server creativeserver 453/tcp CreativeServer creativeserver 453/udp CreativeServer contentserver 454/tcp ContentServer contentserver 454/udp ContentServer creativepartnr 455/udp CreativePartnr creativepartnr 455/tcp CreativePartnr macon-tcp 456/tcp macon-tcp macon-udp 456/udp macon-udp # Scott A. McIntyre hackers-paradise 456/tcp scohelp 457/tcp scohelp scohelp 457/udp scohelp appleqtc 458/udp apple quick time appleqtc 458/tcp apple quick time ampr-rcmd 459/udp ampr-rcmd ampr-rcmd 459/tcp ampr-rcmd skronk 460/tcp skronk skronk 460/udp skronk datasurfsrv 461/udp DataRampSrv datasurfsrv 461/tcp DataRampSrv datasurfsrvsec 462/udp DataRampSrvSec datasurfsrvsec 462/tcp DataRampSrvSec alpes 463/tcp alpes alpes 463/udp alpes kpasswd 464/tcp kpasswd kpasswd 464/udp kpasswd urd 465/tcp URL Rendesvous Directory for SSM igmpv3lite 465/udp IGMP over UDP for SSM digital-vrc 466/udp digital-vrc digital-vrc 466/tcp digital-vrc mylex-mapd 467/tcp mylex-mapd mylex-mapd 467/udp mylex-mapd photuris 468/tcp proturis photuris 468/udp proturis rcp 469/tcp Radio Control Protocol rcp 469/udp Radio Control Protocol scx-proxy 470/udp scx-proxy scx-proxy 470/tcp scx-proxy mondex 471/udp Mondex mondex 471/tcp Mondex ljk-login 472/udp ljk-login ljk-login 472/tcp ljk-login hybrid-pop 473/udp hybrid-pop hybrid-pop 473/tcp hybrid-pop tn-tl-w2 474/udp tn-tl-w2 tn-tl-w1 474/tcp tn-tl-w1 tcpnethaspsrv 475/tcp tcpnethaspsrv tcpnethaspsrv 475/udp tcpnethaspsrv tn-tl-fd1 476/udp tn-tl-fd1 tn-tl-fd1 476/tcp tn-tl-fd1 ss7ns 477/tcp ss7ns ss7ns 477/udp ss7ns spsc 478/udp spsc spsc 478/tcp spsc iafserver 479/udp iafserver iafserver 479/tcp iafserver iafdbase 480/tcp iafdbase iafdbase 480/udp iafdbase ph 481/tcp Ph service ph 481/udp Ph service bgs-nsi 482/udp bgs-nsi bgs-nsi 482/tcp bgs-nsi ulpnet 483/tcp ulpnet ulpnet 483/udp ulpnet integra-sme 484/udp Integra Software Management Environment integra-sme 484/tcp Integra Software Management Environment powerburst 485/tcp Air Soft Power Burst powerburst 485/udp Air Soft Power Burst avian 486/udp avian avian 486/tcp avian saft 487/udp saft Simple Asynchronous File Transfer saft 487/tcp saft Simple Asynchronous File Transfer gss-http 488/udp gss-http gss-http 488/tcp gss-http nest-protocol 489/udp nest-protocol nest-protocol 489/tcp nest-protocol micom-pfs 490/udp micom-pfs micom-pfs 490/tcp micom-pfs go-login 491/tcp go-login go-login 491/udp go-login ticf-1 492/udp Transport Independent Convergence for FNA ticf-1 492/tcp Transport Independent Convergence for FNA ticf-2 493/tcp Transport Independent Convergence for FNA ticf-2 493/udp Transport Independent Convergence for FNA pov-ray 494/tcp POV-Ray pov-ray 494/udp POV-Ray intecourier 495/udp intecourier intecourier 495/tcp intecourier pim-rp-disc 496/udp PIM-RP-DISC pim-rp-disc 496/tcp PIM-RP-DISC dantz 497/udp dantz dantz 497/tcp dantz siam 498/udp siam siam 498/tcp siam iso-ill 499/tcp ISO ILL Protocol iso-ill 499/udp ISO ILL Protocol isakmp 500/udp isakmp isakmp 500/tcp isakmp stmf 501/tcp STMF stmf 501/udp STMF asa-appl-proto 502/udp asa-appl-proto asa-appl-proto 502/tcp asa-appl-proto intrinsa 503/udp Intrinsa intrinsa 503/tcp Intrinsa citadel 504/udp citadel citadel 504/tcp citadel mailbox-lm 505/udp mailbox-lm mailbox-lm 505/tcp mailbox-lm ohimsrv 506/udp ohimsrv ohimsrv 506/tcp ohimsrv crs 507/tcp crs crs 507/udp crs xvttp 508/tcp xvttp xvttp 508/udp xvttp snare 509/udp snare snare 509/tcp snare fcp 510/tcp FirstClass Protocol fcp 510/udp FirstClass Protocol passgo 511/udp PassGo passgo 511/tcp PassGo exec 512/tcp remote process execution; biff 512/udp used by mail system to notify users comsat 512/udp login 513/tcp remote login a la telnet; who 513/udp maintains data bases showing who's shell 514/tcp cmd syslog 514/udp printer 515/tcp spooler printer 515/udp spooler videotex 516/tcp videotex videotex 516/udp videotex talk 517/udp like tenex link, but across talk 517/tcp like tenex link, but across ntalk 518/udp ntalk 518/tcp utime 519/udp unixtime utime 519/tcp unixtime router 520/udp local routing process (on site); efs 520/tcp extended file name server ripng 521/udp ripng ripng 521/tcp ripng ulp 522/udp ULP ulp 522/tcp ULP ibm-db2 523/udp IBM-DB2 ibm-db2 523/tcp IBM-DB2 ncp 524/udp NCP ncp 524/tcp NCP timed 525/udp timeserver timed 525/tcp timeserver tempo 526/udp newdate tempo 526/tcp newdate stx 527/tcp Stock IXChange stx 527/udp Stock IXChange custix 528/tcp Customer IXChange custix 528/udp Customer IXChange irc-serv 529/udp IRC-SERV irc-serv 529/tcp IRC-SERV courier 530/tcp rpc courier 530/udp rpc conference 531/udp chat conference 531/tcp chat netnews 532/udp readnews netnews 532/tcp readnews netwall 533/tcp for emergency broadcasts netwall 533/udp for emergency broadcasts mm-admin 534/tcp MegaMedia Admin mm-admin 534/udp MegaMedia Admin iiop 535/udp iiop iiop 535/tcp iiop opalis-rdv 536/tcp opalis-rdv opalis-rdv 536/udp opalis-rdv nmsp 537/udp Networked Media Streaming Protocol nmsp 537/tcp Networked Media Streaming Protocol gdomap 538/udp gdomap gdomap 538/tcp gdomap apertus-ldp 539/udp Apertus Technologies Load Determination apertus-ldp 539/tcp Apertus Technologies Load Determination uucp 540/udp uucpd uucp 540/tcp uucpd uucp-rlogin 541/tcp uucp-rlogin uucp-rlogin 541/udp uucp-rlogin commerce 542/tcp commerce commerce 542/udp commerce klogin 543/udp klogin 543/tcp kshell 544/tcp krcmd kshell 544/udp krcmd appleqtcsrvr 545/tcp appleqtcsrvr appleqtcsrvr 545/udp appleqtcsrvr dhcpv6-client 546/tcp DHCPv6 Client dhcpv6-client 546/udp DHCPv6 Client dhcpv6-server 547/tcp DHCPv6 Server dhcpv6-server 547/udp DHCPv6 Server afpovertcp 548/udp AFP over TCP afpovertcp 548/tcp AFP over TCP idfp 549/tcp IDFP idfp 549/udp IDFP new-rwho 550/udp new-who new-rwho 550/tcp new-who cybercash 551/udp cybercash cybercash 551/tcp cybercash deviceshare 552/tcp deviceshare deviceshare 552/udp deviceshare pirp 553/udp pirp pirp 553/tcp pirp rtsp 554/udp Real Time Stream Control Protocol rtsp 554/tcp Real Time Stream Control Protocol dsf 555/tcp dsf 555/udp # Scott A. McIntyre phase-zero 555/udp # Scott A. McIntyre phase-zero 555/tcp remotefs 556/udp rfs server remotefs 556/tcp rfs server openvms-sysipc 557/udp openvms-sysipc openvms-sysipc 557/tcp openvms-sysipc sdnskmp 558/udp SDNSKMP sdnskmp 558/tcp SDNSKMP teedtap 559/udp TEEDTAP teedtap 559/tcp TEEDTAP rmonitor 560/udp rmonitord rmonitor 560/tcp rmonitord monitor 561/udp monitor 561/tcp chshell 562/tcp chcmd chshell 562/udp chcmd nntps 563/udp nntp protocol over TLS/SSL (was snntp) nntps 563/tcp nntp protocol over TLS/SSL (was snntp) 9pfs 564/udp plan 9 file service 9pfs 564/tcp plan 9 file service whoami 565/udp whoami whoami 565/tcp whoami streettalk 566/tcp streettalk streettalk 566/udp streettalk banyan-rpc 567/tcp banyan-rpc banyan-rpc 567/udp banyan-rpc ms-shuttle 568/udp microsoft shuttle ms-shuttle 568/tcp microsoft shuttle ms-rome 569/udp microsoft rome ms-rome 569/tcp microsoft rome meter 570/udp demon meter 570/tcp demon meter 571/tcp udemon meter 571/udp udemon sonar 572/udp sonar sonar 572/tcp sonar banyan-vip 573/udp banyan-vip banyan-vip 573/tcp banyan-vip ftp-agent 574/udp FTP Software Agent System ftp-agent 574/tcp FTP Software Agent System vemmi 575/udp VEMMI vemmi 575/tcp VEMMI ipcd 576/udp ipcd ipcd 576/tcp ipcd vnas 577/udp vnas vnas 577/tcp vnas ipdd 578/tcp ipdd ipdd 578/udp ipdd decbsrv 579/udp decbsrv decbsrv 579/tcp decbsrv sntp-heartbeat 580/udp SNTP HEARTBEAT sntp-heartbeat 580/tcp SNTP HEARTBEAT bdp 581/tcp Bundle Discovery Protocol bdp 581/udp Bundle Discovery Protocol scc-security 582/tcp SCC Security scc-security 582/udp SCC Security philips-vc 583/udp Philips Video-Conferencing philips-vc 583/tcp Philips Video-Conferencing keyserver 584/tcp Key Server keyserver 584/udp Key Server imap4-ssl 585/tcp IMAP4+SSL (use 993 instead) imap4-ssl 585/udp IMAP4+SSL (use 993 instead) password-chg 586/tcp Password Change password-chg 586/udp Password Change submission 587/tcp Submission submission 587/udp Submission cal 588/udp CAL cal 588/tcp CAL eyelink 589/udp EyeLink eyelink 589/tcp EyeLink tns-cml 590/tcp TNS CML tns-cml 590/udp TNS CML http-alt 591/tcp FileMaker, Inc. - HTTP Alternate (see Port 80) http-alt 591/udp FileMaker, Inc. - HTTP Alternate (see Port 80) eudora-set 592/tcp Eudora Set eudora-set 592/udp Eudora Set http-rpc-epmap 593/udp HTTP RPC Ep Map http-rpc-epmap 593/tcp HTTP RPC Ep Map tpip 594/udp TPIP tpip 594/tcp TPIP cab-protocol 595/udp CAB Protocol cab-protocol 595/tcp CAB Protocol smsd 596/udp SMSD smsd 596/tcp SMSD ptcnameservice 597/udp PTC Name Service ptcnameservice 597/tcp PTC Name Service sco-websrvrmg3 598/tcp SCO Web Server Manager 3 sco-websrvrmg3 598/udp SCO Web Server Manager 3 acp 599/udp Aeolon Core Protocol acp 599/tcp Aeolon Core Protocol ipcserver 600/tcp Sun IPC server ipcserver 600/udp Sun IPC server syslog-conn 601/tcp Reliable Syslog Service syslog-conn 601/udp Reliable Syslog Service soap-beep 605/udp SOAP over BEEP soap-beep 605/tcp SOAP over BEEP urm 606/tcp Cray Unified Resource Manager urm 606/udp Cray Unified Resource Manager nqs 607/udp nqs nqs 607/tcp nqs sift-uft 608/udp Sender-Initiated/Unsolicited File Transfer sift-uft 608/tcp Sender-Initiated/Unsolicited File Transfer npmp-trap 609/tcp npmp-trap npmp-trap 609/udp npmp-trap npmp-local 610/tcp npmp-local npmp-local 610/udp npmp-local npmp-gui 611/tcp npmp-gui npmp-gui 611/udp npmp-gui hmmp-ind 612/udp HMMP Indication hmmp-ind 612/tcp HMMP Indication hmmp-op 613/udp HMMP Operation hmmp-op 613/tcp HMMP Operation sshell 614/udp SSLshell sshell 614/tcp SSLshell sco-inetmgr 615/tcp Internet Configuration Manager sco-inetmgr 615/udp Internet Configuration Manager sco-sysmgr 616/udp SCO System Administration Server sco-sysmgr 616/tcp SCO System Administration Server sco-dtmgr 617/udp SCO Desktop Administration Server sco-dtmgr 617/tcp SCO Desktop Administration Server # Jason Beckers nlservd 617/tcp http://www.arkeia.com dei-icda 618/tcp DEI-ICDA dei-icda 618/udp DEI-ICDA compaq-evm 619/tcp Compaq EVM compaq-evm 619/udp Compaq EVM sco-websrvrmgr 620/udp SCO WebServer Manager sco-websrvrmgr 620/tcp SCO WebServer Manager escp-ip 621/tcp ESCP escp-ip 621/udp ESCP collaborator 622/udp Collaborator collaborator 622/tcp Collaborator aux_bus_shunt 623/tcp Aux Bus Shunt aux_bus_shunt 623/udp Aux Bus Shunt cryptoadmin 624/udp Crypto Admin cryptoadmin 624/tcp Crypto Admin dec_dlm 625/tcp DEC DLM dec_dlm 625/udp DEC DLM asia 626/tcp ASIA asia 626/udp ASIA passgo-tivoli 627/udp PassGo Tivoli passgo-tivoli 627/tcp PassGo Tivoli qmqp 628/udp QMQP qmqp 628/tcp QMQP 3com-amp3 629/udp 3Com AMP3 3com-amp3 629/tcp 3Com AMP3 rda 630/tcp RDA rda 630/udp RDA ipp 631/udp IPP (Internet Printing Protocol) ipp 631/tcp IPP (Internet Printing Protocol) bmpp 632/tcp bmpp bmpp 632/udp bmpp servstat 633/tcp Service Status update (Sterling Software) servstat 633/udp Service Status update (Sterling Software) ginad 634/tcp ginad ginad 634/udp ginad rlzdbase 635/udp RLZ DBase rlzdbase 635/tcp RLZ DBase # Scott A. McIntyre mountd 635/udp ldaps 636/udp ldap protocol over TLS/SSL (was sldap) ldaps 636/tcp ldap protocol over TLS/SSL (was sldap) lanserver 637/tcp lanserver lanserver 637/udp lanserver mcns-sec 638/udp mcns-sec mcns-sec 638/tcp mcns-sec msdp 639/tcp MSDP msdp 639/udp MSDP entrust-sps 640/udp entrust-sps entrust-sps 640/tcp entrust-sps repcmd 641/udp repcmd repcmd 641/tcp repcmd # Scott Craig tgcmd 641/tcp http://www.support.com esro-emsdp 642/tcp ESRO-EMSDP V1.3 esro-emsdp 642/udp ESRO-EMSDP V1.3 sanity 643/udp SANity sanity 643/tcp SANity dwr 644/udp dwr dwr 644/tcp dwr pssc 645/udp PSSC pssc 645/tcp PSSC ldp 646/udp LDP ldp 646/tcp LDP dhcp-failover 647/udp DHCP Failover dhcp-failover 647/tcp DHCP Failover rrp 648/tcp Registry Registrar Protocol (RRP) rrp 648/udp Registry Registrar Protocol (RRP) aminet 649/udp Aminet aminet 649/tcp Aminet obex 650/tcp OBEX obex 650/udp OBEX ieee-mms 651/udp IEEE MMS ieee-mms 651/tcp IEEE MMS hello-port 652/udp HELLO_PORT hello-port 652/tcp HELLO_PORT repscmd 653/tcp RepCmd repscmd 653/udp RepCmd # Scott Craig tgcmd 653/tcp http://www.support.com aodv 654/udp AODV aodv 654/tcp AODV tinc 655/udp TINC tinc 655/tcp TINC spmp 656/udp SPMP spmp 656/tcp SPMP rmc 657/udp RMC rmc 657/tcp RMC tenfold 658/udp TenFold tenfold 658/tcp TenFold mac-srvr-admin 660/udp MacOS Server Admin mac-srvr-admin 660/tcp MacOS Server Admin hap 661/udp HAP hap 661/tcp HAP pftp 662/udp PFTP pftp 662/tcp PFTP purenoise 663/udp PureNoise purenoise 663/tcp PureNoise secure-aux-bus 664/tcp Secure Aux Bus secure-aux-bus 664/udp Secure Aux Bus sun-dr 665/udp Sun DR sun-dr 665/tcp Sun DR doom 666/tcp doom Id Software doom 666/udp doom Id Software mdqs 666/udp mdqs 666/tcp # Scott A. McIntyre satanz 666/udp disclose 667/udp campaign contribution disclosures - SDR Technologi disclose 667/tcp campaign contribution disclosures - SDR Technologi mecomm 668/tcp MeComm mecomm 668/udp MeComm meregister 669/tcp MeRegister meregister 669/udp MeRegister vacdsm-sws 670/udp VACDSM-SWS vacdsm-sws 670/tcp VACDSM-SWS vacdsm-app 671/tcp VACDSM-APP vacdsm-app 671/udp VACDSM-APP vpps-qua 672/udp VPPS-QUA vpps-qua 672/tcp VPPS-QUA cimplex 673/udp CIMPLEX cimplex 673/tcp CIMPLEX acap 674/udp ACAP acap 674/tcp ACAP dctp 675/udp DCTP dctp 675/tcp DCTP vpps-via 676/udp VPPS Via vpps-via 676/tcp VPPS Via vpp 677/udp Virtual Presence Protocol vpp 677/tcp Virtual Presence Protocol ggf-ncp 678/tcp GNU Generation Foundation NCP ggf-ncp 678/udp GNU Generation Foundation NCP mrm 679/udp MRM mrm 679/tcp MRM entrust-aaas 680/udp entrust-aaas entrust-aaas 680/tcp entrust-aaas entrust-aams 681/udp entrust-aams entrust-aams 681/tcp entrust-aams xfr 682/udp XFR xfr 682/tcp XFR corba-iiop 683/udp CORBA IIOP corba-iiop 683/tcp CORBA IIOP corba-iiop-ssl 684/udp CORBA IIOP SSL corba-iiop-ssl 684/tcp CORBA IIOP SSL mdc-portmapper 685/tcp MDC Port Mapper mdc-portmapper 685/udp MDC Port Mapper hcp-wismar 686/tcp Hardware Control Protocol Wismar hcp-wismar 686/udp Hardware Control Protocol Wismar asipregistry 687/tcp asipregistry asipregistry 687/udp asipregistry realm-rusd 688/tcp REALM-RUSD realm-rusd 688/udp REALM-RUSD nmap 689/udp NMAP nmap 689/tcp NMAP vatp 690/tcp VATP vatp 690/udp VATP msexch-routing 691/udp MS Exchange Routing msexch-routing 691/tcp MS Exchange Routing hyperwave-isp 692/udp Hyperwave-ISP hyperwave-isp 692/tcp Hyperwave-ISP connendp 693/udp connendp connendp 693/tcp connendp ha-cluster 694/tcp ha-cluster ha-cluster 694/udp ha-cluster ieee-mms-ssl 695/udp IEEE-MMS-SSL ieee-mms-ssl 695/tcp IEEE-MMS-SSL rushd 696/udp RUSHD rushd 696/tcp RUSHD uuidgen 697/udp UUIDGEN uuidgen 697/tcp UUIDGEN olsr 698/udp OLSR olsr 698/tcp OLSR accessnetwork 699/tcp Access Network accessnetwork 699/udp Access Network # Philipp Snizek miracle-help-desk-port 702/udp # Philipp Snizek miracle-help-desk-port 702/udp elcsd 704/tcp errlog copy/server daemon elcsd 704/udp errlog copy/server daemon agentx 705/tcp AgentX agentx 705/udp AgentX silc 706/udp SILC silc 706/tcp SILC borland-dsj 707/udp Borland DSJ borland-dsj 707/tcp Borland DSJ entrust-kmsh 709/tcp Entrust Key Management Service Handler entrust-kmsh 709/udp Entrust Key Management Service Handler entrust-ash 710/udp Entrust Administration Service Handler entrust-ash 710/tcp Entrust Administration Service Handler cisco-tdp 711/tcp Cisco TDP cisco-tdp 711/udp Cisco TDP netviewdm1 729/tcp IBM NetView DM/6000 Server/Client netviewdm1 729/udp IBM NetView DM/6000 Server/Client netviewdm2 730/tcp IBM NetView DM/6000 send/tcp netviewdm2 730/udp IBM NetView DM/6000 send/tcp netviewdm3 731/udp IBM NetView DM/6000 receive/tcp netviewdm3 731/tcp IBM NetView DM/6000 receive/tcp netgw 741/tcp netGW netgw 741/udp netGW netrcs 742/tcp Network based Rev. Cont. Sys. netrcs 742/udp Network based Rev. Cont. Sys. flexlm 744/udp Flexible License Manager flexlm 744/tcp Flexible License Manager fujitsu-dev 747/tcp Fujitsu Device Control fujitsu-dev 747/udp Fujitsu Device Control ris-cm 748/udp Russell Info Sci Calendar Manager ris-cm 748/tcp Russell Info Sci Calendar Manager kerberos-adm 749/udp kerberos administration kerberos-adm 749/tcp kerberos administration loadav 750/udp rfile 750/tcp kerberos-iv 750/udp kerberos version iv pump 751/udp pump 751/tcp qrh 752/udp qrh 752/tcp rrh 753/tcp rrh 753/udp tell 754/tcp send tell 754/udp send nlogin 758/udp nlogin 758/tcp con 759/udp con 759/tcp ns 760/udp ns 760/tcp rxe 761/tcp rxe 761/udp quotad 762/udp quotad 762/tcp cycleserv 763/udp cycleserv 763/tcp omserv 764/udp omserv 764/tcp webster 765/udp webster 765/tcp phonebook 767/tcp phone phonebook 767/udp phone vid 769/tcp vid 769/udp cadlock 770/udp cadlock 770/tcp rtip 771/udp rtip 771/tcp cycleserv2 772/tcp cycleserv2 772/udp notify 773/udp submit 773/tcp acmaint_dbd 774/udp rpasswd 774/tcp entomb 775/tcp acmaint_transd 775/udp wpages 776/tcp wpages 776/udp multiling-http 777/udp Multiling HTTP multiling-http 777/tcp Multiling HTTP # Scott A. McIntyre aimspy 777/tcp wpgs 780/udp wpgs 780/tcp # Ian McEwan conserver 782/tcp http://www.gnac.com/consoles/ qsc 787/udp QSC qsc 787/tcp QSC mdbs_daemon 800/udp mdbs_daemon 800/tcp device 801/udp device 801/tcp # Rick Payne omirr 808/tcp ftp://ftp.isa.de/pub/home/luik/ # Rick Payne omirr 808/udp ftp://ftp.isa.de/pub/home/luik/ fcp-udp 810/udp FCP Datagram fcp-udp 810/tcp FCP itm-mcell-s 828/tcp itm-mcell-s itm-mcell-s 828/udp itm-mcell-s pkix-3-ca-ra 829/udp PKIX-3 CA/RA pkix-3-ca-ra 829/tcp PKIX-3 CA/RA dhcp-failover2 847/udp dhcp-failover 2 dhcp-failover2 847/tcp dhcp-failover 2 rsync 873/udp rsync rsync 873/tcp rsync iclcnet-locate 886/udp ICL coNETion locate server iclcnet-locate 886/tcp ICL coNETion locate server iclcnet_svinfo 887/tcp ICL coNETion server info iclcnet_svinfo 887/udp ICL coNETion server info cddbp 888/tcp CD Database Protocol accessbuilder 888/tcp AccessBuilder accessbuilder 888/udp AccessBuilder omginitialrefs 900/udp OMG Initial Refs omginitialrefs 900/tcp OMG Initial Refs # Doug Card check-point-fw-1-http-client-auth 900/tcp # Doug Card check-point-fw-1-http-client-auth 900/tcp smpnameres 901/tcp SMPNAMERES smpnameres 901/udp SMPNAMERES # Scott Craig realsecure-console 901/tcp www.iss.net ideafarm-chat 902/udp IDEAFARM-CHAT ideafarm-chat 902/tcp IDEAFARM-CHAT ideafarm-catch 903/udp IDEAFARM-CATCH ideafarm-catch 903/tcp IDEAFARM-CATCH xact-backup 911/tcp xact-backup xact-backup 911/udp xact-backup apex-mesh 912/udp APEX relay-relay service apex-mesh 912/tcp APEX relay-relay service apex-edge 913/udp APEX endpoint-relay service apex-edge 913/tcp APEX endpoint-relay service ftps-data 989/udp ftp protocol, data, over TLS/SSL ftps-data 989/tcp ftp protocol, data, over TLS/SSL ftps 990/tcp ftp protocol, control, over TLS/SSL ftps 990/udp ftp protocol, control, over TLS/SSL nas 991/udp Netnews Administration System nas 991/tcp Netnews Administration System telnets 992/udp telnet protocol over TLS/SSL telnets 992/tcp telnet protocol over TLS/SSL imaps 993/udp imap4 protocol over TLS/SSL imaps 993/tcp imap4 protocol over TLS/SSL ircs 994/udp irc protocol over TLS/SSL ircs 994/tcp irc protocol over TLS/SSL pop3s 995/udp pop3 protocol over TLS/SSL (was spop3) pop3s 995/tcp pop3 protocol over TLS/SSL (was spop3) vsinet 996/udp vsinet vsinet 996/tcp vsinet maitrd 997/tcp maitrd 997/udp puparp 998/udp busboy 998/tcp garcon 999/tcp puprouter 999/udp puprouter 999/tcp applix 999/udp Applix ac cadlock2 1000/udp cadlock2 1000/tcp # Scott A. McIntyre silencer 1001/udp # Scott A. McIntyre webex 1001/tcp # Scott Craig theef-1005 1005/tcp theef.4-all.org # Scott Craig theef-1005 1005/tcp theef.4-all.org surf 1010/udp surf surf 1010/tcp surf # Philippe Jumelle kdm 1024/tcp blackjack 1025/tcp network blackjack blackjack 1025/udp network blackjack iad1 1030/udp BBN IAD iad1 1030/tcp BBN IAD iad2 1031/udp BBN IAD iad2 1031/tcp BBN IAD iad3 1032/udp BBN IAD iad3 1032/tcp BBN IAD # Scott A. McIntyre netspy 1033/tcp pcg-radar 1036/udp RADAR Service Protocol pcg-radar 1036/tcp RADAR Service Protocol netarx 1040/udp Netarx netarx 1040/tcp Netarx # Scott A. McIntyre blah11 1042/tcp fpitp 1045/udp Fingerprint Image Transfer Protocol fpitp 1045/tcp Fingerprint Image Transfer Protocol neod1 1047/udp Sun's NEO Object Request Broker neod1 1047/tcp Sun's NEO Object Request Broker neod2 1048/udp Sun's NEO Object Request Broker neod2 1048/tcp Sun's NEO Object Request Broker td-postman 1049/tcp Tobit David Postman VPMN td-postman 1049/udp Tobit David Postman VPMN cma 1050/udp CORBA Management Agent cma 1050/tcp CORBA Management Agent optima-vnet 1051/tcp Optima VNET optima-vnet 1051/udp Optima VNET ddt 1052/udp Dynamic DNS Tools ddt 1052/tcp Dynamic DNS Tools remote-as 1053/udp Remote Assistant (RA) remote-as 1053/tcp Remote Assistant (RA) brvread 1054/udp BRVREAD brvread 1054/tcp BRVREAD ansyslmd 1055/tcp ANSYS - License Manager ansyslmd 1055/udp ANSYS - License Manager vfo 1056/tcp VFO vfo 1056/udp VFO startron 1057/tcp STARTRON startron 1057/udp STARTRON nim 1058/udp nim nim 1058/tcp nim nimreg 1059/udp nimreg nimreg 1059/tcp nimreg polestar 1060/udp POLESTAR polestar 1060/tcp POLESTAR kiosk 1061/tcp KIOSK kiosk 1061/udp KIOSK veracity 1062/tcp Veracity veracity 1062/udp Veracity kyoceranetdev 1063/udp KyoceraNetDev kyoceranetdev 1063/tcp KyoceraNetDev jstel 1064/udp JSTEL jstel 1064/tcp JSTEL syscomlan 1065/udp SYSCOMLAN syscomlan 1065/tcp SYSCOMLAN fpo-fns 1066/udp FPO-FNS fpo-fns 1066/tcp FPO-FNS instl_boots 1067/tcp Installation Bootstrap Proto. Serv. instl_boots 1067/udp Installation Bootstrap Proto. Serv. instl_bootc 1068/tcp Installation Bootstrap Proto. Cli. instl_bootc 1068/udp Installation Bootstrap Proto. Cli. cognex-insight 1069/udp COGNEX-INSIGHT cognex-insight 1069/tcp COGNEX-INSIGHT gmrupdateserv 1070/udp GMRUpdateSERV gmrupdateserv 1070/tcp GMRUpdateSERV bsquare-voip 1071/udp BSQUARE-VOIP bsquare-voip 1071/tcp BSQUARE-VOIP cardax 1072/udp CARDAX cardax 1072/tcp CARDAX bridgecontrol 1073/udp BridgeControl bridgecontrol 1073/tcp BridgeControl fastechnologlm 1074/udp FASTechnologies License Manager fastechnologlm 1074/tcp FASTechnologies License Manager rdrmshc 1075/tcp RDRMSHC rdrmshc 1075/udp RDRMSHC dab-sti-c 1076/tcp DAB STI-C dab-sti-c 1076/udp DAB STI-C imgames 1077/tcp IMGames imgames 1077/udp IMGames emanagecstp 1078/udp eManageCstp emanagecstp 1078/tcp eManageCstp asprovatalk 1079/udp ASPROVATalk asprovatalk 1079/tcp ASPROVATalk socks 1080/udp Socks socks 1080/tcp Socks # Scott A. McIntyre wingate 1080/udp http://wingate.deerfield.com # Scott A. McIntyre wingate 1080/tcp http://wingate.deerfield.com pvuniwien 1081/udp PVUNIWIEN pvuniwien 1081/tcp PVUNIWIEN amt-esd-prot 1082/tcp AMT-ESD-PROT amt-esd-prot 1082/udp AMT-ESD-PROT ansoft-lm-1 1083/tcp Anasoft License Manager ansoft-lm-1 1083/udp Anasoft License Manager ansoft-lm-2 1084/udp Anasoft License Manager ansoft-lm-2 1084/tcp Anasoft License Manager webobjects 1085/udp Web Objects webobjects 1085/tcp Web Objects cplscrambler-lg 1086/udp CPL Scrambler Logging cplscrambler-lg 1086/tcp CPL Scrambler Logging cplscrambler-in 1087/tcp CPL Scrambler Internal cplscrambler-in 1087/udp CPL Scrambler Internal cplscrambler-al 1088/udp CPL Scrambler Alarm Log cplscrambler-al 1088/tcp CPL Scrambler Alarm Log ff-annunc 1089/udp FF Annunciation ff-annunc 1089/tcp FF Annunciation ff-fms 1090/udp FF Fieldbus Message Specification ff-fms 1090/tcp FF Fieldbus Message Specification ff-sm 1091/tcp FF System Management ff-sm 1091/udp FF System Management obrpd 1092/udp Open Business Reporting Protocol obrpd 1092/tcp Open Business Reporting Protocol proofd 1093/tcp PROOFD proofd 1093/udp PROOFD rootd 1094/udp ROOTD rootd 1094/tcp ROOTD nicelink 1095/udp NICELink nicelink 1095/tcp NICELink cnrprotocol 1096/tcp Common Name Resolution Protocol cnrprotocol 1096/udp Common Name Resolution Protocol sunclustermgr 1097/tcp Sun Cluster Manager sunclustermgr 1097/udp Sun Cluster Manager rmiactivation 1098/tcp RMI Activation rmiactivation 1098/udp RMI Activation rmiregistry 1099/tcp RMI Registry rmiregistry 1099/udp RMI Registry mctp 1100/udp MCTP mctp 1100/tcp MCTP pt2-discover 1101/udp PT2-DISCOVER pt2-discover 1101/tcp PT2-DISCOVER adobeserver-1 1102/udp ADOBE SERVER 1 adobeserver-1 1102/tcp ADOBE SERVER 1 adobeserver-2 1103/tcp ADOBE SERVER 2 adobeserver-2 1103/udp ADOBE SERVER 2 xrl 1104/udp XRL xrl 1104/tcp XRL ftranhc 1105/udp FTRANHC ftranhc 1105/tcp FTRANHC isoipsigport-1 1106/udp ISOIPSIGPORT-1 isoipsigport-1 1106/tcp ISOIPSIGPORT-1 isoipsigport-2 1107/udp ISOIPSIGPORT-2 isoipsigport-2 1107/tcp ISOIPSIGPORT-2 ratio-adp 1108/tcp ratio-adp ratio-adp 1108/udp ratio-adp nfsd-keepalive 1110/udp Client status info nfsd-status 1110/tcp Cluster status info lmsocialserver 1111/udp LM Social Server lmsocialserver 1111/tcp LM Social Server icp 1112/tcp Intelligent Communication Protocol icp 1112/udp Intelligent Communication Protocol mini-sql 1114/tcp Mini SQL mini-sql 1114/udp Mini SQL ardus-trns 1115/tcp ARDUS Transfer ardus-trns 1115/udp ARDUS Transfer ardus-cntl 1116/udp ARDUS Control ardus-cntl 1116/tcp ARDUS Control ardus-mtrns 1117/tcp ARDUS Multicast Transfer ardus-mtrns 1117/udp ARDUS Multicast Transfer availant-mgr 1122/tcp availant-mgr availant-mgr 1122/udp availant-mgr murray 1123/tcp Murray murray 1123/udp Murray nfa 1155/udp Network File Access nfa 1155/tcp Network File Access health-polling 1161/udp Health Polling health-polling 1161/tcp Health Polling # Gary Gaskell oracle-snmp 1161/tcp health-trap 1162/udp Health Trap health-trap 1162/tcp Health Trap tripwire 1169/udp TRIPWIRE tripwire 1169/tcp TRIPWIRE # Scott A. McIntyre psyber-stream 1170/udp # Scott A. McIntyre streamingaudio 1170/tcp mc-client 1180/tcp Millicent Client Proxy mc-client 1180/udp Millicent Client Proxy llsurfup-http 1183/tcp LL Surfup HTTP llsurfup-http 1183/udp LL Surfup HTTP llsurfup-https 1184/udp LL Surfup HTTPS llsurfup-https 1184/tcp LL Surfup HTTPS catchpole 1185/tcp Catchpole port catchpole 1185/udp Catchpole port hp-webadmin 1188/udp HP Web Admin hp-webadmin 1188/tcp HP Web Admin dmidi 1199/tcp DMIDI dmidi 1199/udp DMIDI scol 1200/udp SCOL scol 1200/tcp SCOL nucleus-sand 1201/tcp Nucleus Sand nucleus-sand 1201/udp Nucleus Sand caiccipc 1202/udp caiccipc caiccipc 1202/tcp caiccipc ssslic-mgr 1203/udp License Validation ssslic-mgr 1203/tcp License Validation ssslog-mgr 1204/udp Log Request Listener ssslog-mgr 1204/tcp Log Request Listener accord-mgc 1205/udp Accord-MGC accord-mgc 1205/tcp Accord-MGC anthony-data 1206/udp Anthony Data anthony-data 1206/tcp Anthony Data metasage 1207/tcp MetaSage metasage 1207/udp MetaSage # Scott A. McIntyre softwar 1207/tcp seagull-ais 1208/udp SEAGULL AIS seagull-ais 1208/tcp SEAGULL AIS ipcd3 1209/udp IPCD3 ipcd3 1209/tcp IPCD3 eoss 1210/udp EOSS eoss 1210/tcp EOSS groove-dpp 1211/udp Groove DPP groove-dpp 1211/tcp Groove DPP lupa 1212/udp lupa lupa 1212/tcp lupa mpc-lifenet 1213/tcp MPC LIFENET mpc-lifenet 1213/udp MPC LIFENET kazaa 1214/tcp KAZAA kazaa 1214/udp KAZAA # Darlene Hall kaaza 1214/tcp http://www.nystrom.no/okn/musikk/finnmp3.asp # Darlene Hall kaaza 1214/udp http://www.nystrom.no/okn/musikk/finnmp3.asp scanstat-1 1215/tcp scanSTAT 1.0 scanstat-1 1215/udp scanSTAT 1.0 etebac5 1216/tcp ETEBAC 5 etebac5 1216/udp ETEBAC 5 hpss-ndapi 1217/udp HPSS-NDAPI hpss-ndapi 1217/tcp HPSS-NDAPI aeroflight-ads 1218/udp AeroFlight-ADs aeroflight-ads 1218/tcp AeroFlight-ADs aeroflight-ret 1219/udp AeroFlight-Ret aeroflight-ret 1219/tcp AeroFlight-Ret qt-serveradmin 1220/udp QT SERVER ADMIN qt-serveradmin 1220/tcp QT SERVER ADMIN sweetware-apps 1221/tcp SweetWARE Apps sweetware-apps 1221/udp SweetWARE Apps nerv 1222/tcp SNI R&D network nerv 1222/udp SNI R&D network tgp 1223/udp TGP tgp 1223/tcp TGP vpnz 1224/udp VPNz vpnz 1224/tcp VPNz slinkysearch 1225/udp SLINKYSEARCH slinkysearch 1225/tcp SLINKYSEARCH stgxfws 1226/tcp STGXFWS stgxfws 1226/udp STGXFWS dns2go 1227/udp DNS2Go dns2go 1227/tcp DNS2Go florence 1228/udp FLORENCE florence 1228/tcp FLORENCE novell-zfs 1229/tcp Novell ZFS novell-zfs 1229/udp Novell ZFS periscope 1230/tcp Periscope periscope 1230/udp Periscope menandmice-lpm 1231/udp menandmice-lpm menandmice-lpm 1231/tcp menandmice-lpm univ-appserver 1233/udp Universal App Server univ-appserver 1233/tcp Universal App Server search-agent 1234/udp Infoseek Search Agent search-agent 1234/tcp Infoseek Search Agent # Scott A. McIntyre ultors 1234/udp mosaicsyssvc1 1235/udp mosaicsyssvc1 mosaicsyssvc1 1235/tcp mosaicsyssvc1 bvcontrol 1236/udp bvcontrol bvcontrol 1236/tcp bvcontrol tsdos390 1237/udp tsdos390 tsdos390 1237/tcp tsdos390 hacl-qs 1238/udp hacl-qs hacl-qs 1238/tcp hacl-qs nmsd 1239/udp NMSD nmsd 1239/tcp NMSD instantia 1240/udp Instantia instantia 1240/tcp Instantia nessus 1241/tcp nessus nessus 1241/udp nessus nmasoverip 1242/udp NMAS over IP nmasoverip 1242/tcp NMAS over IP serialgateway 1243/udp SerialGateway serialgateway 1243/tcp SerialGateway # Scott A. McIntyre subseven 1243/tcp isbconference1 1244/udp isbconference1 isbconference1 1244/tcp isbconference1 isbconference2 1245/tcp isbconference2 isbconference2 1245/udp isbconference2 # Scott A. McIntyre broadcast.com 1245/udp # Scott A. McIntyre voodoo 1245/udp # Scott A. McIntyre voodoo 1245/tcp payrouter 1246/udp payrouter payrouter 1246/tcp payrouter visionpyramid 1247/udp VisionPyramid visionpyramid 1247/tcp VisionPyramid hermes 1248/udp hermes hermes 1248/tcp hermes mesavistaco 1249/udp Mesa Vista Co mesavistaco 1249/tcp Mesa Vista Co swldy-sias 1250/udp swldy-sias swldy-sias 1250/tcp swldy-sias servergraph 1251/tcp servergraph servergraph 1251/udp servergraph bspne-pcc 1252/tcp bspne-pcc bspne-pcc 1252/udp bspne-pcc q55-pcc 1253/udp q55-pcc q55-pcc 1253/tcp q55-pcc de-noc 1254/udp de-noc de-noc 1254/tcp de-noc de-cache-query 1255/udp de-cache-query de-cache-query 1255/tcp de-cache-query de-server 1256/udp de-server de-server 1256/tcp de-server shockwave2 1257/udp Shockwave 2 shockwave2 1257/tcp Shockwave 2 opennl 1258/tcp Open Network Library opennl 1258/udp Open Network Library opennl-voice 1259/tcp Open Network Library Voice opennl-voice 1259/udp Open Network Library Voice ibm-ssd 1260/tcp ibm-ssd ibm-ssd 1260/udp ibm-ssd mpshrsv 1261/tcp mpshrsv mpshrsv 1261/udp mpshrsv qnts-orb 1262/tcp QNTS-ORB qnts-orb 1262/udp QNTS-ORB dka 1263/tcp dka dka 1263/udp dka prat 1264/tcp PRAT prat 1264/udp PRAT dssiapi 1265/tcp DSSIAPI dssiapi 1265/udp DSSIAPI dellpwrappks 1266/tcp DELLPWRAPPKS dellpwrappks 1266/udp DELLPWRAPPKS pcmlinux 1267/tcp pcmlinux pcmlinux 1267/udp pcmlinux propel-msgsys 1268/udp PROPEL-MSGSYS propel-msgsys 1268/tcp PROPEL-MSGSYS watilapp 1269/udp WATiLaPP watilapp 1269/tcp WATiLaPP # Scott A. McIntyre matrix 1269/tcp opsman 1270/udp opsman opsman 1270/tcp opsman dabew 1271/udp Dabew dabew 1271/tcp Dabew cspmlockmgr 1272/tcp CSPMLockMgr cspmlockmgr 1272/udp CSPMLockMgr emc-gateway 1273/udp EMC-Gateway emc-gateway 1273/tcp EMC-Gateway t1distproc 1274/udp t1distproc t1distproc 1274/tcp t1distproc ivcollector 1275/tcp ivcollector ivcollector 1275/udp ivcollector ivmanager 1276/udp ivmanager ivmanager 1276/tcp ivmanager miva-mqs 1277/udp mqs miva-mqs 1277/tcp mqs dellwebadmin-1 1278/udp Dell Web Admin 1 dellwebadmin-1 1278/tcp Dell Web Admin 1 dellwebadmin-2 1279/udp Dell Web Admin 2 dellwebadmin-2 1279/tcp Dell Web Admin 2 pictrography 1280/udp Pictrography pictrography 1280/tcp Pictrography healthd 1281/udp healthd healthd 1281/tcp healthd emperion 1282/udp Emperion emperion 1282/tcp Emperion productinfo 1283/tcp ProductInfo productinfo 1283/udp ProductInfo iee-qfx 1284/udp IEE-QFX iee-qfx 1284/tcp IEE-QFX neoiface 1285/udp neoiface neoiface 1285/tcp neoiface netuitive 1286/tcp netuitive netuitive 1286/udp netuitive navbuddy 1288/tcp NavBuddy navbuddy 1288/udp NavBuddy jwalkserver 1289/tcp JWalkServer jwalkserver 1289/udp JWalkServer winjaserver 1290/tcp WinJaServer winjaserver 1290/udp WinJaServer seagulllms 1291/udp SEAGULLLMS seagulllms 1291/tcp SEAGULLLMS dsdn 1292/udp dsdn dsdn 1292/tcp dsdn pkt-krb-ipsec 1293/tcp PKT-KRB-IPSec pkt-krb-ipsec 1293/udp PKT-KRB-IPSec cmmdriver 1294/tcp CMMdriver cmmdriver 1294/udp CMMdriver eetp 1295/udp EETP eetp 1295/tcp EETP dproxy 1296/udp dproxy dproxy 1296/tcp dproxy sdproxy 1297/udp sdproxy sdproxy 1297/tcp sdproxy lpcp 1298/udp lpcp lpcp 1298/tcp lpcp hp-sci 1299/udp hp-sci hp-sci 1299/tcp hp-sci h323hostcallsc 1300/udp H323 Host Call Secure h323hostcallsc 1300/tcp H323 Host Call Secure ci3-software-1 1301/udp CI3-Software-1 ci3-software-1 1301/tcp CI3-Software-1 ci3-software-2 1302/tcp CI3-Software-2 ci3-software-2 1302/udp CI3-Software-2 sftsrv 1303/tcp sftsrv sftsrv 1303/udp sftsrv boomerang 1304/udp Boomerang boomerang 1304/tcp Boomerang pe-mike 1305/tcp pe-mike pe-mike 1305/udp pe-mike re-conn-proto 1306/udp RE-Conn-Proto re-conn-proto 1306/tcp RE-Conn-Proto pacmand 1307/udp Pacmand pacmand 1307/tcp Pacmand odsi 1308/udp Optical Domain Service Interconnect (ODSI) odsi 1308/tcp Optical Domain Service Interconnect (ODSI) jtag-server 1309/udp JTAG server jtag-server 1309/tcp JTAG server husky 1310/udp Husky husky 1310/tcp Husky rxmon 1311/tcp RxMon rxmon 1311/udp RxMon sti-envision 1312/udp STI Envision sti-envision 1312/tcp STI Envision bmc_patroldb 1313/tcp BMC_PATROLDB bmc_patroldb 1313/udp BMC_PATROLDB pdps 1314/udp Photoscript Distributed Printing System pdps 1314/tcp Photoscript Distributed Printing System els 1315/udp E.L.S., Event Listener Service els 1315/tcp E.L.S., Event Listener Service exbit-escp 1316/tcp Exbit-ESCP exbit-escp 1316/udp Exbit-ESCP vrts-ipcserver 1317/tcp vrts-ipcserver vrts-ipcserver 1317/udp vrts-ipcserver krb5gatekeeper 1318/tcp krb5gatekeeper krb5gatekeeper 1318/udp krb5gatekeeper panja-icsp 1319/udp Panja-ICSP panja-icsp 1319/tcp Panja-ICSP panja-axbnet 1320/udp Panja-AXBNET panja-axbnet 1320/tcp Panja-AXBNET pip 1321/tcp PIP pip 1321/udp PIP novation 1322/tcp Novation novation 1322/udp Novation brcd 1323/udp brcd brcd 1323/tcp brcd delta-mcp 1324/tcp delta-mcp delta-mcp 1324/udp delta-mcp dx-instrument 1325/udp DX-Instrument dx-instrument 1325/tcp DX-Instrument wimsic 1326/udp WIMSIC wimsic 1326/tcp WIMSIC ultrex 1327/tcp Ultrex ultrex 1327/udp Ultrex ewall 1328/udp EWALL ewall 1328/tcp EWALL netdb-export 1329/udp netdb-export netdb-export 1329/tcp netdb-export streetperfect 1330/udp StreetPerfect streetperfect 1330/tcp StreetPerfect intersan 1331/udp intersan intersan 1331/tcp intersan pcia-rxp-b 1332/tcp PCIA RXP-B pcia-rxp-b 1332/udp PCIA RXP-B passwrd-policy 1333/udp Password Policy passwrd-policy 1333/tcp Password Policy writesrv 1334/tcp writesrv writesrv 1334/udp writesrv digital-notary 1335/tcp Digital Notary Protocol digital-notary 1335/udp Digital Notary Protocol ischat 1336/udp Instant Service Chat ischat 1336/tcp Instant Service Chat menandmice-dns 1337/udp menandmice DNS menandmice-dns 1337/tcp menandmice DNS wmc-log-svc 1338/tcp WMC-log-svr wmc-log-svc 1338/udp WMC-log-svr kjtsiteserver 1339/tcp kjtsiteserver kjtsiteserver 1339/udp kjtsiteserver naap 1340/tcp NAAP naap 1340/udp NAAP qubes 1341/tcp QuBES qubes 1341/udp QuBES esbroker 1342/udp ESBroker esbroker 1342/tcp ESBroker re101 1343/tcp re101 re101 1343/udp re101 icap 1344/tcp ICAP icap 1344/udp ICAP vpjp 1345/udp VPJP vpjp 1345/tcp VPJP alta-ana-lm 1346/udp Alta Analytics License Manager alta-ana-lm 1346/tcp Alta Analytics License Manager bbn-mmc 1347/tcp multi media conferencing bbn-mmc 1347/udp multi media conferencing bbn-mmx 1348/udp multi media conferencing bbn-mmx 1348/tcp multi media conferencing sbook 1349/udp Registration Network Protocol sbook 1349/tcp Registration Network Protocol editbench 1350/udp Registration Network Protocol editbench 1350/tcp Registration Network Protocol equationbuilder 1351/tcp Digital Tool Works (MIT) equationbuilder 1351/udp Digital Tool Works (MIT) lotusnote 1352/udp Lotus Note lotusnote 1352/tcp Lotus Note relief 1353/tcp Relief Consulting relief 1353/udp Relief Consulting rightbrain 1354/udp RightBrain Software rightbrain 1354/tcp RightBrain Software intuitive-edge 1355/udp Intuitive Edge intuitive-edge 1355/tcp Intuitive Edge cuillamartin 1356/udp CuillaMartin Company cuillamartin 1356/tcp CuillaMartin Company pegboard 1357/udp Electronic PegBoard pegboard 1357/tcp Electronic PegBoard connlcli 1358/tcp CONNLCLI connlcli 1358/udp CONNLCLI ftsrv 1359/udp FTSRV ftsrv 1359/tcp FTSRV mimer 1360/udp MIMER mimer 1360/tcp MIMER linx 1361/tcp LinX linx 1361/udp LinX timeflies 1362/udp TimeFlies timeflies 1362/tcp TimeFlies ndm-requester 1363/tcp Network DataMover Requester ndm-requester 1363/udp Network DataMover Requester ndm-server 1364/udp Network DataMover Server ndm-server 1364/tcp Network DataMover Server adapt-sna 1365/udp Network Software Associates adapt-sna 1365/tcp Network Software Associates netware-csp 1366/udp Novell NetWare Comm Service Platform netware-csp 1366/tcp Novell NetWare Comm Service Platform dcs 1367/udp DCS dcs 1367/tcp DCS screencast 1368/udp ScreenCast screencast 1368/tcp ScreenCast gv-us 1369/tcp GlobalView to Unix Shell gv-us 1369/udp GlobalView to Unix Shell us-gv 1370/udp Unix Shell to GlobalView us-gv 1370/tcp Unix Shell to GlobalView fc-cli 1371/tcp Fujitsu Config Protocol fc-cli 1371/udp Fujitsu Config Protocol fc-ser 1372/tcp Fujitsu Config Protocol fc-ser 1372/udp Fujitsu Config Protocol chromagrafx 1373/udp Chromagrafx chromagrafx 1373/tcp Chromagrafx molly 1374/tcp EPI Software Systems molly 1374/udp EPI Software Systems bytex 1375/udp Bytex bytex 1375/tcp Bytex ibm-pps 1376/udp IBM Person to Person Software ibm-pps 1376/tcp IBM Person to Person Software cichlid 1377/udp Cichlid License Manager cichlid 1377/tcp Cichlid License Manager elan 1378/udp Elan License Manager elan 1378/tcp Elan License Manager dbreporter 1379/tcp Integrity Solutions dbreporter 1379/udp Integrity Solutions telesis-licman 1380/udp Telesis Network License Manager telesis-licman 1380/tcp Telesis Network License Manager apple-licman 1381/udp Apple Network License Manager apple-licman 1381/tcp Apple Network License Manager udt_os 1382/udp udt_os udt_os 1382/tcp udt_os gwha 1383/tcp GW Hannaway Network License Manager gwha 1383/udp GW Hannaway Network License Manager os-licman 1384/udp Objective Solutions License Manager os-licman 1384/tcp Objective Solutions License Manager atex_elmd 1385/udp Atex Publishing License Manager atex_elmd 1385/tcp Atex Publishing License Manager checksum 1386/tcp CheckSum License Manager checksum 1386/udp CheckSum License Manager cadsi-lm 1387/udp Computer Aided Design Software Inc LM cadsi-lm 1387/tcp Computer Aided Design Software Inc LM objective-dbc 1388/udp Objective Solutions DataBase Cache objective-dbc 1388/tcp Objective Solutions DataBase Cache iclpv-dm 1389/udp Document Manager iclpv-dm 1389/tcp Document Manager iclpv-sc 1390/tcp Storage Controller iclpv-sc 1390/udp Storage Controller iclpv-sas 1391/tcp Storage Access Server iclpv-sas 1391/udp Storage Access Server iclpv-pm 1392/tcp Print Manager iclpv-pm 1392/udp Print Manager iclpv-nls 1393/udp Network Log Server iclpv-nls 1393/tcp Network Log Server iclpv-nlc 1394/tcp Network Log Client iclpv-nlc 1394/udp Network Log Client iclpv-wsm 1395/udp PC Workstation Manager software iclpv-wsm 1395/tcp PC Workstation Manager software dvl-activemail 1396/tcp DVL Active Mail dvl-activemail 1396/udp DVL Active Mail audio-activmail 1397/tcp Audio Active Mail audio-activmail 1397/udp Audio Active Mail video-activmail 1398/udp Video Active Mail video-activmail 1398/tcp Video Active Mail cadkey-licman 1399/udp Cadkey License Manager cadkey-licman 1399/tcp Cadkey License Manager cadkey-tablet 1400/tcp Cadkey Tablet Daemon cadkey-tablet 1400/udp Cadkey Tablet Daemon goldleaf-licman 1401/tcp Goldleaf License Manager goldleaf-licman 1401/udp Goldleaf License Manager prm-sm-np 1402/tcp Prospero Resource Manager prm-sm-np 1402/udp Prospero Resource Manager prm-nm-np 1403/tcp Prospero Resource Manager prm-nm-np 1403/udp Prospero Resource Manager igi-lm 1404/udp Infinite Graphics License Manager igi-lm 1404/tcp Infinite Graphics License Manager ibm-res 1405/tcp IBM Remote Execution Starter ibm-res 1405/udp IBM Remote Execution Starter netlabs-lm 1406/tcp NetLabs License Manager netlabs-lm 1406/udp NetLabs License Manager dbsa-lm 1407/tcp DBSA License Manager dbsa-lm 1407/udp DBSA License Manager sophia-lm 1408/udp Sophia License Manager sophia-lm 1408/tcp Sophia License Manager here-lm 1409/udp Here License Manager here-lm 1409/tcp Here License Manager hiq 1410/udp HiQ License Manager hiq 1410/tcp HiQ License Manager af 1411/udp AudioFile af 1411/tcp AudioFile innosys 1412/udp InnoSys innosys 1412/tcp InnoSys innosys-acl 1413/udp Innosys-ACL innosys-acl 1413/tcp Innosys-ACL ibm-mqseries 1414/udp IBM MQSeries ibm-mqseries 1414/tcp IBM MQSeries dbstar 1415/udp DBStar dbstar 1415/tcp DBStar novell-lu6.2 1416/tcp Novell LU6.2 novell-lu6.2 1416/udp Novell LU6.2 timbuktu-srv1 1417/tcp Timbuktu Service 1 Port timbuktu-srv1 1417/udp Timbuktu Service 1 Port timbuktu-srv2 1418/tcp Timbuktu Service 2 Port timbuktu-srv2 1418/udp Timbuktu Service 2 Port timbuktu-srv3 1419/udp Timbuktu Service 3 Port timbuktu-srv3 1419/tcp Timbuktu Service 3 Port timbuktu-srv4 1420/udp Timbuktu Service 4 Port timbuktu-srv4 1420/tcp Timbuktu Service 4 Port gandalf-lm 1421/tcp Gandalf License Manager gandalf-lm 1421/udp Gandalf License Manager autodesk-lm 1422/udp Autodesk License Manager autodesk-lm 1422/tcp Autodesk License Manager essbase 1423/udp Essbase Arbor Software essbase 1423/tcp Essbase Arbor Software hybrid 1424/udp Hybrid Encryption Protocol hybrid 1424/tcp Hybrid Encryption Protocol zion-lm 1425/tcp Zion Software License Manager zion-lm 1425/udp Zion Software License Manager sais 1426/tcp Satellite-data Acquisition System 1 sais 1426/udp Satellite-data Acquisition System 1 mloadd 1427/tcp mloadd monitoring tool mloadd 1427/udp mloadd monitoring tool informatik-lm 1428/tcp Informatik License Manager informatik-lm 1428/udp Informatik License Manager nms 1429/udp Hypercom NMS nms 1429/tcp Hypercom NMS tpdu 1430/tcp Hypercom TPDU tpdu 1430/udp Hypercom TPDU rgtp 1431/udp Reverse Gossip Transport rgtp 1431/tcp Reverse Gossip Transport blueberry-lm 1432/tcp Blueberry Software License Manager blueberry-lm 1432/udp Blueberry Software License Manager ms-sql-s 1433/tcp Microsoft-SQL-Server ms-sql-s 1433/udp Microsoft-SQL-Server ms-sql-m 1434/tcp Microsoft-SQL-Monitor ms-sql-m 1434/udp Microsoft-SQL-Monitor ibm-cics 1435/udp IBM CICS ibm-cics 1435/tcp IBM CICS saism 1436/udp Satellite-data Acquisition System 2 saism 1436/tcp Satellite-data Acquisition System 2 tabula 1437/udp Tabula tabula 1437/tcp Tabula eicon-server 1438/tcp Eicon Security Agent/Server eicon-server 1438/udp Eicon Security Agent/Server eicon-x25 1439/udp Eicon X25/SNA Gateway eicon-x25 1439/tcp Eicon X25/SNA Gateway eicon-slp 1440/udp Eicon Service Location Protocol eicon-slp 1440/tcp Eicon Service Location Protocol cadis-1 1441/udp Cadis License Management cadis-1 1441/tcp Cadis License Management cadis-2 1442/tcp Cadis License Management cadis-2 1442/udp Cadis License Management ies-lm 1443/udp Integrated Engineering Software ies-lm 1443/tcp Integrated Engineering Software marcam-lm 1444/tcp Marcam License Management marcam-lm 1444/udp Marcam License Management proxima-lm 1445/udp Proxima License Manager proxima-lm 1445/tcp Proxima License Manager ora-lm 1446/tcp Optical Research Associates License Manager ora-lm 1446/udp Optical Research Associates License Manager apri-lm 1447/tcp Applied Parallel Research LM apri-lm 1447/udp Applied Parallel Research LM oc-lm 1448/tcp OpenConnect License Manager oc-lm 1448/udp OpenConnect License Manager peport 1449/udp PEport peport 1449/tcp PEport dwf 1450/udp Tandem Distributed Workbench Facility dwf 1450/tcp Tandem Distributed Workbench Facility infoman 1451/udp IBM Information Management infoman 1451/tcp IBM Information Management gtegsc-lm 1452/tcp GTE Government Systems License Man gtegsc-lm 1452/udp GTE Government Systems License Man genie-lm 1453/tcp Genie License Manager genie-lm 1453/udp Genie License Manager interhdl_elmd 1454/tcp interHDL License Manager interhdl_elmd 1454/udp interHDL License Manager esl-lm 1455/udp ESL License Manager esl-lm 1455/tcp ESL License Manager dca 1456/tcp DCA dca 1456/udp DCA valisys-lm 1457/tcp Valisys License Manager valisys-lm 1457/udp Valisys License Manager nrcabq-lm 1458/udp Nichols Research Corp. nrcabq-lm 1458/tcp Nichols Research Corp. proshare1 1459/tcp Proshare Notebook Application proshare1 1459/udp Proshare Notebook Application proshare2 1460/udp Proshare Notebook Application proshare2 1460/tcp Proshare Notebook Application ibm_wrless_lan 1461/udp IBM Wireless LAN ibm_wrless_lan 1461/tcp IBM Wireless LAN world-lm 1462/udp World License Manager world-lm 1462/tcp World License Manager nucleus 1463/udp Nucleus nucleus 1463/tcp Nucleus msl_lmd 1464/udp MSL License Manager msl_lmd 1464/tcp MSL License Manager pipes 1465/udp Pipes Platform mfarlin@peerlogic.com pipes 1465/tcp Pipes Platform oceansoft-lm 1466/udp Ocean Software License Manager oceansoft-lm 1466/tcp Ocean Software License Manager csdmbase 1467/udp CSDMBASE csdmbase 1467/tcp CSDMBASE csdm 1468/udp CSDM csdm 1468/tcp CSDM aal-lm 1469/udp Active Analysis Limited License Manager aal-lm 1469/tcp Active Analysis Limited License Manager uaiact 1470/udp Universal Analytics uaiact 1470/tcp Universal Analytics csdmbase 1471/udp csdmbase csdmbase 1471/tcp csdmbase csdm 1472/udp csdm csdm 1472/tcp csdm openmath 1473/udp OpenMath openmath 1473/tcp OpenMath telefinder 1474/udp Telefinder telefinder 1474/tcp Telefinder taligent-lm 1475/udp Taligent License Manager taligent-lm 1475/tcp Taligent License Manager clvm-cfg 1476/udp clvm-cfg clvm-cfg 1476/tcp clvm-cfg ms-sna-server 1477/udp ms-sna-server ms-sna-server 1477/tcp ms-sna-server ms-sna-base 1478/tcp ms-sna-base ms-sna-base 1478/udp ms-sna-base dberegister 1479/udp dberegister dberegister 1479/tcp dberegister pacerforum 1480/udp PacerForum pacerforum 1480/tcp PacerForum airs 1481/tcp AIRS airs 1481/udp AIRS miteksys-lm 1482/udp Miteksys License Manager miteksys-lm 1482/tcp Miteksys License Manager afs 1483/udp AFS License Manager afs 1483/tcp AFS License Manager confluent 1484/udp Confluent License Manager confluent 1484/tcp Confluent License Manager lansource 1485/udp LANSource lansource 1485/tcp LANSource nms_topo_serv 1486/tcp nms_topo_serv nms_topo_serv 1486/udp nms_topo_serv localinfosrvr 1487/tcp LocalInfoSrvr localinfosrvr 1487/udp LocalInfoSrvr docstor 1488/udp DocStor docstor 1488/tcp DocStor dmdocbroker 1489/tcp dmdocbroker dmdocbroker 1489/udp dmdocbroker insitu-conf 1490/udp insitu-conf insitu-conf 1490/tcp insitu-conf anynetgateway 1491/udp anynetgateway anynetgateway 1491/tcp anynetgateway stone-design-1 1492/tcp stone-design-1 stone-design-1 1492/udp stone-design-1 # Scott A. McIntyre ftp99cmp 1492/tcp netmap_lm 1493/udp netmap_lm netmap_lm 1493/tcp netmap_lm ica 1494/udp ica ica 1494/tcp ica cvc 1495/udp cvc cvc 1495/tcp cvc liberty-lm 1496/udp liberty-lm liberty-lm 1496/tcp liberty-lm rfx-lm 1497/tcp rfx-lm rfx-lm 1497/udp rfx-lm sybase-sqlany 1498/udp Sybase SQL Any sybase-sqlany 1498/tcp Sybase SQL Any fhc 1499/udp Federico Heinz Consultora fhc 1499/tcp Federico Heinz Consultora vlsi-lm 1500/tcp VLSI License Manager vlsi-lm 1500/udp VLSI License Manager # James R Grinter adsm 1500/tcp http://www.tivoli.com/products/index/storage_mgr/ saiscm 1501/tcp Satellite-data Acquisition System 3 saiscm 1501/udp Satellite-data Acquisition System 3 shivadiscovery 1502/udp Shiva shivadiscovery 1502/tcp Shiva imtc-mcs 1503/tcp Databeam imtc-mcs 1503/udp Databeam evb-elm 1504/udp EVB Software Engineering License Manager evb-elm 1504/tcp EVB Software Engineering License Manager funkproxy 1505/tcp Funk Software, Inc. funkproxy 1505/udp Funk Software, Inc. utcd 1506/udp Universal Time daemon (utcd) utcd 1506/tcp Universal Time daemon (utcd) symplex 1507/udp symplex symplex 1507/tcp symplex diagmond 1508/tcp diagmond diagmond 1508/udp diagmond robcad-lm 1509/udp Robcad, Ltd. License Manager robcad-lm 1509/tcp Robcad, Ltd. License Manager # Scott A. McIntyre psyberstream 1509/tcp mvx-lm 1510/tcp Midland Valley Exploration Ltd. Lic. Man. mvx-lm 1510/udp Midland Valley Exploration Ltd. Lic. Man. 3l-l1 1511/tcp 3l-l1 3l-l1 1511/udp 3l-l1 wins 1512/tcp Microsoft's Windows Internet Name Service wins 1512/udp Microsoft's Windows Internet Name Service fujitsu-dtc 1513/tcp Fujitsu Systems Business of America, Inc fujitsu-dtc 1513/udp Fujitsu Systems Business of America, Inc fujitsu-dtcns 1514/tcp Fujitsu Systems Business of America, Inc fujitsu-dtcns 1514/udp Fujitsu Systems Business of America, Inc ifor-protocol 1515/udp ifor-protocol ifor-protocol 1515/tcp ifor-protocol vpad 1516/tcp Virtual Places Audio data vpad 1516/udp Virtual Places Audio data vpac 1517/udp Virtual Places Audio control vpac 1517/tcp Virtual Places Audio control vpvd 1518/tcp Virtual Places Video data vpvd 1518/udp Virtual Places Video data vpvc 1519/tcp Virtual Places Video control vpvc 1519/udp Virtual Places Video control atm-zip-office 1520/tcp atm zip office atm-zip-office 1520/udp atm zip office ncube-lm 1521/udp nCube License Manager ncube-lm 1521/tcp nCube License Manager ricardo-lm 1522/udp Ricardo North America License Manager ricardo-lm 1522/tcp Ricardo North America License Manager cichild-lm 1523/tcp cichild cichild-lm 1523/udp cichild ingreslock 1524/tcp ingres ingreslock 1524/udp ingres prospero-np 1525/udp Prospero Directory Service non-priv orasrv 1525/tcp oracle orasrv 1525/udp oracle prospero-np 1525/tcp Prospero Directory Service non-priv pdap-np 1526/udp Prospero Data Access Prot non-priv pdap-np 1526/tcp Prospero Data Access Prot non-priv tlisrv 1527/udp oracle tlisrv 1527/tcp oracle mciautoreg 1528/tcp micautoreg mciautoreg 1528/udp micautoreg coauthor 1529/udp oracle coauthor 1529/tcp oracle rap-service 1530/tcp rap-service rap-service 1530/udp rap-service rap-listen 1531/tcp rap-listen rap-listen 1531/udp rap-listen miroconnect 1532/udp miroconnect miroconnect 1532/tcp miroconnect virtual-places 1533/tcp Virtual Places Software virtual-places 1533/udp Virtual Places Software micromuse-lm 1534/udp micromuse-lm micromuse-lm 1534/tcp micromuse-lm # James R Grinter nco_elmd 1534/udp http://www.micromuse.com/products/descriptions.htm ampr-info 1535/udp ampr-info ampr-info 1535/tcp ampr-info ampr-inter 1536/udp ampr-inter ampr-inter 1536/tcp ampr-inter sdsc-lm 1537/udp isi-lm sdsc-lm 1537/tcp isi-lm 3ds-lm 1538/udp 3ds-lm 3ds-lm 1538/tcp 3ds-lm intellistor-lm 1539/udp Intellistor License Manager intellistor-lm 1539/tcp Intellistor License Manager rds 1540/tcp rds rds 1540/udp rds rds2 1541/tcp rds2 rds2 1541/udp rds2 gridgen-elmd 1542/tcp gridgen-elmd gridgen-elmd 1542/udp gridgen-elmd simba-cs 1543/tcp simba-cs simba-cs 1543/udp simba-cs aspeclmd 1544/tcp aspeclmd aspeclmd 1544/udp aspeclmd vistium-share 1545/udp vistium-share vistium-share 1545/tcp vistium-share abbaccuray 1546/tcp abbaccuray abbaccuray 1546/udp abbaccuray laplink 1547/tcp laplink laplink 1547/udp laplink axon-lm 1548/udp Axon License Manager axon-lm 1548/tcp Axon License Manager shivahose 1549/tcp Shiva Hose shivasound 1549/udp Shiva Sound 3m-image-lm 1550/udp Image Storage license manager 3M Company 3m-image-lm 1550/tcp Image Storage license manager 3M Company hecmtl-db 1551/tcp HECMTL-DB hecmtl-db 1551/udp HECMTL-DB pciarray 1552/udp pciarray pciarray 1552/tcp pciarray sna-cs 1553/udp sna-cs sna-cs 1553/tcp sna-cs caci-lm 1554/udp CACI Products Company License Manager caci-lm 1554/tcp CACI Products Company License Manager livelan 1555/udp livelan livelan 1555/tcp livelan ashwin 1556/udp AshWin CI Tecnologies ashwin 1556/tcp AshWin CI Tecnologies arbortext-lm 1557/udp ArborText License Manager arbortext-lm 1557/tcp ArborText License Manager xingmpeg 1558/tcp xingmpeg xingmpeg 1558/udp xingmpeg web2host 1559/udp web2host web2host 1559/tcp web2host asci-val 1560/udp asci-val asci-val 1560/tcp asci-val facilityview 1561/tcp facilityview facilityview 1561/udp facilityview pconnectmgr 1562/udp pconnectmgr pconnectmgr 1562/tcp pconnectmgr cadabra-lm 1563/tcp Cadabra License Manager cadabra-lm 1563/udp Cadabra License Manager pay-per-view 1564/udp Pay-Per-View pay-per-view 1564/tcp Pay-Per-View winddlb 1565/tcp WinDD winddlb 1565/udp WinDD corelvideo 1566/udp CORELVIDEO corelvideo 1566/tcp CORELVIDEO jlicelmd 1567/udp jlicelmd jlicelmd 1567/tcp jlicelmd tsspmap 1568/tcp tsspmap tsspmap 1568/udp tsspmap ets 1569/tcp ets ets 1569/udp ets orbixd 1570/tcp orbixd orbixd 1570/udp orbixd rdb-dbs-disp 1571/tcp Oracle Remote Data Base rdb-dbs-disp 1571/udp Oracle Remote Data Base chip-lm 1572/udp Chipcom License Manager chip-lm 1572/tcp Chipcom License Manager itscomm-ns 1573/tcp itscomm-ns itscomm-ns 1573/udp itscomm-ns mvel-lm 1574/tcp mvel-lm mvel-lm 1574/udp mvel-lm oraclenames 1575/tcp oraclenames oraclenames 1575/udp oraclenames moldflow-lm 1576/udp moldflow-lm moldflow-lm 1576/tcp moldflow-lm hypercube-lm 1577/tcp hypercube-lm hypercube-lm 1577/udp hypercube-lm jacobus-lm 1578/udp Jacobus License Manager jacobus-lm 1578/tcp Jacobus License Manager ioc-sea-lm 1579/tcp ioc-sea-lm ioc-sea-lm 1579/udp ioc-sea-lm tn-tl-r2 1580/udp tn-tl-r2 tn-tl-r1 1580/tcp tn-tl-r1 # James R Grinter adsm-http 1580/tcp http://www.tivoli.com/products/index/storage_mgr/ mil-2045-47001 1581/tcp MIL-2045-47001 mil-2045-47001 1581/udp MIL-2045-47001 msims 1582/udp MSIMS msims 1582/tcp MSIMS simbaexpress 1583/tcp simbaexpress simbaexpress 1583/udp simbaexpress tn-tl-fd2 1584/udp tn-tl-fd2 tn-tl-fd2 1584/tcp tn-tl-fd2 intv 1585/tcp intv intv 1585/udp intv ibm-abtact 1586/udp ibm-abtact ibm-abtact 1586/tcp ibm-abtact pra_elmd 1587/udp pra_elmd pra_elmd 1587/tcp pra_elmd triquest-lm 1588/tcp triquest-lm triquest-lm 1588/udp triquest-lm vqp 1589/tcp VQP vqp 1589/udp VQP gemini-lm 1590/udp gemini-lm gemini-lm 1590/tcp gemini-lm ncpm-pm 1591/udp ncpm-pm ncpm-pm 1591/tcp ncpm-pm commonspace 1592/udp commonspace commonspace 1592/tcp commonspace mainsoft-lm 1593/tcp mainsoft-lm mainsoft-lm 1593/udp mainsoft-lm sixtrak 1594/udp sixtrak sixtrak 1594/tcp sixtrak radio 1595/udp radio radio 1595/tcp radio radio-bc 1596/udp radio-bc radio-sm 1596/tcp radio-sm orbplus-iiop 1597/tcp orbplus-iiop orbplus-iiop 1597/udp orbplus-iiop picknfs 1598/tcp picknfs picknfs 1598/udp picknfs simbaservices 1599/udp simbaservices simbaservices 1599/tcp simbaservices issd 1600/tcp issd 1600/udp # Scott A. McIntyre shivka-burka 1600/udp # Scott A. McIntyre shivaburka 1600/tcp aas 1601/udp aas aas 1601/tcp aas inspect 1602/tcp inspect inspect 1602/udp inspect picodbc 1603/tcp pickodbc picodbc 1603/udp pickodbc icabrowser 1604/tcp icabrowser icabrowser 1604/udp icabrowser slp 1605/tcp Salutation Manager (Salutation Protocol) slp 1605/udp Salutation Manager (Salutation Protocol) slm-api 1606/tcp Salutation Manager (SLM-API) slm-api 1606/udp Salutation Manager (SLM-API) stt 1607/udp stt stt 1607/tcp stt smart-lm 1608/udp Smart Corp. License Manager smart-lm 1608/tcp Smart Corp. License Manager isysg-lm 1609/udp isysg-lm isysg-lm 1609/tcp isysg-lm taurus-wh 1610/tcp taurus-wh taurus-wh 1610/udp taurus-wh ill 1611/udp Inter Library Loan ill 1611/tcp Inter Library Loan netbill-trans 1612/tcp NetBill Transaction Server netbill-trans 1612/udp NetBill Transaction Server netbill-keyrep 1613/tcp NetBill Key Repository netbill-keyrep 1613/udp NetBill Key Repository netbill-cred 1614/udp NetBill Credential Server netbill-cred 1614/tcp NetBill Credential Server netbill-auth 1615/tcp NetBill Authorization Server netbill-auth 1615/udp NetBill Authorization Server netbill-prod 1616/udp NetBill Product Server netbill-prod 1616/tcp NetBill Product Server nimrod-agent 1617/udp Nimrod Inter-Agent Communication nimrod-agent 1617/tcp Nimrod Inter-Agent Communication skytelnet 1618/udp skytelnet skytelnet 1618/tcp skytelnet xs-openstorage 1619/udp xs-openstorage xs-openstorage 1619/tcp xs-openstorage faxportwinport 1620/udp faxportwinport faxportwinport 1620/tcp faxportwinport softdataphone 1621/udp softdataphone softdataphone 1621/tcp softdataphone # Todd tucker pentasafe-core-services 1621/tcp http://www.pentasafe.com # Todd tucker pentasafe-core-services 1621/tcp http://www.pentasafe.com ontime 1622/tcp ontime ontime 1622/udp ontime jaleosnd 1623/udp jaleosnd jaleosnd 1623/tcp jaleosnd udp-sr-port 1624/udp udp-sr-port udp-sr-port 1624/tcp udp-sr-port svs-omagent 1625/tcp svs-omagent svs-omagent 1625/udp svs-omagent shockwave 1626/udp Shockwave shockwave 1626/tcp Shockwave t128-gateway 1627/udp T.128 Gateway t128-gateway 1627/tcp T.128 Gateway lontalk-norm 1628/udp LonTalk normal lontalk-norm 1628/tcp LonTalk normal lontalk-urgnt 1629/udp LonTalk urgent lontalk-urgnt 1629/tcp LonTalk urgent oraclenet8cman 1630/tcp Oracle Net8 Cman oraclenet8cman 1630/udp Oracle Net8 Cman visitview 1631/udp Visit view visitview 1631/tcp Visit view pammratc 1632/udp PAMMRATC pammratc 1632/tcp PAMMRATC pammrpc 1633/tcp PAMMRPC pammrpc 1633/udp PAMMRPC loaprobe 1634/udp Log On America Probe loaprobe 1634/tcp Log On America Probe edb-server1 1635/udp EDB Server 1 edb-server1 1635/tcp EDB Server 1 cncp 1636/tcp CableNet Control Protocol cncp 1636/udp CableNet Control Protocol cnap 1637/udp CableNet Admin Protocol cnap 1637/tcp CableNet Admin Protocol cnip 1638/tcp CableNet Info Protocol cnip 1638/udp CableNet Info Protocol cert-initiator 1639/tcp cert-initiator cert-initiator 1639/udp cert-initiator cert-responder 1640/udp cert-responder cert-responder 1640/tcp cert-responder invision 1641/tcp InVision invision 1641/udp InVision isis-am 1642/udp isis-am isis-am 1642/tcp isis-am isis-ambc 1643/udp isis-ambc isis-ambc 1643/tcp isis-ambc saiseh 1644/tcp Satellite-data Acquisition System 4 sightline 1645/tcp SightLine sightline 1645/udp SightLine # Jon Nangle radius-/-radius-accounting 1645/udp http://www.faqs.org/rfcs/rfc2138.html radius-/-radius-accounting 1646/udp http://www.faqs.org/rfcs/rfc2138.html sa-msg-port 1646/udp sa-msg-port sa-msg-port 1646/tcp sa-msg-port rsap 1647/tcp rsap rsap 1647/udp rsap concurrent-lm 1648/tcp concurrent-lm concurrent-lm 1648/udp concurrent-lm kermit 1649/udp kermit kermit 1649/tcp kermit nkd 1650/udp nkd nkd 1650/tcp nkdn shiva_confsrvr 1651/tcp shiva_confsrvr shiva_confsrvr 1651/udp shiva_confsrvr xnmp 1652/tcp xnmp xnmp 1652/udp xnmp alphatech-lm 1653/tcp alphatech-lm alphatech-lm 1653/udp alphatech-lm stargatealerts 1654/udp stargatealerts stargatealerts 1654/tcp stargatealerts dec-mbadmin 1655/udp dec-mbadmin dec-mbadmin 1655/tcp dec-mbadmin dec-mbadmin-h 1656/tcp dec-mbadmin-h dec-mbadmin-h 1656/udp dec-mbadmin-h fujitsu-mmpdc 1657/tcp fujitsu-mmpdc fujitsu-mmpdc 1657/udp fujitsu-mmpdc sixnetudr 1658/udp sixnetudr sixnetudr 1658/tcp sixnetudr sg-lm 1659/udp Silicon Grail License Manager sg-lm 1659/tcp Silicon Grail License Manager skip-mc-gikreq 1660/udp skip-mc-gikreq skip-mc-gikreq 1660/tcp skip-mc-gikreq netview-aix-1 1661/tcp netview-aix-1 netview-aix-1 1661/udp netview-aix-1 netview-aix-2 1662/tcp netview-aix-2 netview-aix-2 1662/udp netview-aix-2 netview-aix-3 1663/udp netview-aix-3 netview-aix-3 1663/tcp netview-aix-3 netview-aix-4 1664/udp netview-aix-4 netview-aix-4 1664/tcp netview-aix-4 netview-aix-5 1665/udp netview-aix-5 netview-aix-5 1665/tcp netview-aix-5 netview-aix-6 1666/tcp netview-aix-6 netview-aix-6 1666/udp netview-aix-6 netview-aix-7 1667/tcp netview-aix-7 netview-aix-7 1667/udp netview-aix-7 netview-aix-8 1668/tcp netview-aix-8 netview-aix-8 1668/udp netview-aix-8 netview-aix-9 1669/tcp netview-aix-9 netview-aix-9 1669/udp netview-aix-9 netview-aix-10 1670/udp netview-aix-10 netview-aix-10 1670/tcp netview-aix-10 netview-aix-11 1671/udp netview-aix-11 netview-aix-11 1671/tcp netview-aix-11 netview-aix-12 1672/udp netview-aix-12 netview-aix-12 1672/tcp netview-aix-12 proshare-mc-1 1673/udp Intel Proshare Multicast proshare-mc-1 1673/tcp Intel Proshare Multicast proshare-mc-2 1674/udp Intel Proshare Multicast proshare-mc-2 1674/tcp Intel Proshare Multicast pdp 1675/udp Pacific Data Products pdp 1675/tcp Pacific Data Products netcomm1 1676/tcp netcomm1 netcomm2 1676/udp netcomm2 groupwise 1677/tcp groupwise groupwise 1677/udp groupwise prolink 1678/udp prolink prolink 1678/tcp prolink darcorp-lm 1679/udp darcorp-lm darcorp-lm 1679/tcp darcorp-lm microcom-sbp 1680/udp microcom-sbp microcom-sbp 1680/tcp microcom-sbp sd-elmd 1681/udp sd-elmd sd-elmd 1681/tcp sd-elmd lanyon-lantern 1682/tcp lanyon-lantern lanyon-lantern 1682/udp lanyon-lantern ncpm-hip 1683/udp ncpm-hip ncpm-hip 1683/tcp ncpm-hip snaresecure 1684/udp SnareSecure snaresecure 1684/tcp SnareSecure n2nremote 1685/tcp n2nremote n2nremote 1685/udp n2nremote cvmon 1686/tcp cvmon cvmon 1686/udp cvmon nsjtp-ctrl 1687/tcp nsjtp-ctrl nsjtp-ctrl 1687/udp nsjtp-ctrl nsjtp-data 1688/udp nsjtp-data nsjtp-data 1688/tcp nsjtp-data firefox 1689/udp firefox firefox 1689/tcp firefox ng-umds 1690/udp ng-umds ng-umds 1690/tcp ng-umds empire-empuma 1691/udp empire-empuma empire-empuma 1691/tcp empire-empuma sstsys-lm 1692/udp sstsys-lm sstsys-lm 1692/tcp sstsys-lm rrirtr 1693/tcp rrirtr rrirtr 1693/udp rrirtr rrimwm 1694/tcp rrimwm rrimwm 1694/udp rrimwm rrilwm 1695/udp rrilwm rrilwm 1695/tcp rrilwm rrifmm 1696/udp rrifmm rrifmm 1696/tcp rrifmm rrisat 1697/tcp rrisat rrisat 1697/udp rrisat rsvp-encap-1 1698/udp RSVP-ENCAPSULATION-1 rsvp-encap-1 1698/tcp RSVP-ENCAPSULATION-1 rsvp-encap-2 1699/udp RSVP-ENCAPSULATION-2 rsvp-encap-2 1699/tcp RSVP-ENCAPSULATION-2 mps-raft 1700/udp mps-raft mps-raft 1700/tcp mps-raft l2f 1701/tcp l2f l2tp 1701/tcp l2tp l2f 1701/udp l2f l2tp 1701/udp l2tp deskshare 1702/tcp deskshare deskshare 1702/udp deskshare hb-engine 1703/udp hb-engine hb-engine 1703/tcp hb-engine bcs-broker 1704/udp bcs-broker bcs-broker 1704/tcp bcs-broker slingshot 1705/udp slingshot slingshot 1705/tcp slingshot jetform 1706/udp jetform jetform 1706/tcp jetform vdmplay 1707/tcp vdmplay vdmplay 1707/udp vdmplay gat-lmd 1708/tcp gat-lmd gat-lmd 1708/udp gat-lmd centra 1709/tcp centra centra 1709/udp centra impera 1710/tcp impera impera 1710/udp impera pptconference 1711/udp pptconference pptconference 1711/tcp pptconference registrar 1712/udp resource monitoring service registrar 1712/tcp resource monitoring service conferencetalk 1713/tcp ConferenceTalk conferencetalk 1713/udp ConferenceTalk sesi-lm 1714/tcp sesi-lm sesi-lm 1714/udp sesi-lm houdini-lm 1715/tcp houdini-lm houdini-lm 1715/udp houdini-lm xmsg 1716/udp xmsg xmsg 1716/tcp xmsg fj-hdnet 1717/tcp fj-hdnet fj-hdnet 1717/udp fj-hdnet h323gatedisc 1718/udp h323gatedisc h323gatedisc 1718/tcp h323gatedisc h323gatestat 1719/udp h323gatestat h323gatestat 1719/tcp h323gatestat h323hostcall 1720/udp h323hostcall h323hostcall 1720/tcp h323hostcall caicci 1721/udp caicci caicci 1721/tcp caicci hks-lm 1722/udp HKS License Manager hks-lm 1722/tcp HKS License Manager pptp 1723/tcp pptp pptp 1723/udp pptp csbphonemaster 1724/udp csbphonemaster csbphonemaster 1724/tcp csbphonemaster iden-ralp 1725/udp iden-ralp iden-ralp 1725/tcp iden-ralp iberiagames 1726/udp IBERIAGAMES iberiagames 1726/tcp IBERIAGAMES winddx 1727/udp winddx winddx 1727/tcp winddx telindus 1728/tcp TELINDUS telindus 1728/udp TELINDUS citynl 1729/udp CityNL License Management citynl 1729/tcp CityNL License Management roketz 1730/tcp roketz roketz 1730/udp roketz msiccp 1731/tcp MSICCP msiccp 1731/udp MSICCP proxim 1732/tcp proxim proxim 1732/udp proxim siipat 1733/tcp SIMS - SIIPAT Protocol for Alarm Transmission siipat 1733/udp SIMS - SIIPAT Protocol for Alarm Transmission cambertx-lm 1734/udp Camber Corporation License Management cambertx-lm 1734/tcp Camber Corporation License Management privatechat 1735/udp PrivateChat privatechat 1735/tcp PrivateChat street-stream 1736/tcp street-stream street-stream 1736/udp street-stream ultimad 1737/udp ultimad ultimad 1737/tcp ultimad gamegen1 1738/udp GameGen1 gamegen1 1738/tcp GameGen1 webaccess 1739/tcp webaccess webaccess 1739/udp webaccess encore 1740/udp encore encore 1740/tcp encore cisco-net-mgmt 1741/tcp cisco-net-mgmt cisco-net-mgmt 1741/udp cisco-net-mgmt 3com-nsd 1742/udp 3Com-nsd 3com-nsd 1742/tcp 3Com-nsd cinegrfx-lm 1743/udp Cinema Graphics License Manager cinegrfx-lm 1743/tcp Cinema Graphics License Manager # Jason Beckers bp 1743/tcp http://www.unitrends.com/ ncpm-ft 1744/tcp ncpm-ft ncpm-ft 1744/udp ncpm-ft remote-winsock 1745/tcp remote-winsock remote-winsock 1745/udp remote-winsock ftrapid-1 1746/udp ftrapid-1 ftrapid-1 1746/tcp ftrapid-1 ftrapid-2 1747/udp ftrapid-2 ftrapid-2 1747/tcp ftrapid-2 oracle-em1 1748/tcp oracle-em1 oracle-em1 1748/udp oracle-em1 aspen-services 1749/tcp aspen-services aspen-services 1749/udp aspen-services sslp 1750/tcp Simple Socket Library's PortMaster sslp 1750/udp Simple Socket Library's PortMaster swiftnet 1751/udp SwiftNet swiftnet 1751/tcp SwiftNet lofr-lm 1752/udp Leap of Faith Research License Manager lofr-lm 1752/tcp Leap of Faith Research License Manager translogic-lm 1753/tcp Translogic License Manager translogic-lm 1753/udp Translogic License Manager oracle-em2 1754/udp oracle-em2 oracle-em2 1754/tcp oracle-em2 ms-streaming 1755/tcp ms-streaming ms-streaming 1755/udp ms-streaming capfast-lmd 1756/udp capfast-lmd capfast-lmd 1756/tcp capfast-lmd cnhrp 1757/tcp cnhrp cnhrp 1757/udp cnhrp tftp-mcast 1758/tcp tftp-mcast tftp-mcast 1758/udp tftp-mcast spss-lm 1759/tcp SPSS License Manager spss-lm 1759/udp SPSS License Manager www-ldap-gw 1760/udp www-ldap-gw www-ldap-gw 1760/tcp www-ldap-gw cft-0 1761/udp cft-0 cft-0 1761/tcp cft-0 cft-1 1762/tcp cft-1 cft-1 1762/udp cft-1 cft-2 1763/tcp cft-2 cft-2 1763/udp cft-2 cft-3 1764/tcp cft-3 cft-3 1764/udp cft-3 cft-4 1765/tcp cft-4 cft-4 1765/udp cft-4 cft-5 1766/udp cft-5 cft-5 1766/tcp cft-5 cft-6 1767/udp cft-6 cft-6 1767/tcp cft-6 cft-7 1768/udp cft-7 cft-7 1768/tcp cft-7 bmc-net-adm 1769/tcp bmc-net-adm bmc-net-adm 1769/udp bmc-net-adm bmc-net-svc 1770/tcp bmc-net-svc bmc-net-svc 1770/udp bmc-net-svc vaultbase 1771/tcp vaultbase vaultbase 1771/udp vaultbase essweb-gw 1772/tcp EssWeb Gateway essweb-gw 1772/udp EssWeb Gateway kmscontrol 1773/tcp KMSControl kmscontrol 1773/udp KMSControl global-dtserv 1774/tcp global-dtserv global-dtserv 1774/udp global-dtserv femis 1776/udp Federal Emergency Management Information System femis 1776/tcp Federal Emergency Management Information System powerguardian 1777/udp powerguardian powerguardian 1777/tcp powerguardian prodigy-intrnet 1778/udp prodigy-internet prodigy-intrnet 1778/tcp prodigy-internet pharmasoft 1779/udp pharmasoft pharmasoft 1779/tcp pharmasoft dpkeyserv 1780/udp dpkeyserv dpkeyserv 1780/tcp dpkeyserv answersoft-lm 1781/udp answersoft-lm answersoft-lm 1781/tcp answersoft-lm hp-hcip 1782/udp hp-hcip hp-hcip 1782/tcp hp-hcip finle-lm 1784/tcp Finle License Manager finle-lm 1784/udp Finle License Manager windlm 1785/udp Wind River Systems License Manager windlm 1785/tcp Wind River Systems License Manager funk-logger 1786/udp funk-logger funk-logger 1786/tcp funk-logger funk-license 1787/udp funk-license funk-license 1787/tcp funk-license psmond 1788/udp psmond psmond 1788/tcp psmond hello 1789/tcp hello hello 1789/udp hello nmsp 1790/udp Narrative Media Streaming Protocol nmsp 1790/tcp Narrative Media Streaming Protocol ea1 1791/tcp EA1 ea1 1791/udp EA1 ibm-dt-2 1792/udp ibm-dt-2 ibm-dt-2 1792/tcp ibm-dt-2 rsc-robot 1793/udp rsc-robot rsc-robot 1793/tcp rsc-robot cera-bcm 1794/udp cera-bcm cera-bcm 1794/tcp cera-bcm dpi-proxy 1795/udp dpi-proxy dpi-proxy 1795/tcp dpi-proxy vocaltec-admin 1796/tcp Vocaltec Server Administration vocaltec-admin 1796/udp Vocaltec Server Administration uma 1797/tcp UMA uma 1797/udp UMA etp 1798/tcp Event Transfer Protocol etp 1798/udp Event Transfer Protocol netrisk 1799/tcp NETRISK netrisk 1799/udp NETRISK ansys-lm 1800/udp ANSYS-License manager ansys-lm 1800/tcp ANSYS-License manager msmq 1801/udp Microsoft Message Que msmq 1801/tcp Microsoft Message Que concomp1 1802/udp ConComp1 concomp1 1802/tcp ConComp1 hp-hcip-gwy 1803/tcp HP-HCIP-GWY hp-hcip-gwy 1803/udp HP-HCIP-GWY enl 1804/udp ENL enl 1804/tcp ENL enl-name 1805/tcp ENL-Name enl-name 1805/udp ENL-Name musiconline 1806/tcp Musiconline musiconline 1806/udp Musiconline fhsp 1807/udp Fujitsu Hot Standby Protocol fhsp 1807/tcp Fujitsu Hot Standby Protocol # Scott A. McIntyre spy-sender 1807/udp # Scott A. McIntyre spysender 1807/tcp oracle-vp2 1808/tcp Oracle-VP2 oracle-vp2 1808/udp Oracle-VP2 oracle-vp1 1809/tcp Oracle-VP1 oracle-vp1 1809/udp Oracle-VP1 jerand-lm 1810/udp Jerand License Manager jerand-lm 1810/tcp Jerand License Manager scientia-sdb 1811/udp Scientia-SDB scientia-sdb 1811/tcp Scientia-SDB radius 1812/udp RADIUS radius 1812/tcp RADIUS radius-acct 1813/udp RADIUS Accounting radius-acct 1813/tcp RADIUS Accounting tdp-suite 1814/tcp TDP Suite tdp-suite 1814/udp TDP Suite mmpft 1815/tcp MMPFT mmpft 1815/udp MMPFT harp 1816/udp HARP harp 1816/tcp HARP rkb-oscs 1817/udp RKB-OSCS rkb-oscs 1817/tcp RKB-OSCS etftp 1818/tcp Enhanced Trivial File Transfer Protocol etftp 1818/udp Enhanced Trivial File Transfer Protocol plato-lm 1819/tcp Plato License Manager plato-lm 1819/udp Plato License Manager mcagent 1820/udp mcagent mcagent 1820/tcp mcagent donnyworld 1821/udp donnyworld donnyworld 1821/tcp donnyworld es-elmd 1822/udp es-elmd es-elmd 1822/tcp es-elmd unisys-lm 1823/udp Unisys Natural Language License Manager unisys-lm 1823/tcp Unisys Natural Language License Manager metrics-pas 1824/tcp metrics-pas metrics-pas 1824/udp metrics-pas direcpc-video 1825/tcp DirecPC Video direcpc-video 1825/udp DirecPC Video ardt 1826/udp ARDT ardt 1826/tcp ARDT asi 1827/tcp ASI asi 1827/udp ASI itm-mcell-u 1828/udp itm-mcell-u itm-mcell-u 1828/tcp itm-mcell-u optika-emedia 1829/udp Optika eMedia optika-emedia 1829/tcp Optika eMedia net8-cman 1830/udp Oracle Net8 CMan Admin net8-cman 1830/tcp Oracle Net8 CMan Admin myrtle 1831/tcp Myrtle myrtle 1831/udp Myrtle tht-treasure 1832/tcp ThoughtTreasure tht-treasure 1832/udp ThoughtTreasure udpradio 1833/udp udpradio udpradio 1833/tcp udpradio ardusuni 1834/udp ARDUS Unicast ardusuni 1834/tcp ARDUS Unicast ardusmul 1835/udp ARDUS Multicast ardusmul 1835/tcp ARDUS Multicast ste-smsc 1836/udp ste-smsc ste-smsc 1836/tcp ste-smsc csoft1 1837/udp csoft1 csoft1 1837/tcp csoft1 talnet 1838/udp TALNET talnet 1838/tcp TALNET netopia-vo1 1839/udp netopia-vo1 netopia-vo1 1839/tcp netopia-vo1 netopia-vo2 1840/udp netopia-vo2 netopia-vo2 1840/tcp netopia-vo2 netopia-vo3 1841/tcp netopia-vo3 netopia-vo3 1841/udp netopia-vo3 netopia-vo4 1842/udp netopia-vo4 netopia-vo4 1842/tcp netopia-vo4 netopia-vo5 1843/udp netopia-vo5 netopia-vo5 1843/tcp netopia-vo5 direcpc-dll 1844/udp DirecPC-DLL direcpc-dll 1844/tcp DirecPC-DLL altalink 1845/tcp altalink altalink 1845/udp altalink tunstall-pnc 1846/tcp Tunstall PNC tunstall-pnc 1846/udp Tunstall PNC slp-notify 1847/udp SLP Notification slp-notify 1847/tcp SLP Notification fjdocdist 1848/tcp fjdocdist fjdocdist 1848/udp fjdocdist alpha-sms 1849/tcp ALPHA-SMS alpha-sms 1849/udp ALPHA-SMS gsi 1850/tcp GSI gsi 1850/udp GSI ctcd 1851/udp ctcd ctcd 1851/tcp ctcd virtual-time 1852/tcp Virtual Time virtual-time 1852/udp Virtual Time vids-avtp 1853/tcp VIDS-AVTP vids-avtp 1853/udp VIDS-AVTP buddy-draw 1854/tcp Buddy Draw buddy-draw 1854/udp Buddy Draw fiorano-rtrsvc 1855/udp Fiorano RtrSvc fiorano-rtrsvc 1855/tcp Fiorano RtrSvc fiorano-msgsvc 1856/udp Fiorano MsgSvc fiorano-msgsvc 1856/tcp Fiorano MsgSvc datacaptor 1857/tcp DataCaptor datacaptor 1857/udp DataCaptor privateark 1858/tcp PrivateArk privateark 1858/udp PrivateArk gammafetchsvr 1859/tcp Gamma Fetcher Server gammafetchsvr 1859/udp Gamma Fetcher Server sunscalar-svc 1860/tcp SunSCALAR Services sunscalar-svc 1860/udp SunSCALAR Services lecroy-vicp 1861/tcp LeCroy VICP lecroy-vicp 1861/udp LeCroy VICP techra-server 1862/tcp techra-server techra-server 1862/udp techra-server msnp 1863/tcp MSNP msnp 1863/udp MSNP paradym-31port 1864/udp Paradym 31 Port paradym-31port 1864/tcp Paradym 31 Port entp 1865/tcp ENTP entp 1865/udp ENTP swrmi 1866/tcp swrmi swrmi 1866/udp swrmi udrive 1867/tcp UDRIVE udrive 1867/udp UDRIVE viziblebrowser 1868/udp VizibleBrowser viziblebrowser 1868/tcp VizibleBrowser yestrader 1869/tcp YesTrader yestrader 1869/udp YesTrader sunscalar-dns 1870/tcp SunSCALAR DNS Service sunscalar-dns 1870/udp SunSCALAR DNS Service canocentral0 1871/udp Cano Central 0 canocentral0 1871/tcp Cano Central 0 canocentral1 1872/tcp Cano Central 1 canocentral1 1872/udp Cano Central 1 fjmpjps 1873/tcp Fjmpjps fjmpjps 1873/udp Fjmpjps fjswapsnp 1874/udp Fjswapsnp fjswapsnp 1874/tcp Fjswapsnp westell-stats 1875/udp westell stats westell-stats 1875/tcp westell stats ewcappsrv 1876/udp ewcappsrv ewcappsrv 1876/tcp ewcappsrv hp-webqosdb 1877/tcp hp-webqosdb hp-webqosdb 1877/udp hp-webqosdb drmsmc 1878/tcp drmsmc drmsmc 1878/udp drmsmc nettgain-nms 1879/tcp NettGain NMS nettgain-nms 1879/udp NettGain NMS vsat-control 1880/udp Gilat VSAT Control vsat-control 1880/tcp Gilat VSAT Control ibm-mqseries2 1881/udp IBM MQSeries ibm-mqseries2 1881/tcp IBM MQSeries ecsqdmn 1882/tcp ecsqdmn ecsqdmn 1882/udp ecsqdmn ibm-mqisdp 1883/udp IBM MQSeries SCADA ibm-mqisdp 1883/tcp IBM MQSeries SCADA idmaps 1884/udp Internet Distance Map Svc idmaps 1884/tcp Internet Distance Map Svc vrtstrapserver 1885/udp Veritas Trap Server vrtstrapserver 1885/tcp Veritas Trap Server leoip 1886/udp Leonardo over IP leoip 1886/tcp Leonardo over IP filex-lport 1887/udp FileX Listening Port filex-lport 1887/tcp FileX Listening Port ncconfig 1888/tcp NC Config Port ncconfig 1888/udp NC Config Port unify-adapter 1889/udp Unify Web Adapter Service unify-adapter 1889/tcp Unify Web Adapter Service wilkenlistener 1890/udp wilkenListener wilkenlistener 1890/tcp wilkenListener childkey-notif 1891/tcp ChildKey Notification childkey-notif 1891/udp ChildKey Notification childkey-ctrl 1892/udp ChildKey Control childkey-ctrl 1892/tcp ChildKey Control elad 1893/udp ELAD Protocol elad 1893/tcp ELAD Protocol o2server-port 1894/udp O2Server Port o2server-port 1894/tcp O2Server Port b-novative-ls 1896/tcp b-novative license server b-novative-ls 1896/udp b-novative license server metaagent 1897/udp MetaAgent metaagent 1897/tcp MetaAgent cymtec-port 1898/tcp Cymtec secure management cymtec-port 1898/udp Cymtec secure management mc2studios 1899/udp MC2Studios mc2studios 1899/tcp MC2Studios ssdp 1900/tcp SSDP ssdp 1900/udp SSDP fjicl-tep-a 1901/udp Fujitsu ICL Terminal Emulator Program A fjicl-tep-a 1901/tcp Fujitsu ICL Terminal Emulator Program A fjicl-tep-b 1902/tcp Fujitsu ICL Terminal Emulator Program B fjicl-tep-b 1902/udp Fujitsu ICL Terminal Emulator Program B linkname 1903/udp Local Link Name Resolution linkname 1903/tcp Local Link Name Resolution fjicl-tep-c 1904/tcp Fujitsu ICL Terminal Emulator Program C fjicl-tep-c 1904/udp Fujitsu ICL Terminal Emulator Program C sugp 1905/udp Secure UP.Link Gateway Protocol sugp 1905/tcp Secure UP.Link Gateway Protocol tpmd 1906/tcp TPortMapperReq tpmd 1906/udp TPortMapperReq intrastar 1907/tcp IntraSTAR intrastar 1907/udp IntraSTAR dawn 1908/udp Dawn dawn 1908/tcp Dawn global-wlink 1909/tcp Global World Link global-wlink 1909/udp Global World Link ultrabac 1910/udp ultrabac ultrabac 1910/tcp ultrabac mtp 1911/udp Starlight Networks Multimedia Transport Protocol mtp 1911/tcp Starlight Networks Multimedia Transport Protocol rhp-iibp 1912/udp rhp-iibp rhp-iibp 1912/tcp rhp-iibp armadp 1913/udp armadp armadp 1913/tcp armadp elm-momentum 1914/tcp Elm-Momentum elm-momentum 1914/udp Elm-Momentum facelink 1915/tcp FACELINK facelink 1915/udp FACELINK persona 1916/tcp Persoft Persona persona 1916/udp Persoft Persona noagent 1917/udp nOAgent noagent 1917/tcp nOAgent can-nds 1918/udp Candle Directory Service - NDS can-nds 1918/tcp Candle Directory Service - NDS can-dch 1919/udp Candle Directory Service - DCH can-dch 1919/tcp Candle Directory Service - DCH can-ferret 1920/udp Candle Directory Service - FERRET can-ferret 1920/tcp Candle Directory Service - FERRET noadmin 1921/tcp NoAdmin noadmin 1921/udp NoAdmin tapestry 1922/tcp Tapestry tapestry 1922/udp Tapestry spice 1923/tcp SPICE spice 1923/udp SPICE xiip 1924/tcp XIIP xiip 1924/udp XIIP discovery-port 1925/udp Surrogate Discovery Port discovery-port 1925/tcp Surrogate Discovery Port egs 1926/udp Evolution Game Server egs 1926/tcp Evolution Game Server videte-cipc 1927/udp Videte CIPC Port videte-cipc 1927/tcp Videte CIPC Port emsd-port 1928/udp Expnd Maui Srvr Dscovr emsd-port 1928/tcp Expnd Maui Srvr Dscovr bandwiz-system 1929/udp Bandwiz System - Server bandwiz-system 1929/tcp Bandwiz System - Server driveappserver 1930/udp Drive AppServer driveappserver 1930/tcp Drive AppServer amdsched 1931/udp AMD SCHED amdsched 1931/tcp AMD SCHED ctt-broker 1932/udp CTT Broker ctt-broker 1932/tcp CTT Broker xmapi 1933/tcp IBM LM MT Agent xmapi 1933/udp IBM LM MT Agent xaapi 1934/tcp IBM LM Appl Agent xaapi 1934/udp IBM LM Appl Agent tincan 1935/udp TinCan tincan 1935/tcp TinCan jetcmeserver 1936/udp JetCmeServer Server Port jetcmeserver 1936/tcp JetCmeServer Server Port jwserver 1937/tcp JetVWay Server Port jwserver 1937/udp JetVWay Server Port jwclient 1938/tcp JetVWay Client Port jwclient 1938/udp JetVWay Client Port jvserver 1939/tcp JetVision Server Port jvserver 1939/udp JetVision Server Port jvclient 1940/tcp JetVision Client Port jvclient 1940/udp JetVision Client Port dic-aida 1941/udp DIC-Aida dic-aida 1941/tcp DIC-Aida res 1942/udp Real Enterprise Service res 1942/tcp Real Enterprise Service beeyond-media 1943/tcp Beeyond Media beeyond-media 1943/udp Beeyond Media close-combat 1944/tcp close-combat close-combat 1944/udp close-combat dialogic-elmd 1945/udp dialogic-elmd dialogic-elmd 1945/tcp dialogic-elmd tekpls 1946/udp tekpls tekpls 1946/tcp tekpls hlserver 1947/udp hlserver hlserver 1947/tcp hlserver eye2eye 1948/udp eye2eye eye2eye 1948/tcp eye2eye ismaeasdaqlive 1949/udp ISMA Easdaq Live ismaeasdaqlive 1949/tcp ISMA Easdaq Live ismaeasdaqtest 1950/udp ISMA Easdaq Test ismaeasdaqtest 1950/tcp ISMA Easdaq Test bcs-lmserver 1951/udp bcs-lmserver bcs-lmserver 1951/tcp bcs-lmserver mpnjsc 1952/udp mpnjsc mpnjsc 1952/tcp mpnjsc rapidbase 1953/tcp Rapid Base rapidbase 1953/udp Rapid Base abr-basic 1954/tcp ABR-Basic Data abr-basic 1954/udp ABR-Basic Data abr-secure 1955/tcp ABR-Secure Data abr-secure 1955/udp ABR-Secure Data vrtl-vmf-ds 1956/udp Vertel VMF DS vrtl-vmf-ds 1956/tcp Vertel VMF DS unix-status 1957/tcp unix-status unix-status 1957/udp unix-status dxadmind 1958/udp CA Administration Daemon dxadmind 1958/tcp CA Administration Daemon simp-all 1959/udp SIMP Channel simp-all 1959/tcp SIMP Channel nasmanager 1960/udp Merit DAC NASmanager nasmanager 1960/tcp Merit DAC NASmanager bts-appserver 1961/tcp BTS APPSERVER bts-appserver 1961/udp BTS APPSERVER biap-mp 1962/udp BIAP-MP biap-mp 1962/tcp BIAP-MP webmachine 1963/udp WebMachine webmachine 1963/tcp WebMachine solid-e-engine 1964/tcp SOLID E ENGINE solid-e-engine 1964/udp SOLID E ENGINE tivoli-npm 1965/udp Tivoli NPM tivoli-npm 1965/tcp Tivoli NPM slush 1966/udp Slush slush 1966/tcp Slush sns-quote 1967/tcp SNS Quote sns-quote 1967/udp SNS Quote lipsinc 1968/tcp LIPSinc lipsinc 1968/udp LIPSinc lipsinc1 1969/tcp LIPSinc 1 lipsinc1 1969/udp LIPSinc 1 netop-rc 1970/udp NetOp Remote Control netop-rc 1970/tcp NetOp Remote Control netop-school 1971/tcp NetOp School netop-school 1971/udp NetOp School intersys-cache 1972/tcp Cache intersys-cache 1972/udp Cache dlsrap 1973/tcp Data Link Switching Remote Access Protocol dlsrap 1973/udp Data Link Switching Remote Access Protocol drp 1974/udp DRP drp 1974/tcp DRP tcoflashagent 1975/udp TCO Flash Agent tcoflashagent 1975/tcp TCO Flash Agent tcoregagent 1976/udp TCO Reg Agent tcoregagent 1976/tcp TCO Reg Agent tcoaddressbook 1977/udp TCO Address Book tcoaddressbook 1977/tcp TCO Address Book unisql 1978/udp UniSQL unisql 1978/tcp UniSQL unisql-java 1979/udp UniSQL Java unisql-java 1979/tcp UniSQL Java pearldoc-xact 1980/tcp PearlDoc XACT pearldoc-xact 1980/udp PearlDoc XACT p2pq 1981/udp p2pQ p2pq 1981/tcp p2pQ # Scott A. McIntyre shockrave 1981/tcp estamp 1982/udp Evidentiary Timestamp estamp 1982/tcp Evidentiary Timestamp lhtp 1983/udp Loophole Test Protocol lhtp 1983/tcp Loophole Test Protocol bb 1984/udp BB bb 1984/tcp BB hsrp 1985/tcp Hot Standby Router Protocol hsrp 1985/udp Hot Standby Router Protocol licensedaemon 1986/tcp cisco license management licensedaemon 1986/udp cisco license management tr-rsrb-p1 1987/tcp cisco RSRB Priority 1 port tr-rsrb-p1 1987/udp cisco RSRB Priority 1 port tr-rsrb-p2 1988/udp cisco RSRB Priority 2 port tr-rsrb-p2 1988/tcp cisco RSRB Priority 2 port tr-rsrb-p3 1989/udp cisco RSRB Priority 3 port mshnet 1989/udp MHSnet system mshnet 1989/tcp MHSnet system tr-rsrb-p3 1989/tcp cisco RSRB Priority 3 port stun-p1 1990/tcp cisco STUN Priority 1 port stun-p1 1990/udp cisco STUN Priority 1 port stun-p2 1991/udp cisco STUN Priority 2 port stun-p2 1991/tcp cisco STUN Priority 2 port stun-p3 1992/tcp cisco STUN Priority 3 port ipsendmsg 1992/udp IPsendmsg ipsendmsg 1992/tcp IPsendmsg stun-p3 1992/udp cisco STUN Priority 3 port snmp-tcp-port 1993/udp cisco SNMP TCP port snmp-tcp-port 1993/tcp cisco SNMP TCP port stun-port 1994/tcp cisco serial tunnel port stun-port 1994/udp cisco serial tunnel port perf-port 1995/tcp cisco perf port perf-port 1995/udp cisco perf port tr-rsrb-port 1996/udp cisco Remote SRB port tr-rsrb-port 1996/tcp cisco Remote SRB port gdp-port 1997/udp cisco Gateway Discovery Protocol gdp-port 1997/tcp cisco Gateway Discovery Protocol x25-svc-port 1998/tcp cisco X.25 service (XOT) x25-svc-port 1998/udp cisco X.25 service (XOT) tcp-id-port 1999/tcp cisco identification port tcp-id-port 1999/udp cisco identification port # Scott A. McIntyre transcout 1999/tcp callbook 2000/udp callbook 2000/tcp # Gary Gaskell interceptorfirewalladmin 2000/tcp # Dave Moss uoam 2000/tcp wizard 2001/udp curry dc 2001/tcp # Scott A. McIntyre trojan-cow 2001/tcp globe 2002/tcp globe 2002/udp emce 2004/udp CCWS mm conf mailbox 2004/tcp oracle 2005/udp berknet 2005/tcp # Gary Gaskell datastream 2005/tcp invokator 2006/tcp raid-cc 2006/udp raid raid-am 2007/udp dectalk 2007/tcp conf 2008/tcp terminaldb 2008/udp whosockami 2009/udp news 2009/tcp pipe_server 2010/udp search 2010/tcp raid-cc 2011/tcp raid servserv 2011/udp ttyinfo 2012/tcp raid-ac 2012/udp raid-am 2013/tcp raid-cd 2013/udp raid-sf 2014/udp troff 2014/tcp raid-cs 2015/udp cypress 2015/tcp bootserver 2016/tcp bootserver 2016/udp bootclient 2017/udp cypress-stat 2017/tcp terminaldb 2018/tcp rellpack 2018/udp about 2019/udp whosockami 2019/tcp xinupageserver 2020/tcp xinupageserver 2020/udp servexec 2021/tcp xinuexpansion1 2021/udp xinuexpansion2 2022/udp down 2022/tcp xinuexpansion3 2023/tcp xinuexpansion3 2023/udp # Scott A. McIntyre ripper-pro 2023/tcp xinuexpansion4 2024/udp xinuexpansion4 2024/tcp xribs 2025/udp ellpack 2025/tcp scrabble 2026/tcp scrabble 2026/udp shadowserver 2027/tcp shadowserver 2027/udp submitserver 2028/udp submitserver 2028/tcp device2 2030/udp device2 2030/tcp blackboard 2032/tcp blackboard 2032/udp glogger 2033/udp glogger 2033/tcp scoremgr 2034/udp scoremgr 2034/tcp imsldoc 2035/udp imsldoc 2035/tcp p2plus 2037/udp P2plus Application Server p2plus 2037/tcp P2plus Application Server objectmanager 2038/tcp objectmanager 2038/udp lam 2040/udp lam 2040/tcp interbase 2041/udp interbase 2041/tcp isis 2042/udp isis isis 2042/tcp isis isis-bcast 2043/udp isis-bcast isis-bcast 2043/tcp isis-bcast rimsl 2044/tcp rimsl 2044/udp cdfunc 2045/udp cdfunc 2045/tcp sdfunc 2046/udp sdfunc 2046/tcp dls 2047/udp dls 2047/tcp dls-monitor 2048/udp dls-monitor 2048/tcp shilp 2049/udp nfs 2049/udp Network File System - Sun Microsystems nfs 2049/tcp Network File System - Sun Microsystems shilp 2049/tcp av-emb-config 2050/tcp Avaya EMB Config Port av-emb-config 2050/udp Avaya EMB Config Port epnsdp 2051/udp EPNSDP epnsdp 2051/tcp EPNSDP clearvisn 2052/tcp clearVisn Services Port clearvisn 2052/udp clearVisn Services Port lot105-ds-upd 2053/tcp Lot105 DSuper Updates lot105-ds-upd 2053/udp Lot105 DSuper Updates weblogin 2054/udp Weblogin Port weblogin 2054/tcp Weblogin Port iop 2055/tcp Iliad-Odyssey Protocol iop 2055/udp Iliad-Odyssey Protocol omnisky 2056/tcp OmniSky Port omnisky 2056/udp OmniSky Port rich-cp 2057/tcp Rich Content Protocol rich-cp 2057/udp Rich Content Protocol newwavesearch 2058/udp NewWaveSearchables RMI newwavesearch 2058/tcp NewWaveSearchables RMI bmc-messaging 2059/tcp BMC Messaging Service bmc-messaging 2059/udp BMC Messaging Service teleniumdaemon 2060/tcp Telenium Daemon IF teleniumdaemon 2060/udp Telenium Daemon IF netmount 2061/tcp NetMount netmount 2061/udp NetMount icg-swp 2062/udp ICG SWP Port icg-swp 2062/tcp ICG SWP Port icg-bridge 2063/udp ICG Bridge Port icg-bridge 2063/tcp ICG Bridge Port icg-iprelay 2064/udp ICG IP Relay Port icg-iprelay 2064/tcp ICG IP Relay Port # James R Grinter dnetc 2064/tcp http://www.distributed.net/docs/tutor_netopt.html dlsrpn 2065/tcp Data Link Switch Read Port Number dlsrpn 2065/udp Data Link Switch Read Port Number dlswpn 2067/tcp Data Link Switch Write Port Number dlswpn 2067/udp Data Link Switch Write Port Number avauthsrvprtcl 2068/tcp Avocent AuthSrv Protocol avauthsrvprtcl 2068/udp Avocent AuthSrv Protocol event-port 2069/udp HTTP Event Port event-port 2069/tcp HTTP Event Port ah-esp-encap 2070/udp AH and ESP Encapsulated in UDP packet ah-esp-encap 2070/tcp AH and ESP Encapsulated in UDP packet acp-port 2071/tcp Axon Control Protocol acp-port 2071/udp Axon Control Protocol msync 2072/tcp GlobeCast mSync msync 2072/udp GlobeCast mSync gxs-data-port 2073/udp DataReel Database Socket gxs-data-port 2073/tcp DataReel Database Socket vrtl-vmf-sa 2074/tcp Vertel VMF SA vrtl-vmf-sa 2074/udp Vertel VMF SA newlixengine 2075/udp Newlix ServerWare Engine newlixengine 2075/tcp Newlix ServerWare Engine newlixconfig 2076/tcp Newlix JSPConfig newlixconfig 2076/udp Newlix JSPConfig trellisagt 2077/udp TrelliSoft Agent trellisagt 2077/tcp TrelliSoft Agent trellissvr 2078/tcp TrelliSoft Server trellissvr 2078/udp TrelliSoft Server idware-router 2079/udp IDWARE Router Port idware-router 2079/tcp IDWARE Router Port autodesk-nlm 2080/udp Autodesk NLM (FLEXlm) autodesk-nlm 2080/tcp Autodesk NLM (FLEXlm) kme-trap-port 2081/udp KME PRINTER TRAP PORT kme-trap-port 2081/tcp KME PRINTER TRAP PORT infowave 2082/tcp Infowave Mobility Server infowave 2082/udp Infowave Mobiltiy Server eli 2087/tcp ELI - Event Logging Integration eli 2087/udp ELI - Event Logging Integration sep 2089/udp Security Encapsulation Protocol - SEP sep 2089/tcp Security Encapsulation Protocol - SEP lrp 2090/udp Load Report Protocol lrp 2090/tcp Load Report Protocol prp 2091/tcp PRP prp 2091/udp PRP descent3 2092/udp Descent 3 descent3 2092/tcp Descent 3 nbx-cc 2093/udp NBX CC nbx-cc 2093/tcp NBX CC nbx-au 2094/udp NBX AU nbx-au 2094/tcp NBX AU nbx-ser 2095/udp NBX SER nbx-ser 2095/tcp NBX SER nbx-dir 2096/udp NBX DIR nbx-dir 2096/tcp NBX DIR jetformpreview 2097/tcp Jet Form Preview jetformpreview 2097/udp Jet Form Preview dialog-port 2098/tcp Dialog Port dialog-port 2098/udp Dialog Port h2250-annex-g 2099/udp H.225.0 Annex G h2250-annex-g 2099/tcp H.225.0 Annex G # Scott Craig lvlnk 2099/tcp http://www.opentext.com/livelink/details/index.htm # Scott Craig lvlnk 2099/tcp http://www.opentext.com/livelink/details/index.htm amiganetfs 2100/udp amiganetfs amiganetfs 2100/tcp amiganetfs rtcm-sc104 2101/udp rtcm-sc104 rtcm-sc104 2101/tcp rtcm-sc104 zephyr-srv 2102/udp Zephyr server zephyr-srv 2102/tcp Zephyr server zephyr-clt 2103/udp Zephyr serv-hm connection zephyr-clt 2103/tcp Zephyr serv-hm connection zephyr-hm 2104/udp Zephyr hostmanager zephyr-hm 2104/tcp Zephyr hostmanager minipay 2105/tcp MiniPay minipay 2105/udp MiniPay mzap 2106/udp MZAP mzap 2106/tcp MZAP bintec-admin 2107/udp BinTec Admin bintec-admin 2107/tcp BinTec Admin comcam 2108/tcp Comcam comcam 2108/udp Comcam ergolight 2109/udp Ergolight ergolight 2109/tcp Ergolight umsp 2110/udp UMSP umsp 2110/tcp UMSP dsatp 2111/tcp DSATP dsatp 2111/udp DSATP idonix-metanet 2112/udp Idonix MetaNet idonix-metanet 2112/tcp Idonix MetaNet hsl-storm 2113/tcp HSL StoRM hsl-storm 2113/udp HSL StoRM newheights 2114/udp NEWHEIGHTS newheights 2114/tcp NEWHEIGHTS kdm 2115/tcp Key Distribution Manager kdm 2115/udp Key Distribution Manager # Scott A. McIntyre bugs 2115/udp ccowcmr 2116/udp CCOWCMR ccowcmr 2116/tcp CCOWCMR mentaclient 2117/tcp MENTACLIENT mentaclient 2117/udp MENTACLIENT mentaserver 2118/udp MENTASERVER mentaserver 2118/tcp MENTASERVER gsigatekeeper 2119/tcp GSIGATEKEEPER gsigatekeeper 2119/udp GSIGATEKEEPER qencp 2120/tcp Quick Eagle Networks CP qencp 2120/udp Quick Eagle Networks CP scientia-ssdb 2121/udp SCIENTIA-SSDB scientia-ssdb 2121/tcp SCIENTIA-SSDB caupc-remote 2122/tcp CauPC Remote Control caupc-remote 2122/udp CauPC Remote Control gtp-control 2123/tcp GTP-Control Plane (3GPP) gtp-control 2123/udp GTP-Control Plane (3GPP) elatelink 2124/tcp ELATELINK elatelink 2124/udp ELATELINK lockstep 2125/tcp LOCKSTEP lockstep 2125/udp LOCKSTEP pktcable-cops 2126/tcp PktCable-COPS pktcable-cops 2126/udp PktCable-COPS index-pc-wb 2127/tcp INDEX-PC-WB index-pc-wb 2127/udp INDEX-PC-WB net-steward 2128/udp Net Steward Control net-steward 2128/tcp Net Steward Control cs-live 2129/tcp cs-live.com cs-live 2129/udp cs-live.com swc-xds 2130/tcp SWC-XDS swc-xds 2130/udp SWC-XDS avantageb2b 2131/tcp Avantageb2b avantageb2b 2131/udp Avantageb2b avail-epmap 2132/tcp AVAIL-EPMAP avail-epmap 2132/udp AVAIL-EPMAP zymed-zpp 2133/udp ZYMED-ZPP zymed-zpp 2133/tcp ZYMED-ZPP avenue 2134/tcp AVENUE avenue 2134/udp AVENUE gris 2135/udp Grid Resource Information Server gris 2135/tcp Grid Resource Information Server appworxsrv 2136/tcp APPWORXSRV appworxsrv 2136/udp APPWORXSRV connect 2137/tcp CONNECT connect 2137/udp CONNECT unbind-cluster 2138/tcp UNBIND-CLUSTER unbind-cluster 2138/udp UNBIND-CLUSTER ias-auth 2139/udp IAS-AUTH ias-auth 2139/tcp IAS-AUTH ias-reg 2140/udp IAS-REG ias-reg 2140/tcp IAS-REG # Scott A. McIntyre invasor 2140/tcp ias-admind 2141/udp IAS-ADMIND ias-admind 2141/tcp IAS-ADMIND tdm-over-ip 2142/udp TDM-OVER-IP tdm-over-ip 2142/tcp TDM-OVER-IP lv-jc 2143/udp Live Vault Job Control lv-jc 2143/tcp Live Vault Job Control lv-ffx 2144/udp Live Vault Fast Object Transfer lv-ffx 2144/tcp Live Vault Fast Object Transfer lv-pici 2145/udp Live Vault Remote Diagnostic Console Support lv-pici 2145/tcp Live Vault Remote Diagnostic Console Support lv-not 2146/udp Live Vault Admin Event Notification lv-not 2146/tcp Live Vault Admin Event Notification lv-auth 2147/tcp Live Vault Authentication lv-auth 2147/udp Live Vault Authentication veritas-ucl 2148/udp VERITAS UNIVERSAL COMMUNICATION LAYER veritas-ucl 2148/tcp VERITAS UNIVERSAL COMMUNICATION LAYER acptsys 2149/udp ACPTSYS acptsys 2149/tcp ACPTSYS dynamic3d 2150/udp DYNAMIC3D dynamic3d 2150/tcp DYNAMIC3D docent 2151/udp DOCENT docent 2151/tcp DOCENT gtp-user 2152/tcp GTP-User Plane (3GPP) gtp-user 2152/udp GTP-User Plane (3GPP) gdbremote 2159/tcp GDB Remote Debug Port gdbremote 2159/udp GDB Remote Debug Port apc-cms 2160/udp APC Central Mgmt Server apc-cms 2160/tcp APC Central Mgmt Server apc-agent 2161/udp APC Agent apc-agent 2161/tcp APC Agent navisphere 2162/udp Navisphere navisphere 2162/tcp Navisphere navisphere-sec 2163/udp Navisphere Secure navisphere-sec 2163/tcp Navisphere Secure ddns-v3 2164/udp Dynamic DNS Version 3 ddns-v3 2164/tcp Dynamic DNS Version 3 x-bone-api 2165/udp X-Bone API x-bone-api 2165/tcp X-Bone API iwserver 2166/udp iwserver iwserver 2166/tcp iwserver raw-serial 2167/udp Raw Async Serial Link raw-serial 2167/tcp Raw Async Serial Link mc-gt-srv 2180/udp Millicent Vendor Gateway Server mc-gt-srv 2180/tcp Millicent Vendor Gateway Server eforward 2181/tcp eforward eforward 2181/udp eforward ici 2200/tcp ICI ici 2200/udp ICI ats 2201/tcp Advanced Training System Program ats 2201/udp Advanced Training System Program imtc-map 2202/udp Int. Multimedia Teleconferencing Cosortium imtc-map 2202/tcp Int. Multimedia Teleconferencing Cosortium kali 2213/tcp Kali kali 2213/udp Kali netiq 2220/udp NetIQ End2End netiq 2220/tcp NetIQ End2End rockwell-csp1 2221/tcp Rockwell CSP1 rockwell-csp1 2221/udp Rockwell CSP1 rockwell-csp2 2222/udp Rockwell CSP2 rockwell-csp2 2222/tcp Rockwell CSP2 rockwell-csp3 2223/tcp Rockwell CSP3 rockwell-csp3 2223/udp Rockwell CSP3 ivs-video 2232/tcp IVS Video default ivs-video 2232/udp IVS Video default infocrypt 2233/udp INFOCRYPT infocrypt 2233/tcp INFOCRYPT # Richard Neale intel_vpn_gateway_management 2233/udp directplay 2234/udp DirectPlay directplay 2234/tcp DirectPlay sercomm-wlink 2235/tcp Sercomm-WLink sercomm-wlink 2235/udp Sercomm-WLink nani 2236/tcp Nani nani 2236/udp Nani optech-port1-lm 2237/udp Optech Port1 License Manager optech-port1-lm 2237/tcp Optech Port1 License Manager aviva-sna 2238/udp AVIVA SNA SERVER aviva-sna 2238/tcp AVIVA SNA SERVER imagequery 2239/udp Image Query imagequery 2239/tcp Image Query recipe 2240/tcp RECIPe recipe 2240/udp RECIPe ivsd 2241/udp IVS Daemon ivsd 2241/tcp IVS Daemon foliocorp 2242/udp Folio Remote Server foliocorp 2242/tcp Folio Remote Server magicom 2243/tcp Magicom Protocol magicom 2243/udp Magicom Protocol nmsserver 2244/udp NMS Server nmsserver 2244/tcp NMS Server hao 2245/tcp HaO hao 2245/udp HaO pc-mta-addrmap 2246/tcp PacketCable MTA Addr Map pc-mta-addrmap 2246/udp PacketCable MTA Addr Map ums 2248/udp User Management Service ums 2248/tcp User Management Service rfmp 2249/tcp RISO File Manager Protocol rfmp 2249/udp RISO File Manager Protocol remote-collab 2250/tcp remote-collab remote-collab 2250/udp remote-collab dif-port 2251/udp Distributed Framework Port dif-port 2251/tcp Distributed Framework Port njenet-ssl 2252/tcp NJENET using SSL njenet-ssl 2252/udp NJENET using SSL dtv-chan-req 2253/udp DTV Channel Request dtv-chan-req 2253/tcp DTV Channel Request seispoc 2254/tcp Seismic P.O.C. Port seispoc 2254/udp Seismic P.O.C. Port vrtp 2255/tcp VRTP - ViRtue Transfer Protocol vrtp 2255/udp VRTP - ViRtue Transfer Protocol apc-pbeconsole 2260/udp APC Console Comm Port apc-pbeconsole 2260/tcp APC Console Comm Port xmquery 2279/udp xmquery xmquery 2279/tcp xmquery lnvpoller 2280/tcp LNVPOLLER lnvpoller 2280/udp LNVPOLLER lnvconsole 2281/tcp LNVCONSOLE lnvconsole 2281/udp LNVCONSOLE lnvalarm 2282/udp LNVALARM lnvalarm 2282/tcp LNVALARM lnvstatus 2283/tcp LNVSTATUS lnvstatus 2283/udp LNVSTATUS # Scott A. McIntyre hvlrat5 2283/tcp lnvmaps 2284/udp LNVMAPS lnvmaps 2284/tcp LNVMAPS lnvmailmon 2285/tcp LNVMAILMON lnvmailmon 2285/udp LNVMAILMON nas-metering 2286/udp NAS-Metering nas-metering 2286/tcp NAS-Metering dna 2287/udp DNA dna 2287/tcp DNA netml 2288/udp NETML netml 2288/tcp NETML konshus-lm 2294/udp Konshus License Manager (FLEX) konshus-lm 2294/tcp Konshus License Manager (FLEX) advant-lm 2295/udp Advant License Manager advant-lm 2295/tcp Advant License Manager theta-lm 2296/udp Theta License Manager (Rainbow) theta-lm 2296/tcp Theta License Manager (Rainbow) d2k-datamover1 2297/tcp D2K DataMover 1 d2k-datamover1 2297/udp D2K DataMover 1 d2k-datamover2 2298/tcp D2K DataMover 2 d2k-datamover2 2298/udp D2K DataMover 2 pc-telecommute 2299/tcp PC Telecommute pc-telecommute 2299/udp PC Telecommute cvmmon 2300/udp CVMMON cvmmon 2300/tcp CVMMON cpq-wbem 2301/udp Compaq HTTP cpq-wbem 2301/tcp Compaq HTTP binderysupport 2302/udp Bindery Support binderysupport 2302/tcp Bindery Support proxy-gateway 2303/udp Proxy Gateway proxy-gateway 2303/tcp Proxy Gateway attachmate-uts 2304/tcp Attachmate UTS attachmate-uts 2304/udp Attachmate UTS mt-scaleserver 2305/udp MT ScaleServer mt-scaleserver 2305/tcp MT ScaleServer tappi-boxnet 2306/udp TAPPI BoxNet tappi-boxnet 2306/tcp TAPPI BoxNet pehelp 2307/tcp pehelp pehelp 2307/udp pehelp sdhelp 2308/tcp sdhelp sdhelp 2308/udp sdhelp sdserver 2309/udp SD Server sdserver 2309/tcp SD Server sdclient 2310/tcp SD Client sdclient 2310/udp SD Client messageservice 2311/tcp Message Service messageservice 2311/udp Message Service iapp 2313/tcp IAPP (Inter Access Point Protocol) iapp 2313/udp IAPP (Inter Access Point Protocol) cr-websystems 2314/udp CR WebSystems cr-websystems 2314/tcp CR WebSystems precise-sft 2315/tcp Precise Sft. precise-sft 2315/udp Precise Sft. sent-lm 2316/udp SENT License Manager sent-lm 2316/tcp SENT License Manager attachmate-g32 2317/udp Attachmate G32 attachmate-g32 2317/tcp Attachmate G32 cadencecontrol 2318/udp Cadence Control cadencecontrol 2318/tcp Cadence Control infolibria 2319/udp InfoLibria infolibria 2319/tcp InfoLibria siebel-ns 2320/udp Siebel NS siebel-ns 2320/tcp Siebel NS rdlap 2321/tcp RDLAP rdlap 2321/udp RDLAP ofsd 2322/udp ofsd ofsd 2322/tcp ofsd 3d-nfsd 2323/tcp 3d-nfsd 3d-nfsd 2323/udp 3d-nfsd cosmocall 2324/udp Cosmocall cosmocall 2324/tcp Cosmocall designspace-lm 2325/tcp Design Space License Management designspace-lm 2325/udp Design Space License Management idcp 2326/udp IDCP idcp 2326/tcp IDCP xingcsm 2327/udp xingcsm xingcsm 2327/tcp xingcsm netrix-sftm 2328/tcp Netrix SFTM netrix-sftm 2328/udp Netrix SFTM nvd 2329/tcp NVD nvd 2329/udp NVD tscchat 2330/udp TSCCHAT tscchat 2330/tcp TSCCHAT agentview 2331/udp AGENTVIEW agentview 2331/tcp AGENTVIEW rcc-host 2332/udp RCC Host rcc-host 2332/tcp RCC Host snapp 2333/udp SNAPP snapp 2333/tcp SNAPP ace-client 2334/tcp ACE Client Auth ace-client 2334/udp ACE Client Auth ace-proxy 2335/udp ACE Proxy ace-proxy 2335/tcp ACE Proxy appleugcontrol 2336/tcp Apple UG Control appleugcontrol 2336/udp Apple UG Control ideesrv 2337/udp ideesrv ideesrv 2337/tcp ideesrv norton-lambert 2338/tcp Norton Lambert norton-lambert 2338/udp Norton Lambert 3com-webview 2339/udp 3Com WebView 3com-webview 2339/tcp 3Com WebView wrs_registry 2340/tcp WRS Registry wrs_registry 2340/udp WRS Registry xiostatus 2341/udp XIO Status xiostatus 2341/tcp XIO Status manage-exec 2342/udp Seagate Manage Exec manage-exec 2342/tcp Seagate Manage Exec nati-logos 2343/tcp nati logos nati-logos 2343/udp nati logos fcmsys 2344/udp fcmsys fcmsys 2344/tcp fcmsys dbm 2345/tcp dbm dbm 2345/udp dbm redstorm_join 2346/udp Game Connection Port redstorm_join 2346/tcp Game Connection Port redstorm_find 2347/udp Game Announcement and Location redstorm_find 2347/tcp Game Announcement and Location redstorm_info 2348/udp Information to query for game status redstorm_info 2348/tcp Information to query for game status redstorm_diag 2349/tcp Diagnostics Port redstorm_diag 2349/udp Diagnostics Port psbserver 2350/udp psbserver psbserver 2350/tcp psbserver psrserver 2351/udp psrserver psrserver 2351/tcp psrserver pslserver 2352/tcp pslserver pslserver 2352/udp pslserver pspserver 2353/tcp pspserver pspserver 2353/udp pspserver psprserver 2354/udp psprserver psprserver 2354/tcp psprserver psdbserver 2355/tcp psdbserver psdbserver 2355/udp psdbserver gxtelmd 2356/tcp GXT License Managemant gxtelmd 2356/udp GXT License Managemant unihub-server 2357/tcp UniHub Server unihub-server 2357/udp UniHub Server futrix 2358/udp Futrix futrix 2358/tcp Futrix flukeserver 2359/tcp FlukeServer flukeserver 2359/udp FlukeServer nexstorindltd 2360/tcp NexstorIndLtd nexstorindltd 2360/udp NexstorIndLtd tl1 2361/tcp TL1 tl1 2361/udp TL1 digiman 2362/tcp digiman digiman 2362/udp digiman mediacntrlnfsd 2363/tcp Media Central NFSD mediacntrlnfsd 2363/udp Media Central NFSD oi-2000 2364/tcp OI-2000 oi-2000 2364/udp OI-2000 dbref 2365/tcp dbref dbref 2365/udp dbref qip-login 2366/udp qip-login qip-login 2366/tcp qip-login service-ctrl 2367/udp Service Control service-ctrl 2367/tcp Service Control opentable 2368/tcp OpenTable opentable 2368/udp OpenTable acs2000-dsp 2369/udp ACS2000 DSP acs2000-dsp 2369/tcp ACS2000 DSP l3-hbmon 2370/udp L3-HBMon l3-hbmon 2370/tcp L3-HBMon worldwire 2371/udp Compaq WorldWire Port worldwire 2371/tcp Compaq WorldWire Port compaq-https 2381/udp Compaq HTTPS compaq-https 2381/tcp Compaq HTTPS ms-olap3 2382/tcp Microsoft OLAP ms-olap3 2382/udp Microsoft OLAP ms-olap4 2383/udp Microsoft OLAP ms-olap4 2383/tcp Microsoft OLAP sd-capacity 2384/udp SD-CAPACITY sd-request 2384/tcp SD-REQUEST sd-data 2385/tcp SD-DATA sd-data 2385/udp SD-DATA virtualtape 2386/udp Virtual Tape virtualtape 2386/tcp Virtual Tape vsamredirector 2387/tcp VSAM Redirector vsamredirector 2387/udp VSAM Redirector mynahautostart 2388/udp MYNAH AutoStart mynahautostart 2388/tcp MYNAH AutoStart ovsessionmgr 2389/udp OpenView Session Mgr ovsessionmgr 2389/tcp OpenView Session Mgr rsmtp 2390/tcp RSMTP rsmtp 2390/udp RSMTP 3com-net-mgmt 2391/udp 3COM Net Management 3com-net-mgmt 2391/tcp 3COM Net Management tacticalauth 2392/tcp Tactical Auth tacticalauth 2392/udp Tactical Auth ms-olap1 2393/udp MS OLAP 1 ms-olap1 2393/tcp MS OLAP 1 ms-olap2 2394/udp MS OLAP 2 ms-olap2 2394/tcp MS OLAP 2 lan900_remote 2395/tcp LAN900 Remote lan900_remote 2395/udp LAN900 Remote wusage 2396/udp Wusage wusage 2396/tcp Wusage ncl 2397/udp NCL ncl 2397/tcp NCL orbiter 2398/udp Orbiter orbiter 2398/tcp Orbiter fmpro-fdal 2399/tcp FileMaker, Inc. - Data Access Layer fmpro-fdal 2399/udp FileMaker, Inc. - Data Access Layer opequus-server 2400/udp OpEquus Server opequus-server 2400/tcp OpEquus Server cvspserver 2401/udp cvspserver cvspserver 2401/tcp cvspserver taskmaster2000 2402/udp TaskMaster 2000 Server taskmaster2000 2402/tcp TaskMaster 2000 Server taskmaster2000 2403/udp TaskMaster 2000 Web taskmaster2000 2403/tcp TaskMaster 2000 Web iec870-5-104 2404/udp IEC870-5-104 iec870-5-104 2404/tcp IEC870-5-104 trc-netpoll 2405/tcp TRC Netpoll trc-netpoll 2405/udp TRC Netpoll jediserver 2406/udp JediServer jediserver 2406/tcp JediServer orion 2407/tcp Orion orion 2407/udp Orion optimanet 2408/tcp OptimaNet optimanet 2408/udp OptimaNet sns-protocol 2409/udp SNS Protocol sns-protocol 2409/tcp SNS Protocol vrts-registry 2410/tcp VRTS Registry vrts-registry 2410/udp VRTS Registry netwave-ap-mgmt 2411/tcp Netwave AP Management netwave-ap-mgmt 2411/udp Netwave AP Management cdn 2412/tcp CDN cdn 2412/udp CDN orion-rmi-reg 2413/udp orion-rmi-reg orion-rmi-reg 2413/tcp orion-rmi-reg beeyond 2414/udp Beeyond beeyond 2414/tcp Beeyond comtest 2415/udp COMTEST comtest 2415/tcp COMTEST rmtserver 2416/udp RMT Server rmtserver 2416/tcp RMT Server composit-server 2417/udp Composit Server composit-server 2417/tcp Composit Server cas 2418/udp cas cas 2418/tcp cas attachmate-s2s 2419/udp Attachmate S2S attachmate-s2s 2419/tcp Attachmate S2S dslremote-mgmt 2420/tcp DSL Remote Management dslremote-mgmt 2420/udp DSL Remote Management g-talk 2421/udp G-Talk g-talk 2421/tcp G-Talk crmsbits 2422/tcp CRMSBITS crmsbits 2422/udp CRMSBITS rnrp 2423/udp RNRP rnrp 2423/tcp RNRP kofax-svr 2424/udp KOFAX-SVR kofax-svr 2424/tcp KOFAX-SVR fjitsuappmgr 2425/udp Fujitsu App Manager fjitsuappmgr 2425/tcp Fujitsu App Manager mgcp-gateway 2427/tcp Media Gateway Control Protocol Gateway mgcp-gateway 2427/udp Media Gateway Control Protocol Gateway ott 2428/tcp One Way Trip Time ott 2428/udp One Way Trip Time ft-role 2429/udp FT-ROLE ft-role 2429/tcp FT-ROLE venus 2430/tcp venus venus 2430/udp venus venus-se 2431/udp venus-se venus-se 2431/tcp venus-se codasrv 2432/udp codasrv codasrv 2432/tcp codasrv codasrv-se 2433/udp codasrv-se codasrv-se 2433/tcp codasrv-se pxc-epmap 2434/udp pxc-epmap pxc-epmap 2434/tcp pxc-epmap optilogic 2435/udp OptiLogic optilogic 2435/tcp OptiLogic topx 2436/tcp TOP/X topx 2436/udp TOP/X unicontrol 2437/udp UniControl unicontrol 2437/tcp UniControl msp 2438/udp MSP msp 2438/tcp MSP sybasedbsynch 2439/udp SybaseDBSynch sybasedbsynch 2439/tcp SybaseDBSynch spearway 2440/udp Spearway Lockers spearway 2440/tcp Spearway Lockers pvsw-inet 2441/tcp pvsw-inet pvsw-inet 2441/udp pvsw-inet netangel 2442/tcp Netangel netangel 2442/udp Netangel powerclientcsf 2443/udp PowerClient Central Storage Facility powerclientcsf 2443/tcp PowerClient Central Storage Facility btpp2sectrans 2444/tcp BT PP2 Sectrans btpp2sectrans 2444/udp BT PP2 Sectrans dtn1 2445/tcp DTN1 dtn1 2445/udp DTN1 bues_service 2446/udp bues_service bues_service 2446/tcp bues_service ovwdb 2447/tcp OpenView NNM daemon ovwdb 2447/udp OpenView NNM daemon hpppssvr 2448/tcp hpppsvr hpppssvr 2448/udp hpppsvr ratl 2449/udp RATL ratl 2449/tcp RATL netadmin 2450/udp netadmin netadmin 2450/tcp netadmin netchat 2451/udp netchat netchat 2451/tcp netchat snifferclient 2452/tcp SnifferClient snifferclient 2452/udp SnifferClient madge-om 2453/udp madge-om madge-om 2453/tcp madge-om indx-dds 2454/tcp IndX-DDS indx-dds 2454/udp IndX-DDS wago-io-system 2455/udp WAGO-IO-SYSTEM wago-io-system 2455/tcp WAGO-IO-SYSTEM altav-remmgt 2456/udp altav-remmgt altav-remmgt 2456/tcp altav-remmgt rapido-ip 2457/tcp Rapido_IP rapido-ip 2457/udp Rapido_IP griffin 2458/udp griffin griffin 2458/tcp griffin community 2459/udp Community community 2459/tcp Community ms-theater 2460/udp ms-theater ms-theater 2460/tcp ms-theater qadmifoper 2461/udp qadmifoper qadmifoper 2461/tcp qadmifoper qadmifevent 2462/tcp qadmifevent qadmifevent 2462/udp qadmifevent symbios-raid 2463/udp Symbios Raid symbios-raid 2463/tcp Symbios Raid direcpc-si 2464/tcp DirecPC SI direcpc-si 2464/udp DirecPC SI lbm 2465/udp Load Balance Management lbm 2465/tcp Load Balance Management lbf 2466/udp Load Balance Forwarding lbf 2466/tcp Load Balance Forwarding high-criteria 2467/udp High Criteria high-criteria 2467/tcp High Criteria qip-msgd 2468/udp qip_msgd qip-msgd 2468/tcp qip_msgd mti-tcs-comm 2469/udp MTI-TCS-COMM mti-tcs-comm 2469/tcp MTI-TCS-COMM taskman-port 2470/udp taskman port taskman-port 2470/tcp taskman port seaodbc 2471/tcp SeaODBC seaodbc 2471/udp SeaODBC c3 2472/udp C3 c3 2472/tcp C3 aker-cdp 2473/udp Aker-cdp aker-cdp 2473/tcp Aker-cdp vitalanalysis 2474/tcp Vital Analysis vitalanalysis 2474/udp Vital Analysis ace-server 2475/tcp ACE Server ace-server 2475/udp ACE Server ace-svr-prop 2476/tcp ACE Server Propagation ace-svr-prop 2476/udp ACE Server Propagation ssm-cvs 2477/tcp SecurSight Certificate Valifation Service ssm-cvs 2477/udp SecurSight Certificate Valifation Service ssm-cssps 2478/tcp SecurSight Authentication Server (SSL) ssm-cssps 2478/udp SecurSight Authentication Server (SSL) ssm-els 2479/udp SecurSight Event Logging Server (SSL) ssm-els 2479/tcp SecurSight Event Logging Server (SSL) lingwood 2480/udp Lingwood's Detail lingwood 2480/tcp Lingwood's Detail giop 2481/udp Oracle GIOP giop 2481/tcp Oracle GIOP giop-ssl 2482/udp Oracle GIOP SSL giop-ssl 2482/tcp Oracle GIOP SSL ttc 2483/udp Oracle TTC ttc 2483/tcp Oracle TTC ttc-ssl 2484/udp Oracle TTC SSL ttc-ssl 2484/tcp Oracle TTC SSL netobjects1 2485/udp Net Objects1 netobjects1 2485/tcp Net Objects1 netobjects2 2486/udp Net Objects2 netobjects2 2486/tcp Net Objects2 pns 2487/udp Policy Notice Service pns 2487/tcp Policy Notice Service moy-corp 2488/udp Moy Corporation moy-corp 2488/tcp Moy Corporation tsilb 2489/udp TSILB tsilb 2489/tcp TSILB qip-qdhcp 2490/udp qip_qdhcp qip-qdhcp 2490/tcp qip_qdhcp conclave-cpp 2491/tcp Conclave CPP conclave-cpp 2491/udp Conclave CPP groove 2492/tcp GROOVE groove 2492/udp GROOVE talarian-mqs 2493/tcp Talarian MQS talarian-mqs 2493/udp Talarian MQS bmc-ar 2494/tcp BMC AR bmc-ar 2494/udp BMC AR fast-rem-serv 2495/udp Fast Remote Services fast-rem-serv 2495/tcp Fast Remote Services dirgis 2496/tcp DIRGIS dirgis 2496/udp DIRGIS quaddb 2497/tcp Quad DB quaddb 2497/udp Quad DB odn-castraq 2498/udp ODN-CasTraq odn-castraq 2498/tcp ODN-CasTraq unicontrol 2499/tcp UniControl unicontrol 2499/udp UniControl rtsserv 2500/tcp Resource Tracking system server rtsserv 2500/udp Resource Tracking system server rtsclient 2501/udp Resource Tracking system client rtsclient 2501/tcp Resource Tracking system client kentrox-prot 2502/udp Kentrox Protocol kentrox-prot 2502/tcp Kentrox Protocol nms-dpnss 2503/tcp NMS-DPNSS nms-dpnss 2503/udp NMS-DPNSS wlbs 2504/tcp WLBS wlbs 2504/udp WLBS torque-traffic 2505/tcp torque-traffic torque-traffic 2505/udp torque-traffic jbroker 2506/udp jbroker jbroker 2506/tcp jbroker spock 2507/udp spock spock 2507/tcp spock jdatastore 2508/udp JDataStore jdatastore 2508/tcp JDataStore fjmpss 2509/tcp fjmpss fjmpss 2509/udp fjmpss fjappmgrbulk 2510/tcp fjappmgrbulk fjappmgrbulk 2510/udp fjappmgrbulk metastorm 2511/tcp Metastorm metastorm 2511/udp Metastorm citrixima 2512/udp Citrix IMA citrixima 2512/tcp Citrix IMA citrixadmin 2513/udp Citrix ADMIN citrixadmin 2513/tcp Citrix ADMIN facsys-ntp 2514/udp Facsys NTP facsys-ntp 2514/tcp Facsys NTP facsys-router 2515/udp Facsys Router facsys-router 2515/tcp Facsys Router maincontrol 2516/tcp Main Control maincontrol 2516/udp Main Control call-sig-trans 2517/udp H.323 Annex E call signaling transport call-sig-trans 2517/tcp H.323 Annex E call signaling transport willy 2518/tcp Willy willy 2518/udp Willy globmsgsvc 2519/udp globmsgsvc globmsgsvc 2519/tcp globmsgsvc pvsw 2520/udp pvsw pvsw 2520/tcp pvsw adaptecmgr 2521/tcp Adaptec Manager adaptecmgr 2521/udp Adaptec Manager windb 2522/tcp WinDb windb 2522/udp WinDb qke-llc-v3 2523/tcp Qke LLC V.3 qke-llc-v3 2523/udp Qke LLC V.3 optiwave-lm 2524/udp Optiwave License Management optiwave-lm 2524/tcp Optiwave License Management ms-v-worlds 2525/tcp MS V-Worlds ms-v-worlds 2525/udp MS V-Worlds # Mike Bristow tina 2525/tcp http://www.quadratec.fr/ ema-sent-lm 2526/tcp EMA License Manager ema-sent-lm 2526/udp EMA License Manager # Mike Bristow tina-msg 2526/udp http://www.quadratec.fr/ iqserver 2527/udp IQ Server iqserver 2527/tcp IQ Server ncr_ccl 2528/udp NCR CCL ncr_ccl 2528/tcp NCR CCL utsftp 2529/udp UTS FTP utsftp 2529/tcp UTS FTP vrcommerce 2530/tcp VR Commerce vrcommerce 2530/udp VR Commerce ito-e-gui 2531/tcp ITO-E GUI ito-e-gui 2531/udp ITO-E GUI ovtopmd 2532/tcp OVTOPMD ovtopmd 2532/udp OVTOPMD snifferserver 2533/tcp SnifferServer snifferserver 2533/udp SnifferServer combox-web-acc 2534/tcp Combox Web Access combox-web-acc 2534/udp Combox Web Access madcap 2535/tcp MADCAP madcap 2535/udp MADCAP btpp2audctr1 2536/udp btpp2audctr1 btpp2audctr1 2536/tcp btpp2audctr1 upgrade 2537/tcp Upgrade Protocol upgrade 2537/udp Upgrade Protocol vnwk-prapi 2538/udp vnwk-prapi vnwk-prapi 2538/tcp vnwk-prapi vsiadmin 2539/udp VSI Admin vsiadmin 2539/tcp VSI Admin lonworks 2540/udp LonWorks lonworks 2540/tcp LonWorks lonworks2 2541/udp LonWorks2 lonworks2 2541/tcp LonWorks2 davinci 2542/tcp daVinci Presenter davinci 2542/udp daVinci Presenter reftek 2543/tcp REFTEK reftek 2543/udp REFTEK novell-zen 2544/udp Novell ZEN novell-zen 2544/tcp Novell ZEN sis-emt 2545/udp sis-emt sis-emt 2545/tcp sis-emt vytalvaultbrtp 2546/udp vytalvaultbrtp vytalvaultbrtp 2546/tcp vytalvaultbrtp vytalvaultvsmp 2547/udp vytalvaultvsmp vytalvaultvsmp 2547/tcp vytalvaultvsmp vytalvaultpipe 2548/udp vytalvaultpipe vytalvaultpipe 2548/tcp vytalvaultpipe ipass 2549/udp IPASS ipass 2549/tcp IPASS ads 2550/udp ADS ads 2550/tcp ADS isg-uda-server 2551/tcp ISG UDA Server isg-uda-server 2551/udp ISG UDA Server call-logging 2552/tcp Call Logging call-logging 2552/udp Call Logging efidiningport 2553/tcp efidiningport efidiningport 2553/udp efidiningport vcnet-link-v10 2554/tcp VCnet-Link v10 vcnet-link-v10 2554/udp VCnet-Link v10 compaq-wcp 2555/tcp Compaq WCP compaq-wcp 2555/udp Compaq WCP nicetec-nmsvc 2556/udp nicetec-nmsvc nicetec-nmsvc 2556/tcp nicetec-nmsvc nicetec-mgmt 2557/tcp nicetec-mgmt nicetec-mgmt 2557/udp nicetec-mgmt pclemultimedia 2558/tcp PCLE Multi Media pclemultimedia 2558/udp PCLE Multi Media lstp 2559/udp LSTP lstp 2559/tcp LSTP labrat 2560/tcp labrat labrat 2560/udp labrat mosaixcc 2561/tcp MosaixCC mosaixcc 2561/udp MosaixCC delibo 2562/tcp Delibo delibo 2562/udp Delibo cti-redwood 2563/tcp CTI Redwood cti-redwood 2563/udp CTI Redwood hp-3000-telnet 2564/tcp HP 3000 NS/VT block mode telnet coord-svr 2565/udp Coordinator Server coord-svr 2565/tcp Coordinator Server # Scott A. McIntyre striker 2565/tcp pcs-pcw 2566/tcp pcs-pcw pcs-pcw 2566/udp pcs-pcw clp 2567/tcp Cisco Line Protocol clp 2567/udp Cisco Line Protocol spamtrap 2568/udp SPAM TRAP spamtrap 2568/tcp SPAM TRAP sonuscallsig 2569/tcp Sonus Call Signal sonuscallsig 2569/udp Sonus Call Signal hs-port 2570/udp HS Port hs-port 2570/tcp HS Port cecsvc 2571/tcp CECSVC cecsvc 2571/udp CECSVC ibp 2572/tcp IBP ibp 2572/udp IBP trustestablish 2573/udp Trust Establish trustestablish 2573/tcp Trust Establish blockade-bpsp 2574/udp Blockade BPSP blockade-bpsp 2574/tcp Blockade BPSP hl7 2575/tcp HL7 hl7 2575/udp HL7 tclprodebugger 2576/tcp TCL Pro Debugger tclprodebugger 2576/udp TCL Pro Debugger scipticslsrvr 2577/udp Scriptics Lsrvr scipticslsrvr 2577/tcp Scriptics Lsrvr rvs-isdn-dcp 2578/udp RVS ISDN DCP rvs-isdn-dcp 2578/tcp RVS ISDN DCP mpfoncl 2579/tcp mpfoncl mpfoncl 2579/udp mpfoncl tributary 2580/tcp Tributary tributary 2580/udp Tributary argis-te 2581/udp ARGIS TE argis-te 2581/tcp ARGIS TE argis-ds 2582/udp ARGIS DS argis-ds 2582/tcp ARGIS DS mon 2583/udp MON mon 2583/tcp MON # Scott A. McIntyre wincrash2 2583/tcp cyaserv 2584/udp cyaserv cyaserv 2584/tcp cyaserv netx-server 2585/udp NETX Server netx-server 2585/tcp NETX Server netx-agent 2586/udp NETX Agent netx-agent 2586/tcp NETX Agent masc 2587/tcp MASC masc 2587/udp MASC privilege 2588/udp Privilege privilege 2588/tcp Privilege quartus-tcl 2589/udp quartus tcl quartus-tcl 2589/tcp quartus tcl idotdist 2590/udp idotdist idotdist 2590/tcp idotdist maytagshuffle 2591/udp Maytag Shuffle maytagshuffle 2591/tcp Maytag Shuffle netrek 2592/udp netrek netrek 2592/tcp netrek mns-mail 2593/tcp MNS Mail Notice Service mns-mail 2593/udp MNS Mail Notice Service dts 2594/udp Data Base Server dts 2594/tcp Data Base Server worldfusion1 2595/udp World Fusion 1 worldfusion1 2595/tcp World Fusion 1 worldfusion2 2596/udp World Fusion 2 worldfusion2 2596/tcp World Fusion 2 homesteadglory 2597/udp Homestead Glory homesteadglory 2597/tcp Homestead Glory citriximaclient 2598/udp Citrix MA Client citriximaclient 2598/tcp Citrix MA Client meridiandata 2599/udp Meridian Data meridiandata 2599/tcp Meridian Data hpstgmgr 2600/tcp HPSTGMGR hpstgmgr 2600/udp HPSTGMGR # Rick Payne zebra-main 2600/tcp http://www.zebra.org discp-client 2601/tcp discp client discp-client 2601/udp discp client # Rick Payne zebra-vty 2601/tcp http://www.zebra.org # Rick Payne zebra-vty 2601/tcp http://www.zebra.org discp-server 2602/tcp discp server discp-server 2602/udp discp server # Rick Payne zebra-rip 2602/tcp http://www.zebra.org servicemeter 2603/udp Service Meter servicemeter 2603/tcp Service Meter # Rick Payne zebra-ripng 2603/tcp http://www.zebra.org nsc-ccs 2604/udp NSC CCS nsc-ccs 2604/tcp NSC CCS # Rick Payne zebra-ospf 2604/tcp http://www.zebra.org nsc-posa 2605/udp NSC POSA nsc-posa 2605/tcp NSC POSA # Rick Payne zebra-bgp 2605/tcp http://www.zebra.org netmon 2606/udp Dell Netmon netmon 2606/tcp Dell Netmon # Rick Payne zebra-bgp 2606/tcp http://www.zebra.org connection 2607/udp Dell Connection connection 2607/tcp Dell Connection wag-service 2608/udp Wag Service wag-service 2608/tcp Wag Service system-monitor 2609/udp System Monitor system-monitor 2609/tcp System Monitor versa-tek 2610/tcp VersaTek versa-tek 2610/udp VersaTek lionhead 2611/tcp LIONHEAD lionhead 2611/udp LIONHEAD qpasa-agent 2612/udp Qpasa Agent qpasa-agent 2612/tcp Qpasa Agent smntubootstrap 2613/tcp SMNTUBootstrap smntubootstrap 2613/udp SMNTUBootstrap neveroffline 2614/udp Never Offline neveroffline 2614/tcp Never Offline firepower 2615/tcp firepower firepower 2615/udp firepower appswitch-emp 2616/udp appswitch-emp appswitch-emp 2616/tcp appswitch-emp cmadmin 2617/tcp Clinical Context Managers cmadmin 2617/udp Clinical Context Managers priority-e-com 2618/udp Priority E-Com priority-e-com 2618/tcp Priority E-Com bruce 2619/tcp bruce bruce 2619/udp bruce lpsrecommender 2620/udp LPSRecommender lpsrecommender 2620/tcp LPSRecommender miles-apart 2621/udp Miles Apart Jukebox Server miles-apart 2621/tcp Miles Apart Jukebox Server metricadbc 2622/udp MetricaDBC metricadbc 2622/tcp MetricaDBC lmdp 2623/udp LMDP lmdp 2623/tcp LMDP aria 2624/tcp Aria aria 2624/udp Aria blwnkl-port 2625/tcp Blwnkl Port blwnkl-port 2625/udp Blwnkl Port gbjd816 2626/udp gbjd816 gbjd816 2626/tcp gbjd816 moshebeeri 2627/udp Moshe Beeri moshebeeri 2627/tcp Moshe Beeri dict 2628/udp DICT dict 2628/tcp DICT sitaraserver 2629/tcp Sitara Server sitaraserver 2629/udp Sitara Server sitaramgmt 2630/tcp Sitara Management sitaramgmt 2630/udp Sitara Management sitaradir 2631/tcp Sitara Dir sitaradir 2631/udp Sitara Dir irdg-post 2632/tcp IRdg Post irdg-post 2632/udp IRdg Post interintelli 2633/tcp InterIntelli interintelli 2633/udp InterIntelli pk-electronics 2634/udp PK Electronics pk-electronics 2634/tcp PK Electronics backburner 2635/udp Back Burner backburner 2635/tcp Back Burner solve 2636/tcp Solve solve 2636/udp Solve imdocsvc 2637/udp Import Document Service imdocsvc 2637/tcp Import Document Service sybaseanywhere 2638/tcp Sybase Anywhere sybaseanywhere 2638/udp Sybase Anywhere aminet 2639/tcp AMInet aminet 2639/udp AMInet sai_sentlm 2640/udp Sabbagh Associates Licence Manager sai_sentlm 2640/tcp Sabbagh Associates Licence Manager hdl-srv 2641/tcp HDL Server hdl-srv 2641/udp HDL Server tragic 2642/tcp Tragic tragic 2642/udp Tragic gte-samp 2643/tcp GTE-SAMP gte-samp 2643/udp GTE-SAMP travsoft-ipx-t 2644/udp Travsoft IPX Tunnel travsoft-ipx-t 2644/tcp Travsoft IPX Tunnel novell-ipx-cmd 2645/udp Novell IPX CMD novell-ipx-cmd 2645/tcp Novell IPX CMD and-lm 2646/udp AND License Manager and-lm 2646/tcp AND License Manager syncserver 2647/udp SyncServer syncserver 2647/tcp SyncServer upsnotifyprot 2648/tcp Upsnotifyprot upsnotifyprot 2648/udp Upsnotifyprot vpsipport 2649/tcp VPSIPPORT vpsipport 2649/udp VPSIPPORT eristwoguns 2650/udp eristwoguns eristwoguns 2650/tcp eristwoguns ebinsite 2651/tcp EBInSite ebinsite 2651/udp EBInSite interpathpanel 2652/udp InterPathPanel interpathpanel 2652/tcp InterPathPanel sonus 2653/udp Sonus sonus 2653/tcp Sonus corel_vncadmin 2654/udp Corel VNC Admin corel_vncadmin 2654/tcp Corel VNC Admin unglue 2655/tcp UNIX Nt Glue unglue 2655/udp UNIX Nt Glue kana 2656/tcp Kana kana 2656/udp Kana sns-dispatcher 2657/tcp SNS Dispatcher sns-dispatcher 2657/udp SNS Dispatcher sns-admin 2658/tcp SNS Admin sns-admin 2658/udp SNS Admin sns-query 2659/udp SNS Query sns-query 2659/tcp SNS Query gcmonitor 2660/udp GC Monitor gcmonitor 2660/tcp GC Monitor olhost 2661/tcp OLHOST olhost 2661/udp OLHOST bintec-capi 2662/udp BinTec-CAPI bintec-capi 2662/tcp BinTec-CAPI bintec-tapi 2663/udp BinTec-TAPI bintec-tapi 2663/tcp BinTec-TAPI patrol-mq-gm 2664/tcp Patrol for MQ GM patrol-mq-gm 2664/udp Patrol for MQ GM patrol-mq-nm 2665/tcp Patrol for MQ NM patrol-mq-nm 2665/udp Patrol for MQ NM extensis 2666/tcp extensis extensis 2666/udp extensis alarm-clock-s 2667/udp Alarm Clock Server alarm-clock-s 2667/tcp Alarm Clock Server alarm-clock-c 2668/tcp Alarm Clock Client alarm-clock-c 2668/udp Alarm Clock Client toad 2669/udp TOAD toad 2669/tcp TOAD tve-announce 2670/tcp TVE Announce tve-announce 2670/udp TVE Announce newlixreg 2671/udp newlixreg newlixreg 2671/tcp newlixreg nhserver 2672/tcp nhserver nhserver 2672/udp nhserver firstcall42 2673/tcp First Call 42 firstcall42 2673/udp First Call 42 ewnn 2674/udp ewnn ewnn 2674/tcp ewnn ttc-etap 2675/tcp TTC ETAP ttc-etap 2675/udp TTC ETAP simslink 2676/tcp SIMSLink simslink 2676/udp SIMSLink gadgetgate1way 2677/udp Gadget Gate 1 Way gadgetgate1way 2677/tcp Gadget Gate 1 Way gadgetgate2way 2678/udp Gadget Gate 2 Way gadgetgate2way 2678/tcp Gadget Gate 2 Way syncserverssl 2679/tcp Sync Server SSL syncserverssl 2679/udp Sync Server SSL pxc-sapxom 2680/tcp pxc-sapxom pxc-sapxom 2680/udp pxc-sapxom mpnjsomb 2681/tcp mpnjsomb mpnjsomb 2681/udp mpnjsomb ncdloadbalance 2683/udp NCDLoadBalance ncdloadbalance 2683/tcp NCDLoadBalance mpnjsosv 2684/tcp mpnjsosv mpnjsosv 2684/udp mpnjsosv mpnjsocl 2685/udp mpnjsocl mpnjsocl 2685/tcp mpnjsocl mpnjsomg 2686/tcp mpnjsomg mpnjsomg 2686/udp mpnjsomg pq-lic-mgmt 2687/tcp pq-lic-mgmt pq-lic-mgmt 2687/udp pq-lic-mgmt md-cg-http 2688/udp md-cf-http md-cg-http 2688/tcp md-cf-http fastlynx 2689/udp FastLynx fastlynx 2689/tcp FastLynx hp-nnm-data 2690/udp HP NNM Embedded Database hp-nnm-data 2690/tcp HP NNM Embedded Database itinternet 2691/tcp ITInternet ISM Server itinternet 2691/udp ITInternet ISM Server admins-lms 2692/udp Admins LMS admins-lms 2692/tcp Admins LMS belarc-http 2693/udp belarc-http belarc-http 2693/tcp belarc-http pwrsevent 2694/udp pwrsevent pwrsevent 2694/tcp pwrsevent vspread 2695/udp VSPREAD vspread 2695/tcp VSPREAD unifyadmin 2696/udp Unify Admin unifyadmin 2696/tcp Unify Admin oce-snmp-trap 2697/tcp Oce SNMP Trap Port oce-snmp-trap 2697/udp Oce SNMP Trap Port mck-ivpip 2698/tcp MCK-IVPIP mck-ivpip 2698/udp MCK-IVPIP csoft-plusclnt 2699/udp Csoft Plus Client csoft-plusclnt 2699/tcp Csoft Plus Client tqdata 2700/udp tqdata tqdata 2700/tcp tqdata sms-rcinfo 2701/udp SMS RCINFO sms-rcinfo 2701/tcp SMS RCINFO sms-xfer 2702/tcp SMS XFER sms-xfer 2702/udp SMS XFER sms-chat 2703/tcp SMS CHAT sms-chat 2703/udp SMS CHAT sms-remctrl 2704/tcp SMS REMCTRL sms-remctrl 2704/udp SMS REMCTRL sds-admin 2705/udp SDS Admin sds-admin 2705/tcp SDS Admin ncdmirroring 2706/udp NCD Mirroring ncdmirroring 2706/tcp NCD Mirroring emcsymapiport 2707/tcp EMCSYMAPIPORT emcsymapiport 2707/udp EMCSYMAPIPORT banyan-net 2708/tcp Banyan-Net banyan-net 2708/udp Banyan-Net supermon 2709/tcp Supermon supermon 2709/udp Supermon sso-service 2710/tcp SSO Service sso-service 2710/udp SSO Service sso-control 2711/udp SSO Control sso-control 2711/tcp SSO Control aocp 2712/tcp Axapta Object Communication Protocol aocp 2712/udp Axapta Object Communication Protocol raven1 2713/tcp Raven1 raven1 2713/udp Raven1 raven2 2714/tcp Raven2 raven2 2714/udp Raven2 hpstgmgr2 2715/udp HPSTGMGR2 hpstgmgr2 2715/tcp HPSTGMGR2 inova-ip-disco 2716/udp Inova IP Disco inova-ip-disco 2716/tcp Inova IP Disco # Scott A. McIntyre theprayer2 2716/tcp pn-requester 2717/tcp PN REQUESTER pn-requester 2717/udp PN REQUESTER pn-requester2 2718/udp PN REQUESTER 2 pn-requester2 2718/tcp PN REQUESTER 2 scan-change 2719/udp Scan & Change scan-change 2719/tcp Scan & Change wkars 2720/udp wkars wkars 2720/tcp wkars smart-diagnose 2721/tcp Smart Diagnose smart-diagnose 2721/udp Smart Diagnose proactivesrvr 2722/udp Proactive Server proactivesrvr 2722/tcp Proactive Server watchdognt 2723/tcp WatchDog NT watchdognt 2723/udp WatchDog NT qotps 2724/udp qotps qotps 2724/tcp qotps msolap-ptp2 2725/tcp MSOLAP PTP2 msolap-ptp2 2725/udp MSOLAP PTP2 tams 2726/udp TAMS tams 2726/tcp TAMS mgcp-callagent 2727/tcp Media Gateway Control Protocol Call Agent mgcp-callagent 2727/udp Media Gateway Control Protocol Call Agent sqdr 2728/udp SQDR sqdr 2728/tcp SQDR tcim-control 2729/tcp TCIM Control tcim-control 2729/udp TCIM Control nec-raidplus 2730/tcp NEC RaidPlus nec-raidplus 2730/udp NEC RaidPlus fyre-messanger 2731/tcp Fyre Messanger fyre-messanger 2731/udp Fyre Messagner g5m 2732/udp G5M g5m 2732/tcp G5M signet-ctf 2733/udp Signet CTF signet-ctf 2733/tcp Signet CTF ccs-software 2734/udp CCS Software ccs-software 2734/tcp CCS Software netiq-mc 2735/tcp NetIQ Monitor Console netiq-mc 2735/udp NetIQ Monitor Console radwiz-nms-srv 2736/tcp RADWIZ NMS SRV radwiz-nms-srv 2736/udp RADWIZ NMS SRV srp-feedback 2737/tcp SRP Feedback srp-feedback 2737/udp SRP Feedback ndl-tcp-ois-gw 2738/udp NDL TCP-OSI Gateway ndl-tcp-ois-gw 2738/tcp NDL TCP-OSI Gateway tn-timing 2739/tcp TN Timing tn-timing 2739/udp TN Timing alarm 2740/udp Alarm alarm 2740/tcp Alarm tsb 2741/tcp TSB tsb 2741/udp TSB tsb2 2742/udp TSB2 tsb2 2742/tcp TSB2 murx 2743/tcp murx murx 2743/udp murx honyaku 2744/udp honyaku honyaku 2744/tcp honyaku urbisnet 2745/udp URBISNET urbisnet 2745/tcp URBISNET cpudpencap 2746/udp CPUDPENCAP cpudpencap 2746/tcp CPUDPENCAP fjippol-swrly 2747/udp fjippol-swrly 2747/tcp fjippol-polsvr 2748/udp fjippol-polsvr 2748/tcp fjippol-cnsl 2749/udp fjippol-cnsl 2749/tcp fjippol-port1 2750/tcp fjippol-port1 2750/udp fjippol-port2 2751/udp fjippol-port2 2751/tcp rsisysaccess 2752/tcp RSISYS ACCESS rsisysaccess 2752/udp RSISYS ACCESS de-spot 2753/udp de-spot de-spot 2753/tcp de-spot apollo-cc 2754/tcp APOLLO CC apollo-cc 2754/udp APOLLO CC expresspay 2755/tcp Express Pay expresspay 2755/udp Express Pay simplement-tie 2756/udp simplement-tie simplement-tie 2756/tcp simplement-tie cnrp 2757/udp CNRP cnrp 2757/tcp CNRP apollo-status 2758/udp APOLLO Status apollo-status 2758/tcp APOLLO Status apollo-gms 2759/udp APOLLO GMS apollo-gms 2759/tcp APOLLO GMS sabams 2760/udp Saba MS sabams 2760/tcp Saba MS dicom-iscl 2761/udp DICOM ISCL dicom-iscl 2761/tcp DICOM ISCL dicom-tls 2762/udp DICOM TLS dicom-tls 2762/tcp DICOM TLS desktop-dna 2763/udp Desktop DNA desktop-dna 2763/tcp Desktop DNA data-insurance 2764/tcp Data Insurance data-insurance 2764/udp Data Insurance qip-audup 2765/udp qip-audup qip-audup 2765/tcp qip-audup compaq-scp 2766/udp Compaq SCP compaq-scp 2766/tcp Compaq SCP # Scott A. McIntyre solaris-nlps 2766/tcp uadtc 2767/udp UADTC uadtc 2767/tcp UADTC uacs 2768/udp UACS uacs 2768/tcp UACS singlept-mvs 2769/tcp Single Point MVS singlept-mvs 2769/udp Single Point MVS veronica 2770/tcp Veronica veronica 2770/udp Veronica vergencecm 2771/udp Vergence CM vergencecm 2771/tcp Vergence CM auris 2772/udp auris auris 2772/tcp auris pcbakcup1 2773/tcp PC Backup pcbakcup1 2773/udp PC Backup pcbakcup2 2774/tcp PC Backup pcbakcup2 2774/udp PC Backup smpp 2775/tcp SMPP smpp 2775/udp SMPP ridgeway1 2776/udp Ridgeway Systems & Software ridgeway1 2776/tcp Ridgeway Systems & Software ridgeway2 2777/tcp Ridgeway Systems & Software ridgeway2 2777/udp Ridgeway Systems & Software gwen-sonya 2778/udp Gwen-Sonya gwen-sonya 2778/tcp Gwen-Sonya lbc-sync 2779/tcp LBC Sync lbc-sync 2779/udp LBC Sync lbc-control 2780/udp LBC Control lbc-control 2780/tcp LBC Control whosells 2781/tcp whosells whosells 2781/udp whosells everydayrc 2782/tcp everydayrc everydayrc 2782/udp everydayrc aises 2783/tcp AISES aises 2783/udp AISES www-dev 2784/tcp world wide web - development www-dev 2784/udp world wide web - development aic-np 2785/tcp aic-np aic-np 2785/udp aic-np aic-oncrpc 2786/tcp aic-oncrpc - Destiny MCD database aic-oncrpc 2786/udp aic-oncrpc - Destiny MCD database piccolo 2787/udp piccolo - Cornerstone Software piccolo 2787/tcp piccolo - Cornerstone Software fryeserv 2788/udp NetWare Loadable Module - Seagate Software fryeserv 2788/tcp NetWare Loadable Module - Seagate Software media-agent 2789/tcp Media Agent media-agent 2789/udp Media Agent plgproxy 2790/udp PLG Proxy plgproxy 2790/tcp PLG Proxy mtport-regist 2791/udp MT Port Registrator mtport-regist 2791/tcp MT Port Registrator f5-globalsite 2792/udp f5-globalsite f5-globalsite 2792/tcp f5-globalsite initlsmsad 2793/tcp initlsmsad initlsmsad 2793/udp initlsmsad aaftp 2794/udp aaftp aaftp 2794/tcp aaftp livestats 2795/udp LiveStats livestats 2795/tcp LiveStats ac-tech 2796/udp ac-tech ac-tech 2796/tcp ac-tech esp-encap 2797/tcp esp-encap esp-encap 2797/udp esp-encap tmesis-upshot 2798/udp TMESIS-UPShot tmesis-upshot 2798/tcp TMESIS-UPShot icon-discover 2799/tcp ICON Discover icon-discover 2799/udp ICON Discover acc-raid 2800/udp ACC RAID acc-raid 2800/tcp ACC RAID igcp 2801/udp IGCP igcp 2801/tcp IGCP # Scott A. McIntyre phineas-phucker 2801/tcp veritas-tcp1 2802/tcp Veritas TCP1 veritas-udp1 2802/udp Veritas UDP1 btprjctrl 2803/udp btprjctrl btprjctrl 2803/tcp btprjctrl telexis-vtu 2804/tcp Telexis VTU telexis-vtu 2804/udp Telexis VTU wta-wsp-s 2805/udp WTA WSP-S wta-wsp-s 2805/tcp WTA WSP-S cspuni 2806/tcp cspuni cspuni 2806/udp cspuni cspmulti 2807/udp cspmulti cspmulti 2807/tcp cspmulti j-lan-p 2808/tcp J-LAN-P j-lan-p 2808/udp J-LAN-P corbaloc 2809/udp CORBA LOC corbaloc 2809/tcp CORBA LOC netsteward 2810/udp Active Net Steward netsteward 2810/tcp Active Net Steward gsiftp 2811/tcp GSI FTP gsiftp 2811/udp GSI FTP atmtcp 2812/tcp atmtcp atmtcp 2812/udp atmtcp llm-pass 2813/tcp llm-pass llm-pass 2813/udp llm-pass llm-csv 2814/udp llm-csv llm-csv 2814/tcp llm-csv lbc-measure 2815/tcp LBC Measurement lbc-measure 2815/udp LBC Measurement lbc-watchdog 2816/udp LBC Watchdog lbc-watchdog 2816/tcp LBC Watchdog nmsigport 2817/tcp NMSig Port nmsigport 2817/udp NMSig Port rmlnk 2818/tcp rmlnk rmlnk 2818/udp rmlnk fc-faultnotify 2819/tcp FC Fault Notification fc-faultnotify 2819/udp FC Fault Notification univision 2820/udp UniVision univision 2820/tcp UniVision vml-dms 2821/udp vml_dms vml-dms 2821/tcp vml_dms ka0wuc 2822/tcp ka0wuc ka0wuc 2822/udp ka0wuc cqg-netlan 2823/udp CQG Net/LAN cqg-netlan 2823/tcp CQG Net/LAN cqg-netlan-1 2824/tcp CQG Net/LAN 1 cqg-netlan-1 2824/udp CQG Net/Lan 1 slc-systemlog 2826/udp slc systemlog slc-systemlog 2826/tcp slc systemlog slc-ctrlrloops 2827/udp slc ctrlrloops slc-ctrlrloops 2827/tcp slc ctrlrloops itm-lm 2828/tcp ITM License Manager itm-lm 2828/udp ITM License Manager silkp1 2829/udp silkp1 silkp1 2829/tcp silkp1 silkp2 2830/tcp silkp2 silkp2 2830/udp silkp2 silkp3 2831/udp silkp3 silkp3 2831/tcp silkp3 silkp4 2832/tcp silkp4 silkp4 2832/udp silkp4 glishd 2833/udp glishd glishd 2833/tcp glishd evtp 2834/udp EVTP evtp 2834/tcp EVTP evtp-data 2835/udp EVTP-DATA evtp-data 2835/tcp EVTP-DATA catalyst 2836/tcp catalyst catalyst 2836/udp catalyst repliweb 2837/udp Repliweb repliweb 2837/tcp Repliweb starbot 2838/udp Starbot starbot 2838/tcp Starbot nmsigport 2839/udp NMSigPort nmsigport 2839/tcp NMSigPort l3-exprt 2840/tcp l3-exprt l3-exprt 2840/udp l3-exprt l3-ranger 2841/tcp l3-ranger l3-ranger 2841/udp l3-ranger l3-hawk 2842/udp l3-hawk l3-hawk 2842/tcp l3-hawk pdnet 2843/tcp PDnet pdnet 2843/udp PDnet bpcp-poll 2844/udp BPCP POLL bpcp-poll 2844/tcp BPCP POLL bpcp-trap 2845/tcp BPCP TRAP bpcp-trap 2845/udp BPCP TRAP aimpp-hello 2846/tcp AIMPP Hello aimpp-hello 2846/udp AIMPP Hello aimpp-port-req 2847/tcp AIMPP Port Req aimpp-port-req 2847/udp AIMPP Port Req amt-blc-port 2848/udp AMT-BLC-PORT amt-blc-port 2848/tcp AMT-BLC-PORT fxp 2849/tcp FXP fxp 2849/udp FXP metaconsole 2850/udp MetaConsole metaconsole 2850/tcp MetaConsole webemshttp 2851/udp webemshttp webemshttp 2851/tcp webemshttp bears-01 2852/tcp bears-01 bears-01 2852/udp bears-01 ispipes 2853/tcp ISPipes ispipes 2853/udp ISPipes infomover 2854/udp InfoMover infomover 2854/tcp InfoMover cesdinv 2856/udp cesdinv cesdinv 2856/tcp cesdinv simctlp 2857/tcp SimCtIP simctlp 2857/udp SimCtIP ecnp 2858/tcp ECNP ecnp 2858/udp ECNP activememory 2859/tcp Active Memory activememory 2859/udp Active Memory dialpad-voice1 2860/udp Dialpad Voice 1 dialpad-voice1 2860/tcp Dialpad Voice 1 dialpad-voice2 2861/udp Dialpad Voice 2 dialpad-voice2 2861/tcp Dialpad Voice 2 ttg-protocol 2862/tcp TTG Protocol ttg-protocol 2862/udp TTG Protocol sonardata 2863/udp Sonar Data sonardata 2863/tcp Sonar Data astromed-main 2864/tcp main 5001 cmd astromed-main 2864/udp main 5001 cmd pit-vpn 2865/udp pit-vpn pit-vpn 2865/tcp pit-vpn iwlistener 2866/tcp iwlistener iwlistener 2866/udp iwlistener esps-portal 2867/udp esps-portal esps-portal 2867/tcp esps-portal npep-messaging 2868/tcp NPEP Messaging npep-messaging 2868/udp NPEP Messaging icslap 2869/udp ICSLAP icslap 2869/tcp ICSLAP daishi 2870/udp daishi daishi 2870/tcp daishi msi-selectplay 2871/tcp MSI Select Play msi-selectplay 2871/udp MSI Select Play radix 2872/udp RADIX radix 2872/tcp RADIX paspar2-zoomin 2873/tcp PASPAR2 ZoomIn paspar2-zoomin 2873/udp PASPAR2 ZoomIn dxmessagebase1 2874/udp dxmessagebase1 dxmessagebase1 2874/tcp dxmessagebase1 dxmessagebase2 2875/tcp dxmessagebase2 dxmessagebase2 2875/udp dxmessagebase2 sps-tunnel 2876/udp SPS Tunnel sps-tunnel 2876/tcp SPS Tunnel bluelance 2877/tcp BLUELANCE bluelance 2877/udp BLUELANCE aap 2878/tcp AAP aap 2878/udp AAP ucentric-ds 2879/udp ucentric-ds ucentric-ds 2879/tcp ucentric-ds synapse 2880/udp synapse synapse 2880/tcp synapse ndsp 2881/udp NDSP ndsp 2881/tcp NDSP ndtp 2882/tcp NDTP ndtp 2882/udp NDTP ndnp 2883/tcp NDNP ndnp 2883/udp NDNP flashmsg 2884/udp Flash Msg flashmsg 2884/tcp Flash Msg topflow 2885/tcp TopFlow topflow 2885/udp TopFlow responselogic 2886/udp RESPONSELOGIC responselogic 2886/tcp RESPONSELOGIC aironetddp 2887/tcp aironet aironetddp 2887/udp aironet spcsdlobby 2888/tcp SPCSDLOBBY spcsdlobby 2888/udp SPCSDLOBBY rsom 2889/udp RSOM rsom 2889/tcp RSOM cspclmulti 2890/udp CSPCLMULTI cspclmulti 2890/tcp CSPCLMULTI cinegrfx-elmd 2891/tcp CINEGRFX-ELMD License Manager cinegrfx-elmd 2891/udp CINEGRFX-ELMD License Manager snifferdata 2892/udp SNIFFERDATA snifferdata 2892/tcp SNIFFERDATA vseconnector 2893/tcp VSECONNECTOR vseconnector 2893/udp VSECONNECTOR abacus-remote 2894/tcp ABACUS-REMOTE abacus-remote 2894/udp ABACUS-REMOTE natuslink 2895/udp NATUS LINK natuslink 2895/tcp NATUS LINK ecovisiong6-1 2896/udp ECOVISIONG6-1 ecovisiong6-1 2896/tcp ECOVISIONG6-1 citrix-rtmp 2897/udp Citrix RTMP citrix-rtmp 2897/tcp Citrix RTMP appliance-cfg 2898/tcp APPLIANCE-CFG appliance-cfg 2898/udp APPLIANCE-CFG powergemplus 2899/tcp POWERGEMPLUS powergemplus 2899/udp POWERGEMPLUS quicksuite 2900/udp QUICKSUITE quicksuite 2900/tcp QUICKSUITE allstorcns 2901/tcp ALLSTORCNS allstorcns 2901/udp ALLSTORCNS netaspi 2902/udp NET ASPI netaspi 2902/tcp NET ASPI suitcase 2903/tcp SUITCASE suitcase 2903/udp SUITCASE m2ua 2904/udp M2UA m2ua 2904/tcp M2UA m3ua 2905/tcp M3UA m3ua 2905/udp De-registered (2001 June 07) caller9 2906/udp CALLER9 caller9 2906/tcp CALLER9 webmethods-b2b 2907/tcp WEBMETHODS B2B webmethods-b2b 2907/udp WEBMETHODS B2B mao 2908/tcp mao mao 2908/udp mao funk-dialout 2909/tcp Funk Dialout funk-dialout 2909/udp Funk Dialout tdaccess 2910/udp TDAccess tdaccess 2910/tcp TDAccess blockade 2911/tcp Blockade blockade 2911/udp Blockade epicon 2912/udp Epicon epicon 2912/tcp Epicon boosterware 2913/tcp Booster Ware boosterware 2913/udp Booster Ware gamelobby 2914/udp Game Lobby gamelobby 2914/tcp Game Lobby tksocket 2915/udp TK Socket tksocket 2915/tcp TK Socket elvin_server 2916/tcp Elvin Server elvin_server 2916/udp Elvin Server elvin_client 2917/udp Elvin Client elvin_client 2917/tcp Elvin Client kastenchasepad 2918/tcp Kasten Chase Pad kastenchasepad 2918/udp Kasten Chase Pad roboer 2919/udp ROBOER roboer 2919/tcp ROBOER roboeda 2920/tcp ROBOEDA roboeda 2920/udp ROBOEDA cesdcdman 2921/tcp CESD Contents Delivery Management cesdcdman 2921/udp CESD Contents Delivery Management cesdcdtrn 2922/udp CESD Contents Delivery Data Transfer cesdcdtrn 2922/tcp CESD Contents Delivery Data Transfer wta-wsp-wtp-s 2923/tcp WTA-WSP-WTP-S wta-wsp-wtp-s 2923/udp WTA-WSP-WTP-S precise-vip 2924/udp PRECISE-VIP precise-vip 2924/tcp PRECISE-VIP mobile-file-dl 2926/udp MOBILE-FILE-DL mobile-file-dl 2926/tcp MOBILE-FILE-DL unimobilectrl 2927/tcp UNIMOBILECTRL unimobilectrl 2927/udp UNIMOBILECTRL redstone-cpss 2928/udp REDSTONE-CPSS redstone-cpss 2928/tcp REDSTONE-CPSS panja-webadmin 2929/udp PANJA-WEBADMIN panja-webadmin 2929/tcp PANJA-WEBADMIN panja-weblinx 2930/udp PANJA-WEBLINX panja-weblinx 2930/tcp PANJA-WEBLINX circle-x 2931/udp Circle-X circle-x 2931/tcp Circle-X incp 2932/udp INCP incp 2932/tcp INCP 4-tieropmgw 2933/udp 4-TIER OPM GW 4-tieropmgw 2933/tcp 4-TIER OPM GW 4-tieropmcli 2934/tcp 4-TIER OPM CLI 4-tieropmcli 2934/udp 4-TIER OPM CLI qtp 2935/tcp QTP qtp 2935/udp QTP otpatch 2936/udp OTPatch otpatch 2936/tcp OTPatch pnaconsult-lm 2937/tcp PNACONSULT-LM pnaconsult-lm 2937/udp PNACONSULT-LM sm-pas-1 2938/udp SM-PAS-1 sm-pas-1 2938/tcp SM-PAS-1 sm-pas-2 2939/tcp SM-PAS-2 sm-pas-2 2939/udp SM-PAS-2 sm-pas-3 2940/udp SM-PAS-3 sm-pas-3 2940/tcp SM-PAS-3 sm-pas-4 2941/udp SM-PAS-4 sm-pas-4 2941/tcp SM-PAS-4 sm-pas-5 2942/udp SM-PAS-5 sm-pas-5 2942/tcp SM-PAS-5 ttnrepository 2943/udp TTNRepository ttnrepository 2943/tcp TTNRepository megaco-h248 2944/udp Megaco H-248 megaco-h248 2944/tcp Megaco H-248 h248-binary 2945/tcp H248 Binary h248-binary 2945/udp H248 Binary fjsvmpor 2946/udp FJSVmpor fjsvmpor 2946/tcp FJSVmpor gpsd 2947/tcp GPSD gpsd 2947/udp GPSD wap-push 2948/udp WAP PUSH wap-push 2948/tcp WAP PUSH wap-pushsecure 2949/tcp WAP PUSH SECURE wap-pushsecure 2949/udp WAP PUSH SECURE esip 2950/udp ESIP esip 2950/tcp ESIP ottp 2951/udp OTTP ottp 2951/tcp OTTP mpfwsas 2952/udp MPFWSAS mpfwsas 2952/tcp MPFWSAS ovalarmsrv 2953/udp OVALARMSRV ovalarmsrv 2953/tcp OVALARMSRV ovalarmsrv-cmd 2954/udp OVALARMSRV-CMD ovalarmsrv-cmd 2954/tcp OVALARMSRV-CMD csnotify 2955/udp CSNOTIFY csnotify 2955/tcp CSNOTIFY ovrimosdbman 2956/tcp OVRIMOSDBMAN ovrimosdbman 2956/udp OVRIMOSDBMAN jmact5 2957/udp JAMCT5 jmact5 2957/tcp JAMCT5 jmact6 2958/udp JAMCT6 jmact6 2958/tcp JAMCT6 rmopagt 2959/udp RMOPAGT rmopagt 2959/tcp RMOPAGT dfoxserver 2960/tcp DFOXSERVER dfoxserver 2960/udp DFOXSERVER boldsoft-lm 2961/tcp BOLDSOFT-LM boldsoft-lm 2961/udp BOLDSOFT-LM iph-policy-cli 2962/udp IPH-POLICY-CLI iph-policy-cli 2962/tcp IPH-POLICY-CLI iph-policy-adm 2963/tcp IPH-POLICY-ADM iph-policy-adm 2963/udp IPH-POLICY-ADM bullant-srap 2964/tcp BULLANT SRAP bullant-srap 2964/udp BULLANT SRAP bullant-rap 2965/tcp BULLANT RAP bullant-rap 2965/udp BULLANT RAP idp-infotrieve 2966/udp IDP-INFOTRIEVE idp-infotrieve 2966/tcp IDP-INFOTRIEVE ssc-agent 2967/udp SSC-AGENT ssc-agent 2967/tcp SSC-AGENT # Ray Pesek norton-av-ce-communications 2967/tcp enpp 2968/tcp ENPP enpp 2968/udp ENPP essp 2969/udp ESSP essp 2969/tcp ESSP index-net 2970/tcp INDEX-NET index-net 2970/udp INDEX-NET netclip 2971/udp Net Clip netclip 2971/tcp Net Clip pmsm-webrctl 2972/tcp PMSM Webrctl pmsm-webrctl 2972/udp PMSM Webrctl svnetworks 2973/udp SV Networks svnetworks 2973/tcp SV Networks signal 2974/udp Signal signal 2974/tcp Signal fjmpcm 2975/tcp Fujitsu Configuration Management Service fjmpcm 2975/udp Fujitsu Configuration Management Service cns-srv-port 2976/udp CNS Server Port cns-srv-port 2976/tcp CNS Server Port ttc-etap-ns 2977/tcp TTCs Enterprise Test Access Protocol - NS ttc-etap-ns 2977/udp TTCs Enterprise Test Access Protocol - NS ttc-etap-ds 2978/udp TTCs Enterprise Test Access Protocol - DS ttc-etap-ds 2978/tcp TTCs Enterprise Test Access Protocol - DS h263-video 2979/udp H.263 Video Streaming h263-video 2979/tcp H.263 Video Streaming wimd 2980/udp Instant Messaging Service wimd 2980/tcp Instant Messaging Service mylxamport 2981/udp MYLXAMPORT mylxamport 2981/tcp MYLXAMPORT iwb-whiteboard 2982/tcp IWB-WHITEBOARD iwb-whiteboard 2982/udp IWB-WHITEBOARD netplan 2983/tcp NETPLAN netplan 2983/udp NETPLAN hpidsadmin 2984/tcp HPIDSADMIN hpidsadmin 2984/udp HPIDSADMIN hpidsagent 2985/tcp HPIDSAGENT hpidsagent 2985/udp HPIDSAGENT stonefalls 2986/tcp STONEFALLS stonefalls 2986/udp STONEFALLS identify 2987/udp identify identify 2987/tcp identify hippad 2988/tcp HIPPA Reporting Protocol hippad 2988/udp HIPPA Reporting Protocol # Rick Payne afbackup 2988/udp ftp://ftp.sbs.de/pub/tools/afbackup zarkov 2989/udp ZARKOV zarkov 2989/tcp ZARKOV # Scott A. McIntyre rat 2989/udp boscap 2990/udp BOSCAP boscap 2990/tcp BOSCAP wkstn-mon 2991/udp WKSTN-MON wkstn-mon 2991/tcp WKSTN-MON itb301 2992/udp ITB301 itb301 2992/tcp ITB301 veritas-vis1 2993/udp VERITAS VIS1 veritas-vis1 2993/tcp VERITAS VIS1 veritas-vis2 2994/tcp VERITAS VIS2 veritas-vis2 2994/udp VERITAS VIS2 idrs 2995/udp IDRS idrs 2995/tcp IDRS vsixml 2996/tcp vsixml vsixml 2996/udp vsixml rebol 2997/tcp REBOL rebol 2997/udp REBOL realsecure 2998/udp Real Secure realsecure 2998/tcp Real Secure remoteware-un 2999/udp RemoteWare Unassigned remoteware-un 2999/tcp RemoteWare Unassigned hbci 3000/tcp HBCI remoteware-cl 3000/tcp RemoteWare Client remoteware-cl 3000/udp RemoteWare Client hbci 3000/udp HBCI # Scott Craig theef-3000 3000/tcp theef.4-all.org # Scott Craig theef-3000 3000/tcp theef.4-all.org redwood-broker 3001/udp Redwood Broker redwood-broker 3001/tcp Redwood Broker # Alex Butcher nessus 3001/tcp http://www.nessus.org/ remoteware-srv 3002/udp RemoteWare Server remoteware-srv 3002/tcp RemoteWare Server exlm-agent 3002/udp EXLM Agent exlm-agent 3002/tcp EXLM Agent cgms 3003/udp CGMS cgms 3003/tcp CGMS csoftragent 3004/udp Csoft Agent csoftragent 3004/tcp Csoft Agent geniuslm 3005/udp Genius License Manager geniuslm 3005/tcp Genius License Manager ii-admin 3006/tcp Instant Internet Admin ii-admin 3006/udp Instant Internet Admin lotusmtap 3007/tcp Lotus Mail Tracking Agent Protocol lotusmtap 3007/udp Lotus Mail Tracking Agent Protocol midnight-tech 3008/tcp Midnight Technologies midnight-tech 3008/udp Midnight Technologies pxc-ntfy 3009/udp PXC-NTFY pxc-ntfy 3009/tcp PXC-NTFY gw 3010/tcp Telerate Workstation ping-pong 3010/udp Telerate Workstation trusted-web 3011/tcp Trusted Web trusted-web 3011/udp Trusted Web twsdss 3012/tcp Trusted Web Client twsdss 3012/udp Trusted Web Client gilatskysurfer 3013/tcp Gilat Sky Surfer gilatskysurfer 3013/udp Gilat Sky Surfer broker_service 3014/udp Broker Service broker_service 3014/tcp Broker Service nati-dstp 3015/tcp NATI DSTP nati-dstp 3015/udp NATI DSTP notify_srvr 3016/tcp Notify Server notify_srvr 3016/udp Notify Server event_listener 3017/udp Event Listener event_listener 3017/tcp Event Listener srvc_registry 3018/tcp Service Registry srvc_registry 3018/udp Service Registry resource_mgr 3019/udp Resource Manager resource_mgr 3019/tcp Resource Manager cifs 3020/udp CIFS cifs 3020/tcp CIFS agriserver 3021/tcp AGRI Server agriserver 3021/udp AGRI Server csregagent 3022/tcp CSREGAGENT csregagent 3022/udp CSREGAGENT magicnotes 3023/tcp magicnotes magicnotes 3023/udp magicnotes nds_sso 3024/udp NDS_SSO nds_sso 3024/tcp NDS_SSO # Scott A. McIntyre wincrash 3024/udp arepa-raft 3025/udp Arepa Raft arepa-raft 3025/tcp Arepa Raft agri-gateway 3026/udp AGRI Gateway agri-gateway 3026/tcp AGRI Gateway liebdevmgmt_c 3027/udp LiebDevMgmt_C liebdevmgmt_c 3027/tcp LiebDevMgmt_C liebdevmgmt_dm 3028/tcp LiebDevMgmt_DM liebdevmgmt_dm 3028/udp LiebDevMgmt_DM liebdevmgmt_a 3029/udp LiebDevMgmt_A liebdevmgmt_a 3029/tcp LiebDevMgmt_A arepa-cas 3030/udp Arepa Cas arepa-cas 3030/tcp Arepa Cas eppc 3031/udp Remote AppleEvents/PPC Toolbox eppc 3031/tcp Remote AppleEvents/PPC Toolbox redwood-chat 3032/tcp Redwood Chat redwood-chat 3032/udp Redwood Chat pdb 3033/udp PDB pdb 3033/tcp PDB osmosis-aeea 3034/udp Osmosis / Helix (R) AEEA Port osmosis-aeea 3034/tcp Osmosis / Helix (R) AEEA Port fjsv-gssagt 3035/udp FJSV gssagt fjsv-gssagt 3035/tcp FJSV gssagt hagel-dump 3036/udp Hagel DUMP hagel-dump 3036/tcp Hagel DUMP hp-san-mgmt 3037/tcp HP SAN Mgmt hp-san-mgmt 3037/udp HP SAN Mgmt santak-ups 3038/tcp Santak UPS santak-ups 3038/udp Santak UPS cogitate 3039/tcp Cogitate, Inc. cogitate 3039/udp Cogitate, Inc. tomato-springs 3040/udp Tomato Springs tomato-springs 3040/tcp Tomato Springs di-traceware 3041/udp di-traceware di-traceware 3041/tcp di-traceware journee 3042/tcp journee journee 3042/udp journee brp 3043/tcp BRP brp 3043/udp BRP epp 3044/udp EndPoint Protocol epp 3044/tcp EndPoint Protocol responsenet 3045/udp ResponseNet responsenet 3045/tcp ResponseNet di-ase 3046/udp di-ase di-ase 3046/tcp di-ase hlserver 3047/tcp Fast Security HL Server hlserver 3047/udp Fast Security HL Server pctrader 3048/tcp Sierra Net PC Trader pctrader 3048/udp Sierra Net PC Trader nsws 3049/tcp NSWS nsws 3049/udp NSWS gds_db 3050/udp gds_db gds_db 3050/tcp gds_db galaxy-server 3051/tcp Galaxy Server galaxy-server 3051/udp Galaxy Server apcpcns 3052/udp APCPCNS apcpcns 3052/tcp APCPCNS dsom-server 3053/udp dsom-server dsom-server 3053/tcp dsom-server amt-cnf-prot 3054/tcp AMT CNF PROT amt-cnf-prot 3054/udp AMT CNF PROT policyserver 3055/tcp Policy Server policyserver 3055/udp Policy Server cdl-server 3056/tcp CDL Server cdl-server 3056/udp CDL Server goahead-fldup 3057/tcp GoAhead FldUp goahead-fldup 3057/udp GoAhead FldUp videobeans 3058/udp videobeans videobeans 3058/tcp videobeans qsoft 3059/udp qsoft qsoft 3059/tcp qsoft interserver 3060/tcp interserver interserver 3060/udp interserver cautcpd 3061/udp cautcpd cautcpd 3061/tcp cautcpd ncacn-ip-tcp 3062/udp ncacn-ip-tcp ncacn-ip-tcp 3062/tcp ncacn-ip-tcp ncadg-ip-udp 3063/udp ncadg-ip-udp ncadg-ip-udp 3063/tcp ncadg-ip-udp rprt 3064/udp Remote Port Redirector rprt 3064/tcp Remote Port Redirector slinterbase 3065/udp slinterbase slinterbase 3065/tcp slinterbase netattachsdmp 3066/udp NETATTACHSDMP netattachsdmp 3066/tcp NETATTACHSDMP fjhpjp 3067/tcp FJHPJP fjhpjp 3067/udp FJHPJP ls3bcast 3068/tcp ls3 Broadcast ls3bcast 3068/udp ls3 Broadcast ls3 3069/udp ls3 ls3 3069/tcp ls3 mgxswitch 3070/tcp MGXSWITCH mgxswitch 3070/udp MGXSWITCH csd-mgmt-port 3071/tcp ContinuStor Manager Port csd-mgmt-port 3071/udp ContinuStor Manager Port csd-monitor 3072/udp ContinuStor Monitor Port csd-monitor 3072/tcp ContinuStor Monitor Port vcrp 3073/tcp Very simple chatroom prot vcrp 3073/udp Very simple chatroom prot xbox 3074/udp Xbox game port xbox 3074/tcp Xbox game port orbix-locator 3075/tcp Orbix 2000 Locator orbix-locator 3075/udp Orbix 2000 Locator orbix-config 3076/tcp Orbix 2000 Config orbix-config 3076/udp Orbix 2000 Config orbix-loc-ssl 3077/tcp Orbix 2000 Locator SSL orbix-loc-ssl 3077/udp Orbix 2000 Locator SSL orbix-cfg-ssl 3078/udp Orbix 2000 Locator SSL orbix-cfg-ssl 3078/tcp Orbix 2000 Locator SSL lv-frontpanel 3079/tcp LV Front Panel lv-frontpanel 3079/udp LV Front Panel stm_pproc 3080/tcp stm_pproc stm_pproc 3080/udp stm_pproc tl1-lv 3081/tcp TL1-LV tl1-lv 3081/udp TL1-LV tl1-raw 3082/udp TL1-RAW tl1-raw 3082/tcp TL1-RAW tl1-telnet 3083/tcp TL1-TELNET tl1-telnet 3083/udp TL1-TELNET itm-mccs 3084/udp ITM-MCCS itm-mccs 3084/tcp ITM-MCCS pcihreq 3085/udp PCIHReq pcihreq 3085/tcp PCIHReq jdl-dbkitchen 3086/udp JDL-DBKitchen jdl-dbkitchen 3086/tcp JDL-DBKitchen asoki-sma 3087/udp Asoki SMA asoki-sma 3087/tcp Asoki SMA xdtp 3088/tcp eXtensible Data Transfer Protocol xdtp 3088/udp eXtensible Data Transfer Protocol ptk-alink 3089/udp ParaTek Agent Linking ptk-alink 3089/tcp ParaTek Agent Linking rtss 3090/udp Rappore Session Services rtss 3090/tcp Rappore Session Services 1ci-smcs 3091/udp 1Ci Server Management 1ci-smcs 3091/tcp 1Ci Server Management njfss 3092/udp Netware sync services njfss 3092/tcp Netware sync services rapidmq-center 3093/tcp Jiiva RapidMQ Center rapidmq-center 3093/udp Jiiva RapidMQ Center rapidmq-reg 3094/udp Jiiva RapidMQ Registry rapidmq-reg 3094/tcp Jiiva RapidMQ Registry panasas 3095/udp Panasas rendevous port panasas 3095/tcp Panasas rendevous port ndl-aps 3096/udp Active Print Server Port ndl-aps 3096/tcp Active Print Server Port umm-port 3098/tcp Universal Message Manager umm-port 3098/udp Universal Message Manager chmd 3099/udp CHIPSY Machine Daemon chmd 3099/tcp CHIPSY Machine Daemon opcon-xps 3100/udp OpCon/xps opcon-xps 3100/tcp OpCon/xps hp-pxpib 3101/udp HP PolicyXpert PIB Server hp-pxpib 3101/tcp HP PolicyXpert PIB Server # Shawn Kelley blackberry-wireless-email 3101/tcp # Shawn Kelley blackberry-wireless-email 3101/tcp # Shawn Kelley blackberry-wireless-email 3101/tcp slslavemon 3102/tcp SoftlinK Slave Mon Port slslavemon 3102/udp SoftlinK Slave Mon Port autocuesmi 3103/udp Autocue SMI Protocol autocuesmi 3103/tcp Autocue SMI Protocol autocuelog 3104/tcp Autocue Logger Protocol autocuetime 3104/udp Autocue Time Service cardbox 3105/tcp Cardbox cardbox 3105/udp Cardbox cardbox-http 3106/udp Cardbox HTTP cardbox-http 3106/tcp Cardbox HTTP business 3107/tcp Business protocol business 3107/udp Business protocol geolocate 3108/udp Geolocate protocol geolocate 3108/tcp Geolocate protocol personnel 3109/udp Personnel protocol personnel 3109/tcp Personnel protocol sim-control 3110/tcp simulator control port sim-control 3110/udp simulator control port wsynch 3111/udp Web Synchronous Services wsynch 3111/tcp Web Synchronous Services ksysguard 3112/tcp KDE System Guard ksysguard 3112/udp KDE System Guard cs-auth-svr 3113/udp CS-Authenticate Svr Port cs-auth-svr 3113/tcp CS-Authenticate Svr Port ccmad 3114/udp CCM AutoDiscover ccmad 3114/tcp CCM AutoDiscover mctet-master 3115/udp MCTET Master mctet-master 3115/tcp MCTET Master mctet-gateway 3116/tcp MCTET Gateway mctet-gateway 3116/udp MCTET Gateway mctet-jserv 3117/udp MCTET Jserv mctet-jserv 3117/tcp MCTET Jserv pkagent 3118/udp PKAgent pkagent 3118/tcp PKAgent d2000kernel 3119/udp D2000 Kernel Port d2000kernel 3119/tcp D2000 Kernel Port d2000webserver 3120/udp D2000 Webserver Port d2000webserver 3120/tcp D2000 Webserver Port epp-temp 3121/udp Extensible Provisioning Protocol epp-temp 3121/tcp Extensible Provisioning Protocol vtr-emulator 3122/udp MTI VTR Emulator port vtr-emulator 3122/tcp MTI VTR Emulator port edix 3123/tcp EDI Translation Protocol edix 3123/udp EDI Translation Protocol beacon-port 3124/tcp Beacon Port beacon-port 3124/udp Beacon Port a13-an 3125/udp A13-AN Interface a13-an 3125/tcp A13-AN Interface ms-dotnetster 3126/tcp Microsoft .NETster Port ms-dotnetster 3126/udp Microsoft .NETster Port ctx-bridge 3127/udp CTX Bridge Port ctx-bridge 3127/tcp CTX Bridge Port ndl-aas 3128/tcp Active API Server Port ndl-aas 3128/udp Active API Server Port # Jon Nangle squid-proxy 3128/tcp http://www.squid-cache.org/ netport-id 3129/udp NetPort Discovery Port netport-id 3129/tcp NetPort Discovery Port icpv2 3130/tcp ICPv2 icpv2 3130/udp ICPv2 netbookmark 3131/udp Net Book Mark netbookmark 3131/tcp Net Book Mark ms-slipstream 3132/tcp MS-Slipstream ms-slipstream 3132/udp MS-Slipstream prism-deploy 3133/udp Prism Deploy User Port prism-deploy 3133/tcp Prism Deploy User Port ecp 3134/tcp Extensible Code Protocol ecp 3134/udp Extensible Code Protocol peerbook-port 3135/udp PeerBook Port peerbook-port 3135/tcp PeerBook Port grubd 3136/tcp Grub Server Port grubd 3136/udp Grub Server Port rtnt-1 3137/tcp rtnt-1 data packets rtnt-1 3137/udp rtnt-1 data packets rtnt-2 3138/tcp rtnt-2 data packets rtnt-2 3138/udp rtnt-2 data packets incognitorv 3139/udp Incognito Rendez-Vous incognitorv 3139/tcp Incognito Rendez-Vous ariliamulti 3140/udp Arilia Multiplexor ariliamulti 3140/tcp Arilia Multiplexor vmodem 3141/udp VMODEM vmodem 3141/tcp VMODEM rdc-wh-eos 3142/tcp RDC WH EOS rdc-wh-eos 3142/udp RDC WH EOS seaview 3143/udp Sea View seaview 3143/tcp Sea View tarantella 3144/tcp Tarantella tarantella 3144/udp Tarantella csi-lfap 3145/udp CSI-LFAP csi-lfap 3145/tcp CSI-LFAP bears-02 3146/tcp bears-02 bears-02 3146/udp bears-02 rfio 3147/udp RFIO rfio 3147/tcp RFIO nm-game-admin 3148/tcp NetMike Game Administrator nm-game-admin 3148/udp NetMike Game Administrator nm-game-server 3149/udp NetMike Game Server nm-game-server 3149/tcp NetMike Game Server nm-asses-admin 3150/udp NetMike Assessor Administrator nm-asses-admin 3150/tcp NetMike Assessor Administrator # Scott A. McIntyre deep-throat 3150/udp nm-assessor 3151/tcp NetMike Assessor nm-assessor 3151/udp NetMike Assessor feitianrockey 3152/udp FeiTian Port feitianrockey 3152/tcp FeiTian Port s8-client-port 3153/udp S8Cargo Client Port s8-client-port 3153/tcp S8Cargo Client Port ccmrmi 3154/tcp ON RMI Registry ccmrmi 3154/udp ON RMI Registry jpegmpeg 3155/tcp JpegMpeg Port jpegmpeg 3155/udp JpegMpeg Port indura 3156/tcp Indura Collector indura 3156/udp Indura Collector e3consultants 3157/tcp CCC Listener Port e3consultants 3157/udp CCC Listener Port stvp 3158/tcp SmashTV Protocol stvp 3158/udp SmashTV Protocol navegaweb-port 3159/tcp NavegaWeb Tarification navegaweb-port 3159/udp NavegaWeb Tarification tip-app-server 3160/udp TIP Application Server tip-app-server 3160/tcp TIP Application Server doc1lm 3161/udp DOC1 License Manager doc1lm 3161/tcp DOC1 License Manager sflm 3162/udp SFLM sflm 3162/tcp SFLM res-sap 3163/tcp RES-SAP res-sap 3163/udp RES-SAP imprs 3164/udp IMPRS imprs 3164/tcp IMPRS newgenpay 3165/tcp Newgenpay Engine Service newgenpay 3165/udp Newgenpay Engine Service qrepos 3166/udp Quest Repository qrepos 3166/tcp Quest Repository poweroncontact 3167/udp poweroncontact poweroncontact 3167/tcp poweroncontact poweronnud 3168/udp poweronnud poweronnud 3168/tcp poweronnud serverview-as 3169/udp SERVERVIEW-AS serverview-as 3169/tcp SERVERVIEW-AS serverview-asn 3170/udp SERVERVIEW-ASN serverview-asn 3170/tcp SERVERVIEW-ASN serverview-gf 3171/tcp SERVERVIEW-GF serverview-gf 3171/udp SERVERVIEW-GF serverview-rm 3172/udp SERVERVIEW-RM serverview-rm 3172/tcp SERVERVIEW-RM serverview-icc 3173/tcp SERVERVIEW-ICC serverview-icc 3173/udp SERVERVIEW-ICC armi-server 3174/tcp ARMI Server armi-server 3174/udp ARMI Server t1-e1-over-ip 3175/tcp T1_E1_Over_IP t1-e1-over-ip 3175/udp T1_E1_Over_IP ars-master 3176/udp ARS Master ars-master 3176/tcp ARS Master phonex-port 3177/udp Phonex Protocol phonex-port 3177/tcp Phonex Protocol radclientport 3178/tcp Radiance UltraEdge Port radclientport 3178/udp Radiance UltraEdge Port h2gf-w-2m 3179/tcp H2GF W.2m Handover prot. h2gf-w-2m 3179/udp H2GF W.2m Handover prot. mc-brk-srv 3180/udp Millicent Broker Server mc-brk-srv 3180/tcp Millicent Broker Server bmcpatrolagent 3181/udp BMC Patrol Agent bmcpatrolagent 3181/tcp BMC Patrol Agent bmcpatrolrnvu 3182/udp BMC Patrol Rendezvous bmcpatrolrnvu 3182/tcp BMC Patrol Rendezvous cops-tls 3183/udp COPS/TLS cops-tls 3183/tcp COPS/TLS apogeex-port 3184/udp ApogeeX Port apogeex-port 3184/tcp ApogeeX Port smpppd 3185/udp SuSE Meta PPPD smpppd 3185/tcp SuSE Meta PPPD iiw-port 3186/tcp IIW Monitor User Port iiw-port 3186/udp IIW Monitor User Port odi-port 3187/udp Open Design Listen Port odi-port 3187/tcp Open Design Listen Port brcm-comm-port 3188/udp Broadcom Port brcm-comm-port 3188/tcp Broadcom Port pcle-infex 3189/udp Pinnacle Sys InfEx Port pcle-infex 3189/tcp Pinnacle Sys InfEx Port csvr-proxy 3190/udp ConServR Proxy csvr-proxy 3190/tcp ConServR Proxy csvr-sslproxy 3191/udp ConServR SSL Proxy csvr-sslproxy 3191/tcp ConServR SSL Proxy firemonrcc 3192/tcp FireMon Revision Control firemonrcc 3192/udp FireMon Revision Control cordataport 3193/udp Cordaxis Data Port cordataport 3193/tcp Cordaxis Data Port magbind 3194/udp Rockstorm MAG protocol magbind 3194/tcp Rockstorm MAG protocol ncu-1 3195/udp Network Control Unit ncu-1 3195/tcp Network Control Unit ncu-2 3196/tcp Network Control Unit ncu-2 3196/udp Network Control Unit embrace-dp-s 3197/tcp Embrace Device Protocol Server embrace-dp-s 3197/udp Embrace Device Protocol Server embrace-dp-c 3198/udp Embrace Device Protocol Client embrace-dp-c 3198/tcp Embrace Device Protocol Client dmod-workspace 3199/udp DMOD WorkSpace dmod-workspace 3199/tcp DMOD WorkSpace tick-port 3200/udp Press-sense Tick Port tick-port 3200/tcp Press-sense Tick Port # Richard Neale sap 3200/tcp cpq-tasksmart 3201/tcp CPQ-TaskSmart cpq-tasksmart 3201/udp CPQ-TaskSmart intraintra 3202/tcp IntraIntra intraintra 3202/udp IntraIntra netwatcher-mon 3203/udp Network Watcher Monitor netwatcher-mon 3203/tcp Network Watcher Monitor netwatcher-db 3204/tcp Network Watcher DB Access netwatcher-db 3204/udp Network Watcher DB Access isns 3205/tcp iSNS Server Port isns 3205/udp iSNS Server Port ironmail 3206/tcp IronMail POP Proxy ironmail 3206/udp IronMail POP Proxy vx-auth-port 3207/tcp Veritas Authentication Port vx-auth-port 3207/udp Veritas Authentication Port pfu-prcallback 3208/udp PFU PR Callback pfu-prcallback 3208/tcp PFU PR Callback netwkpathengine 3209/tcp HP OpenView Network Path Engine Server netwkpathengine 3209/udp HP OpenView Network Path Engine Server flamenco-proxy 3210/udp Flamenco Networks Proxy flamenco-proxy 3210/tcp Flamenco Networks Proxy avsecuremgmt 3211/udp Avocent Secure Management avsecuremgmt 3211/tcp Avocent Secure Management surveyinst 3212/tcp Survey Instrument surveyinst 3212/udp Survey Instrument neon24x7 3213/udp NEON 24X7 Mission Control neon24x7 3213/tcp NEON 24X7 Mission Control jmq-daemon-1 3214/tcp JMQ Daemon Port 1 jmq-daemon-1 3214/udp JMQ Daemon Port 1 jmq-daemon-2 3215/tcp JMQ Daemon Port 2 jmq-daemon-2 3215/udp JMQ Daemon Port 2 ferrari-foam 3216/tcp Ferrari electronic FOAM ferrari-foam 3216/udp Ferrari electronic FOAM unite 3217/udp Unified IP & Telecomm Env unite 3217/tcp Unified IP & Telecomm Env smartpackets 3218/tcp EMC SmartPackets smartpackets 3218/udp EMC SmartPackets wms-messenger 3219/udp WMS Messenger wms-messenger 3219/tcp WMS Messenger xnm-ssl 3220/udp XML NM over SSL xnm-ssl 3220/tcp XML NM over SSL xnm-clear-text 3221/udp XML NM over TCP xnm-clear-text 3221/tcp XML NM over TCP glbp 3222/udp Gateway Load Balancing Pr glbp 3222/tcp Gateway Load Balancing Pr digivote 3223/tcp DIGIVOTE (R) Vote-Server digivote 3223/udp DIGIVOTE (R) Vote-Server aes-discovery 3224/tcp AES Discovery Port aes-discovery 3224/udp AES Discovery Port fcip-port 3225/tcp FCIP fcip-port 3225/udp FCIP isi-irp 3226/udp ISI Industry Software IRP isi-irp 3226/tcp ISI Industry Software IRP dwnmshttp 3227/udp DiamondWave NMS Server dwnmshttp 3227/tcp DiamondWave NMS Server dwmsgserver 3228/udp DiamondWave MSG Server dwmsgserver 3228/tcp DiamondWave MSG Server global-cd-port 3229/udp Global CD Port global-cd-port 3229/tcp Global CD Port sftdst-port 3230/udp Software Distributor Port sftdst-port 3230/tcp Software Distributor Port dsnl 3231/udp Delta Solutions Direct dsnl 3231/tcp Delta Solutions Direct mdtp 3232/udp MDT port mdtp 3232/tcp MDT port whisker 3233/udp WhiskerControl main port whisker 3233/tcp WhiskerControl main port alchemy 3234/udp Alchemy Server alchemy 3234/tcp Alchemy Server mdap-port 3235/tcp MDAP port mdap-port 3235/udp MDAP Port apparenet-ts 3236/udp appareNet Test Server apparenet-ts 3236/tcp appareNet Test Server apparenet-tps 3237/udp appareNet Test Packet Sequencer apparenet-tps 3237/tcp appareNet Test Packet Sequencer apparenet-as 3238/udp appareNet Analysis Server apparenet-as 3238/tcp appareNet Analysis Server apparenet-ui 3239/udp appareNet User Interface apparenet-ui 3239/tcp appareNet User Interface triomotion 3240/tcp Trio Motion Control Port triomotion 3240/udp Trio Motion Control Port sysorb 3241/udp SysOrb Monitoring Server sysorb 3241/tcp SysOrb Monitoring Server sdp-id-port 3242/udp Session Description ID sdp-id-port 3242/tcp Session Description ID timelot 3243/udp Timelot Port timelot 3243/tcp Timelot Port onesaf 3244/udp OneSAF onesaf 3244/tcp OneSAF vieo-fe 3245/tcp VIEO Fabric Executive vieo-fe 3245/udp VIEO Fabric Executive dvt-system 3246/udp DVT SYSTEM PORT dvt-system 3246/tcp DVT SYSTEM PORT dvt-data 3247/udp DVT DATA LINK dvt-data 3247/tcp DVT DATA LINK procos-lm 3248/udp PROCOS LM procos-lm 3248/tcp PROCOS LM ssp 3249/tcp State Sync Protocol ssp 3249/udp State Sync Protocol hicp 3250/udp HMS hicp port hicp 3250/tcp HMS hicp port sysscanner 3251/tcp Sys Scanner sysscanner 3251/udp Sys Scanner dhe 3252/udp DHE port dhe 3252/tcp DHE port pda-data 3253/udp PDA Data pda-data 3253/tcp PDA Data pda-sys 3254/udp PDA System pda-sys 3254/tcp PDA System semaphore 3255/udp Semaphore Connection Port semaphore 3255/tcp Semaphore Connection Port cpqrpm-agent 3256/udp Compaq RPM Agent Port cpqrpm-agent 3256/tcp Compaq RPM Agent Port cpqrpm-server 3257/tcp Compaq RPM Server Port cpqrpm-server 3257/udp Compaq RPM Server Port ivecon-port 3258/tcp Ivecon Server Port ivecon-port 3258/udp Ivecon Server Port epncdp2 3259/udp Epson Network Common Devi epncdp2 3259/tcp Epson Network Common Devi iscsi-target 3260/udp iSCSI port iscsi-target 3260/tcp iSCSI port winshadow 3261/udp winShadow winshadow 3261/tcp winShadow necp 3262/udp NECP necp 3262/tcp NECP ecolor-imager 3263/udp E-Color Enterprise Imager ecolor-imager 3263/tcp E-Color Enterprise Imager ccmail 3264/udp cc:mail/lotus ccmail 3264/tcp cc:mail/lotus altav-tunnel 3265/tcp Altav Tunnel altav-tunnel 3265/udp Altav Tunnel ns-cfg-server 3266/udp NS CFG Server ns-cfg-server 3266/tcp NS CFG Server ibm-dial-out 3267/tcp IBM Dial Out ibm-dial-out 3267/udp IBM Dial Out msft-gc 3268/udp Microsoft Global Catalog msft-gc 3268/tcp Microsoft Global Catalog msft-gc-ssl 3269/tcp Microsoft Global Catalog with LDAP/SSL msft-gc-ssl 3269/udp Microsoft Global Catalog with LDAP/SSL verismart 3270/tcp Verismart verismart 3270/udp Verismart csoft-prev 3271/udp CSoft Prev Port csoft-prev 3271/tcp CSoft Prev Port user-manager 3272/tcp Fujitsu User Manager user-manager 3272/udp Fujitsu User Manager sxmp 3273/tcp Simple Extensible Multiplexed Protocol sxmp 3273/udp Simple Extensible Multiplexed Protocol ordinox-server 3274/udp Ordinox Server ordinox-server 3274/tcp Ordinox Server samd 3275/tcp SAMD samd 3275/udp SAMD maxim-asics 3276/udp Maxim ASICs maxim-asics 3276/tcp Maxim ASICs awg-proxy 3277/udp AWG Proxy awg-proxy 3277/tcp AWG Proxy lkcmserver 3278/udp LKCM Server lkcmserver 3278/tcp LKCM Server admind 3279/tcp admind admind 3279/udp admind vs-server 3280/udp VS Server vs-server 3280/tcp VS Server sysopt 3281/udp SYSOPT sysopt 3281/tcp SYSOPT datusorb 3282/tcp Datusorb datusorb 3282/udp Datusorb net-assistant 3283/udp Net Assistant net-assistant 3283/tcp Net Assistant 4talk 3284/tcp 4Talk 4talk 3284/udp 4Talk plato 3285/tcp Plato plato 3285/udp Plato e-net 3286/udp E-Net e-net 3286/tcp E-Net directvdata 3287/tcp DIRECTVDATA directvdata 3287/udp DIRECTVDATA cops 3288/udp COPS cops 3288/tcp COPS enpc 3289/udp ENPC enpc 3289/tcp ENPC caps-lm 3290/tcp CAPS LOGISTICS TOOLKIT - LM caps-lm 3290/udp CAPS LOGISTICS TOOLKIT - LM sah-lm 3291/tcp S A Holditch & Associates - LM sah-lm 3291/udp S A Holditch & Associates - LM cart-o-rama 3292/udp Cart O Rama cart-o-rama 3292/tcp Cart O Rama fg-fps 3293/udp fg-fps fg-fps 3293/tcp fg-fps fg-gip 3294/udp fg-gip fg-gip 3294/tcp fg-gip dyniplookup 3295/udp Dynamic IP Lookup dyniplookup 3295/tcp Dynamic IP Lookup rib-slm 3296/udp Rib License Manager rib-slm 3296/tcp Rib License Manager cytel-lm 3297/tcp Cytel License Manager cytel-lm 3297/udp Cytel License Manager transview 3298/udp Transview transview 3298/tcp Transview pdrncs 3299/tcp pdrncs pdrncs 3299/udp pdrncs mcs-fastmail 3302/udp MCS Fastmail mcs-fastmail 3302/tcp MCS Fastmail opsession-clnt 3303/udp OP Session Client opsession-clnt 3303/tcp OP Session Client opsession-srvr 3304/udp OP Session Server opsession-srvr 3304/tcp OP Session Server odette-ftp 3305/udp ODETTE-FTP odette-ftp 3305/tcp ODETTE-FTP mysql 3306/udp MySQL mysql 3306/tcp MySQL # Rick Payne mysql 3306/tcp http://www.mysql.org opsession-prxy 3307/tcp OP Session Proxy opsession-prxy 3307/udp OP Session Proxy tns-server 3308/udp TNS Server tns-server 3308/tcp TNS Server tns-adv 3309/udp TNS ADV tns-adv 3309/tcp TNS ADV dyna-access 3310/tcp Dyna Access dyna-access 3310/udp Dyna Access mcns-tel-ret 3311/udp MCNS Tel Ret mcns-tel-ret 3311/tcp MCNS Tel Ret appman-server 3312/tcp Application Management Server appman-server 3312/udp Application Management Server uorb 3313/udp Unify Object Broker uorb 3313/tcp Unify Object Broker uohost 3314/udp Unify Object Host uohost 3314/tcp Unify Object Host cdid 3315/udp CDID cdid 3315/tcp CDID aicc-cmi 3316/udp AICC/CMI aicc-cmi 3316/tcp AICC/CMI vsaiport 3317/udp VSAI PORT vsaiport 3317/tcp VSAI PORT ssrip 3318/udp Swith to Swith Routing Information Protocol ssrip 3318/tcp Swith to Swith Routing Information Protocol sdt-lmd 3319/tcp SDT License Manager sdt-lmd 3319/udp SDT License Manager officelink2000 3320/tcp Office Link 2000 officelink2000 3320/udp Office Link 2000 vnsstr 3321/tcp VNSSTR vnsstr 3321/udp VNSSTR sftu 3326/udp SFTU sftu 3326/tcp SFTU bbars 3327/tcp BBARS bbars 3327/udp BBARS egptlm 3328/tcp Eaglepoint License Manager egptlm 3328/udp Eaglepoint License Manager hp-device-disc 3329/tcp HP Device Disc hp-device-disc 3329/udp HP Device Disc mcs-calypsoicf 3330/udp MCS Calypso ICF mcs-calypsoicf 3330/tcp MCS Calypso ICF mcs-messaging 3331/udp MCS Messaging mcs-messaging 3331/tcp MCS Messaging mcs-mailsvr 3332/tcp MCS Mail Server mcs-mailsvr 3332/udp MCS Mail Server dec-notes 3333/udp DEC Notes dec-notes 3333/tcp DEC Notes directv-web 3334/udp Direct TV Webcasting directv-web 3334/tcp Direct TV Webcasting directv-soft 3335/udp Direct TV Software Updates directv-soft 3335/tcp Direct TV Software Updates directv-tick 3336/udp Direct TV Tickers directv-tick 3336/tcp Direct TV Tickers directv-catlg 3337/udp Direct TV Data Catalog directv-catlg 3337/tcp Direct TV Data Catalog anet-b 3338/tcp OMF data b anet-b 3338/udp OMF data b anet-l 3339/tcp OMF data l anet-l 3339/udp OMF data l anet-m 3340/tcp OMF data m anet-m 3340/udp OMF data m anet-h 3341/udp OMF data h anet-h 3341/tcp OMF data h webtie 3342/udp WebTIE webtie 3342/tcp WebTIE ms-cluster-net 3343/udp MS Cluster Net ms-cluster-net 3343/tcp MS Cluster Net bnt-manager 3344/tcp BNT Manager bnt-manager 3344/udp BNT Manager influence 3345/tcp Influence influence 3345/udp Influence trnsprntproxy 3346/udp Trnsprnt Proxy trnsprntproxy 3346/tcp Trnsprnt Proxy phoenix-rpc 3347/tcp Phoenix RPC phoenix-rpc 3347/udp Phoenix RPC pangolin-laser 3348/udp Pangolin Laser pangolin-laser 3348/tcp Pangolin Laser chevinservices 3349/tcp Chevin Services chevinservices 3349/udp Chevin Services findviatv 3350/tcp FINDVIATV findviatv 3350/udp FINDVIATV btrieve 3351/tcp BTRIEVE btrieve 3351/udp BTRIEVE ssql 3352/udp SSQL ssql 3352/tcp SSQL fatpipe 3353/tcp FATPIPE fatpipe 3353/udp FATPIPE suitjd 3354/tcp SUITJD suitjd 3354/udp SUITJD ordinox-dbase 3355/udp Ordinox Dbase ordinox-dbase 3355/tcp Ordinox Dbase upnotifyps 3356/udp UPNOTIFYPS upnotifyps 3356/tcp UPNOTIFYPS adtech-test 3357/udp Adtech Test IP adtech-test 3357/tcp Adtech Test IP mpsysrmsvr 3358/udp Mp Sys Rmsvr mpsysrmsvr 3358/tcp Mp Sys Rmsvr wg-netforce 3359/udp WG NetForce wg-netforce 3359/tcp WG NetForce kv-server 3360/tcp KV Server kv-server 3360/udp KV Server kv-agent 3361/udp KV Agent kv-agent 3361/tcp KV Agent dj-ilm 3362/tcp DJ ILM dj-ilm 3362/udp DJ ILM nati-vi-server 3363/udp NATI Vi Server nati-vi-server 3363/tcp NATI Vi Server creativeserver 3364/tcp Creative Server creativeserver 3364/udp Creative Server contentserver 3365/tcp Content Server contentserver 3365/udp Content Server creativepartnr 3366/udp Creative Partner creativepartnr 3366/tcp Creative Partner tip2 3372/tcp TIP 2 tip2 3372/udp TIP 2 lavenir-lm 3373/udp Lavenir License Manager lavenir-lm 3373/tcp Lavenir License Manager cluster-disc 3374/tcp Cluster Disc cluster-disc 3374/udp Cluster Disc vsnm-agent 3375/tcp VSNM Agent vsnm-agent 3375/udp VSNM Agent cdbroker 3376/udp CD Broker cdbroker 3376/tcp CD Broker cogsys-lm 3377/udp Cogsys Network License Manager cogsys-lm 3377/tcp Cogsys Network License Manager wsicopy 3378/udp WSICOPY wsicopy 3378/tcp WSICOPY socorfs 3379/tcp SOCORFS socorfs 3379/udp SOCORFS sns-channels 3380/udp SNS Channels sns-channels 3380/tcp SNS Channels geneous 3381/tcp Geneous geneous 3381/udp Geneous fujitsu-neat 3382/udp Fujitsu Network Enhanced Antitheft function fujitsu-neat 3382/tcp Fujitsu Network Enhanced Antitheft function esp-lm 3383/udp Enterprise Software Products License Manager esp-lm 3383/tcp Enterprise Software Products License Manager hp-clic 3384/udp Hardware Management hp-clic 3384/tcp Cluster Management Services qnxnetman 3385/udp qnxnetman qnxnetman 3385/tcp qnxnetman gprs-data 3386/tcp GPRS Data gprs-sig 3386/udp GPRS SIG backroomnet 3387/udp Back Room Net backroomnet 3387/tcp Back Room Net cbserver 3388/udp CB Server cbserver 3388/tcp CB Server ms-wbt-server 3389/udp MS WBT Server ms-wbt-server 3389/tcp MS WBT Server dsc 3390/udp Distributed Service Coordinator dsc 3390/tcp Distributed Service Coordinator savant 3391/udp SAVANT savant 3391/tcp SAVANT efi-lm 3392/tcp EFI License Management efi-lm 3392/udp EFI License Management d2k-tapestry1 3393/tcp D2K Tapestry Client to Server d2k-tapestry1 3393/udp D2K Tapestry Client to Server d2k-tapestry2 3394/tcp D2K Tapestry Server to Server d2k-tapestry2 3394/udp D2K Tapestry Server to Server dyna-lm 3395/tcp Dyna License Manager (Elam) dyna-lm 3395/udp Dyna License Manager (Elam) printer_agent 3396/udp Printer Agent printer_agent 3396/tcp Printer Agent cloanto-lm 3397/tcp Cloanto License Manager cloanto-lm 3397/udp Cloanto License Manager mercantile 3398/udp Mercantile mercantile 3398/tcp Mercantile csms 3399/udp CSMS csms 3399/tcp CSMS csms2 3400/tcp CSMS2 csms2 3400/udp CSMS2 filecast 3401/tcp filecast filecast 3401/udp filecast fxaengine-net 3402/tcp FXa Engine Network Port fxaengine-net 3402/udp FXa Engine Network Port copysnap 3403/tcp CopySnap Server Port copysnap 3403/udp CopySnap Server Port nokia-ann-ch1 3405/udp Nokia Announcement ch 1 nokia-ann-ch1 3405/tcp Nokia Announcement ch 1 nokia-ann-ch2 3406/udp Nokia Announcement ch 2 nokia-ann-ch2 3406/tcp Nokia Announcement ch 2 ldap-admin 3407/tcp LDAP admin server port ldap-admin 3407/udp LDAP admin server port issapi 3408/udp POWERpack API Port issapi 3408/tcp POWERpack API Port networklens 3409/udp NetworkLens Event Port networklens 3409/tcp NetworkLens Event Port networklenss 3410/tcp NetworkLens SSL Event networklenss 3410/udp NetworkLens SSL Event biolink-auth 3411/tcp BioLink Authenteon biolink-auth 3411/udp BioLink Authenteon xmlblaster 3412/udp xmlBlaster xmlblaster 3412/tcp xmlBlaster svnet 3413/udp SpecView Networking svnet 3413/tcp SpecView Networking wip-port 3414/udp BroadCloud WIP Port wip-port 3414/tcp BroadCloud WIP Port bcinameservice 3415/tcp BCI Name Service bcinameservice 3415/udp BCI Name Service commandport 3416/tcp AirMobile IS Command Port commandport 3416/udp AirMobile IS Command Port csvr 3417/udp ConServR file translation csvr 3417/tcp ConServR file translation rnmap 3418/tcp Remote nmap rnmap 3418/udp Remote nmap softaudit 3419/udp ISogon SoftAudit softaudit 3419/tcp Isogon SoftAudit ifcp-port 3420/tcp iFCP User Port ifcp-port 3420/udp iFCP User Port bmap 3421/udp Bull Apprise portmapper bmap 3421/tcp Bull Apprise portmapper rusb-sys-port 3422/tcp Remote USB System Port rusb-sys-port 3422/udp Remote USB System Port xtrm 3423/udp xTrade Reliable Messaging xtrm 3423/tcp xTrade Reliable Messaging xtrms 3424/udp xTrade over TLS/SSL xtrms 3424/tcp xTrade over TLS/SSL agps-port 3425/udp AGPS Access Port agps-port 3425/tcp AGPS Access Port arkivio 3426/udp Arkivio Storage Protocol arkivio 3426/tcp Arkivio Storage Protocol websphere-snmp 3427/udp WebSphere SNMP websphere-snmp 3427/tcp WebSphere SNMP twcss 3428/tcp 2Wire CSS twcss 3428/udp 2Wire CSS gcsp 3429/tcp GCSP user port gcsp 3429/udp GCSP user port ssdispatch 3430/tcp Scott Studios Dispatch ssdispatch 3430/udp Scott Studios Dispatch ndl-als 3431/tcp Active License Server Port ndl-als 3431/udp Active License Server Port osdcp 3432/tcp Secure Device Protocol osdcp 3432/udp Secure Device Protocol alta-smp 3433/tcp Altaworks Service Management Platform alta-smp 3433/udp Altaworks Service Management Platform opencm 3434/udp OpenCM Server opencm 3434/tcp OpenCM Server pacom 3435/udp Pacom Security User Port pacom 3435/tcp Pacom Security User Port gc-config 3436/udp GuardControl Exchange Protocol gc-config 3436/tcp GuardControl Exchange Protocol autocueds 3437/udp Autocue Directory Service autocueds 3437/tcp Autocue Directory Service spiral-admin 3438/tcp Spiralcraft Admin spiral-admin 3438/udp Spiralcraft Admin hri-port 3439/udp HRI Interface Port hri-port 3439/tcp HRI Interface Port ans-console 3440/udp Net Steward Mgmt Console ans-console 3440/tcp Net Steward Mgmt Console connect-client 3441/udp OC Connect Client connect-client 3441/tcp OC Connect Client connect-server 3442/tcp OC Connect Server connect-server 3442/udp OC Connect Server ov-nnm-websrv 3443/udp OpenView Network Node Manager WEB Server ov-nnm-websrv 3443/tcp OpenView Network Node Manager WEB Server denali-server 3444/tcp Denali Server denali-server 3444/udp Denali Server monp 3445/tcp Media Object Network monp 3445/udp Media Object Network 3comfaxrpc 3446/udp 3Com FAX RPC port 3comfaxrpc 3446/tcp 3Com FAX RPC port cddn 3447/tcp CompuDuo DirectNet cddn 3447/udp CompuDuo DirectNet dnc-port 3448/udp Discovery and Net Config dnc-port 3448/tcp Discovery and Net Config hotu-chat 3449/tcp HotU Chat hotu-chat 3449/udp HotU Chat castorproxy 3450/udp CAStorProxy castorproxy 3450/tcp CAStorProxy asam 3451/udp ASAM Services asam 3451/tcp ASAM Services sabp-signal 3452/tcp SABP-Signalling Protocol sabp-signal 3452/udp SABP-Signalling Protocol pscupd 3453/udp PSC Update Port pscupd 3453/tcp PSC Update Port mira 3454/tcp Apple Remote Access Protocol prsvp 3455/udp RSVP Port prsvp 3455/tcp RSVP Port vat 3456/tcp VAT default data vat 3456/udp VAT default data vat-control 3457/udp VAT default control vat-control 3457/tcp VAT default control d3winosfi 3458/udp D3WinOSFI d3winosfi 3458/tcp D3WinOSFI integral 3459/udp TIP Integral integral 3459/tcp TIP Integral edm-manager 3460/tcp EDM Manger edm-manager 3460/udp EDM Manger edm-stager 3461/tcp EDM Stager edm-stager 3461/udp EDM Stager edm-std-notify 3462/udp EDM STD Notify edm-std-notify 3462/tcp EDM STD Notify edm-adm-notify 3463/tcp EDM ADM Notify edm-adm-notify 3463/udp EDM ADM Notify edm-mgr-sync 3464/udp EDM MGR Sync edm-mgr-sync 3464/tcp EDM MGR Sync edm-mgr-cntrl 3465/udp EDM MGR Cntrl edm-mgr-cntrl 3465/tcp EDM MGR Cntrl workflow 3466/udp WORKFLOW workflow 3466/tcp WORKFLOW rcst 3467/udp RCST rcst 3467/tcp RCST ttcmremotectrl 3468/udp TTCM Remote Controll ttcmremotectrl 3468/tcp TTCM Remote Controll pluribus 3469/udp Pluribus pluribus 3469/tcp Pluribus jt400 3470/tcp jt400 jt400 3470/udp jt400 jt400-ssl 3471/udp jt400-ssl jt400-ssl 3471/tcp jt400-ssl jaugsremotec-1 3472/udp JAUGS N-G Remotec 1 jaugsremotec-1 3472/tcp JAUGS N-G Remotec 1 jaugsremotec-2 3473/udp JAUGS N-G Remotec 2 jaugsremotec-2 3473/tcp JAUGS N-G Remotec 2 ttntspauto 3474/udp TSP Automation ttntspauto 3474/tcp TSP Automation genisar-port 3475/udp Genisar Comm Port genisar-port 3475/tcp Genisar Comm Port nppmp 3476/tcp NVIDIA Mgmt Protocol nppmp 3476/udp NVIDIA Mgmt Protocol ecomm 3477/udp eComm link port ecomm 3477/tcp eComm link port nat-stun-port 3478/udp Simple Traversal of UDP Through NAT (STUN) port nat-stun-port 3478/tcp Simple Traversal of UDP Through NAT (STUN) port twrpc 3479/tcp 2Wire RPC twrpc 3479/udp 2Wire RPC plethora 3480/udp Secure Virtual Workspace plethora 3480/tcp Secure Virtual Workspace cleanerliverc 3481/udp CleanerLive remote ctrl cleanerliverc 3481/tcp CleanerLive remote ctrl vulture 3482/tcp Vulture Monitoring System vulture 3482/udp Vulture Monitoring System slim-devices 3483/udp Slim Devices Protocol slim-devices 3483/tcp Slim Devices Protocol gbs-stp 3484/udp GBS SnapTalk Protocol gbs-stp 3484/tcp GBS SnapTalk Protocol ibm3494 3494/udp IBM 3494 ibm3494 3494/tcp IBM 3494 seclayer-tcp 3495/udp securitylayer over tcp seclayer-tcp 3495/tcp securitylayer over tcp seclayer-tls 3496/udp securitylayer over tls seclayer-tls 3496/tcp securitylayer over tls rtmp-port 3500/udp RTMP Port rtmp-port 3500/tcp RTMP Port isoft-p2p 3501/udp iSoft-P2P isoft-p2p 3501/tcp iSoft-P2P avinstalldisc 3502/tcp Avocent Install Discovery avinstalldisc 3502/udp Avocent Install Discovery lsp-ping 3503/udp MPLS LSP-echo Port lsp-ping 3503/tcp MPLS LSP-echo Port ironstorm 3504/udp IronStorm game server ironstorm 3504/tcp IronStorm game server ccmcomm 3505/tcp CCM communications port ccmcomm 3505/udp CCM communications port apc-aem-status 3506/tcp APC Device Status Port apc-aem-status 3506/udp APC Device Status Port nesh-broker 3507/udp Nesh Broker Port nesh-broker 3507/tcp Nesh Broker Port interactionweb 3508/udp Interaction Web interactionweb 3508/tcp Interaction Web ms-la 3535/udp MS-LA ms-la 3535/tcp MS-LA watcomdebug 3563/tcp Watcom Debug watcomdebug 3563/udp Watcom Debug qsintelliagent 3566/tcp Quest Intelliagent qsintelliagent 3566/udp Quest Intelliagent sharp-server 3617/udp ATI SHARP Logic Engine sharp-server 3617/tcp ATI SHARP Logic Engine lispworks-orb 3672/udp LispWorks ORB lispworks-orb 3672/tcp LispWorks ORB # Scott A. McIntyre portal-of-doom 3700/udp ca-idms 3709/udp CA-IDMS Server ca-idms 3709/tcp CA-IDMS Server sphidia-port 3737/udp Sphidia Game Port sphidia-port 3737/tcp Sphidia Game Port # Darlene Hall wilco 3782/udp http://www.rpgrealms.com/ubb/Forum24/HTML/000044.h # Scott A. McIntyre totaleclipse 3791/tcp vhd 3802/tcp VHD vhd 3802/udp VHD v-one-spp 3845/udp V-ONE Single Port Proxy v-one-spp 3845/tcp V-ONE Single Port Proxy giga-pocket 3862/udp GIGA-POCKET giga-pocket 3862/tcp GIGA-POCKET pnbscada 3875/tcp PNBSCADA pnbscada 3875/udp PNBSCADA topflow-ssl 3885/udp TopFlow SSL topflow-ssl 3885/tcp TopFlow SSL udt_os 3900/udp Unidata UDT OS udt_os 3900/tcp Unidata UDT OS aamp 3939/tcp Anti-virus Application Management Port aamp 3939/udp Anti-virus Application Management Port mapper-nodemgr 3984/udp MAPPER network node manager mapper-nodemgr 3984/tcp MAPPER network node manager mapper-mapethd 3985/tcp MAPPER TCP/IP server mapper-mapethd 3985/udp MAPPER TCP/IP server mapper-ws_ethd 3986/tcp MAPPER workstation server mapper-ws_ethd 3986/udp MAPPER workstation server centerline 3987/udp Centerline centerline 3987/tcp Centerline terabase 4000/udp Terabase terabase 4000/tcp Terabase # Siraj 'Sid' Rakhada icq 4000/udp http://www.icq.com newoak 4001/tcp NewOak newoak 4001/udp NewOak pxc-spvr-ft 4002/udp pxc-spvr-ft pxc-spvr-ft 4002/tcp pxc-spvr-ft pxc-splr-ft 4003/udp pxc-splr-ft pxc-splr-ft 4003/tcp pxc-splr-ft pxc-roid 4004/udp pxc-roid pxc-roid 4004/tcp pxc-roid pxc-pin 4005/udp pxc-pin pxc-pin 4005/tcp pxc-pin pxc-spvr 4006/udp pxc-spvr pxc-spvr 4006/tcp pxc-spvr pxc-splr 4007/udp pxc-splr pxc-splr 4007/tcp pxc-splr netcheque 4008/tcp NetCheque accounting netcheque 4008/udp NetCheque accounting chimera-hwm 4009/tcp Chimera HWM chimera-hwm 4009/udp Chimera HWM samsung-unidex 4010/tcp Samsung Unidex samsung-unidex 4010/udp Samsung Unidex altserviceboot 4011/tcp Alternate Service Boot altserviceboot 4011/udp Alternate Service Boot pda-gate 4012/tcp PDA Gate pda-gate 4012/udp PDA Gate acl-manager 4013/tcp ACL Manager acl-manager 4013/udp ACL Manager taiclock 4014/tcp TAICLOCK taiclock 4014/udp TAICLOCK talarian-mcast1 4015/udp Talarian Mcast talarian-mcast1 4015/tcp Talarian Mcast talarian-mcast2 4016/tcp Talarian Mcast talarian-mcast2 4016/udp Talarian Mcast talarian-mcast3 4017/udp Talarian Mcast talarian-mcast3 4017/tcp Talarian Mcast talarian-mcast4 4018/tcp Talarian Mcast talarian-mcast4 4018/udp Talarian Mcast talarian-mcast5 4019/tcp Talarian Mcast talarian-mcast5 4019/udp Talarian Mcast trap 4020/tcp TRAP Port trap 4020/udp TRAP Port nexus-portal 4021/udp Nexus Portal nexus-portal 4021/tcp Nexus Portal dnox 4022/tcp DNOX dnox 4022/udp DNOX esnm-zoning 4023/udp ESNM Zoning Port esnm-zoning 4023/tcp ESNM Zoning Port tnp1-port 4024/udp TNP1 User Port tnp1-port 4024/tcp TNP1 User Port partimage 4025/tcp Partition Image Port partimage 4025/udp Partition Image Port as-debug 4026/udp Graphical Debug Server as-debug 4026/tcp Graphical Debug Server bxp 4027/udp bitxpress bxp 4027/tcp bitxpress dtserver-port 4028/tcp DTServer Port dtserver-port 4028/udp DTServer Port ip-qsig 4029/udp IP Q signaling protocol ip-qsig 4029/tcp IP Q signaling protocol jdmn-port 4030/tcp Accell/JSP Daemon Port jdmn-port 4030/tcp Accell/JSP Daemon Port suucp 4031/udp UUCP over SSL suucp 4031/tcp UUCP over SSL vrts-auth-port 4032/tcp VERITAS Authorize Server vrts-auth-port 4032/udp VERITAS Authorize Server sanavigator 4033/udp SANavigator Peer Port sanavigator 4033/tcp SANavigator Peer Port ubxd 4034/tcp Ubiquinox Daemon ubxd 4034/udp Ubiquinox Daemon wap-push-http 4035/tcp WAP Push OTA-HTTP port wap-push-http 4035/udp WAP Push OTA-HTTP port wap-push-https 4036/tcp WAP Push OTA-HTTP secure wap-push-https 4036/udp WAP Push OTA-HTTP secure yo-main 4040/tcp Yo.net main service yo-main 4040/udp Yo.net main service houston 4041/udp Rocketeer-Houston houston 4041/tcp Rocketeer-Houston ldxp 4042/tcp LDXP ldxp 4042/udp LDXP # Scott A. McIntyre ichat3 4080/tcp # Scott A. McIntyre wincrash-alt 4092/udp bre 4096/udp BRE (Bridge Relay Element) bre 4096/tcp BRE (Bridge Relay Element) patrolview 4097/udp Patrol View patrolview 4097/tcp Patrol View drmsfsd 4098/tcp drmsfsd drmsfsd 4098/udp drmsfsd dpcp 4099/udp DPCP dpcp 4099/tcp DPCP igo-incognito 4100/tcp IGo Incognito Data Port igo-incognito 4100/udp IGo Incognito Data Port # James R Grinter nco_objserv 4100/tcp http://www.micromuse.com/products/descriptions.htm # James Van Houten user-authentication-for-watchguard-products 4100/tcp http://www.watchguard.com/training/lss/45/auth3.ht nuts_dem 4132/udp NUTS Daemon nuts_dem 4132/tcp NUTS Daemon nuts_bootp 4133/tcp NUTS Bootp Server nuts_bootp 4133/udp NUTS Bootp Server nifty-hmi 4134/udp NIFTY-Serve HMI protocol nifty-hmi 4134/tcp NIFTY-Serve HMI protocol oirtgsvc 4141/tcp Workflow Server oirtgsvc 4141/udp Workflow Server oidocsvc 4142/tcp Document Server oidocsvc 4142/udp Document Server oidsr 4143/udp Document Replication oidsr 4143/tcp Document Replication vvr-control 4145/udp VVR Control vvr-control 4145/tcp VVR Control jini-discovery 4160/udp Jini Discovery jini-discovery 4160/tcp Jini Discovery eims-admin 4199/udp EIMS ADMIN eims-admin 4199/tcp EIMS ADMIN # James R Grinter nco_pa 4200/tcp http://www.micromuse.com/products/descriptions.htm corelccam 4300/tcp Corel CCam corelccam 4300/udp Corel CCam # James R Grinter nco_gate 4300/tcp http://www.micromuse.com/products/descriptions.htm rwhois 4321/tcp Remote Who Is rwhois 4321/udp Remote Who Is # Fernando Montenegro fibs 4321/tcp www.fibs.com unicall 4343/tcp UNICALL unicall 4343/udp UNICALL vinainstall 4344/tcp VinaInstall vinainstall 4344/udp VinaInstall m4-network-as 4345/tcp Macro 4 Network AS m4-network-as 4345/udp Macro 4 Network AS elanlm 4346/udp ELAN LM elanlm 4346/tcp ELAN LM lansurveyor 4347/udp LAN Surveyor lansurveyor 4347/tcp LAN Surveyor itose 4348/udp ITOSE itose 4348/tcp ITOSE fsportmap 4349/tcp File System Port Map fsportmap 4349/udp File System Port Map net-device 4350/udp Net Device net-device 4350/tcp Net Device plcy-net-svcs 4351/udp PLCY Net Services plcy-net-svcs 4351/tcp PLCY Net Services f5-iquery 4353/tcp F5 iQuery f5-iquery 4353/udp F5 iQuery qsnet-trans 4354/udp QSNet Transmitter qsnet-trans 4354/tcp QSNet Transmitter qsnet-workst 4355/tcp QSNet Workstation qsnet-workst 4355/udp QSNet Workstation qsnet-assist 4356/udp QSNet Assistant qsnet-assist 4356/tcp QSNet Assistant qsnet-cond 4357/tcp QSNet Conductor qsnet-cond 4357/udp QSNet Conductor qsnet-nucl 4358/tcp QSNet Nucleus qsnet-nucl 4358/udp QSNet Nucleus # James R Grinter nco_proxy 4400/tcp http://www.micromuse.com/products/descriptions.htm saris 4442/tcp Saris saris 4442/udp Saris pharos 4443/udp Pharos pharos 4443/tcp Pharos nv-video 4444/udp NV Video default nv-video 4444/tcp NV Video default krb524 4444/tcp KRB524 krb524 4444/udp KRB524 # Rick Payne napster 4444/tcp http://opennap.sourceforge.net/napster.txt upnotifyp 4445/tcp UPNOTIFYP upnotifyp 4445/udp UPNOTIFYP n1-fwp 4446/tcp N1-FWP n1-fwp 4446/udp N1-FWP n1-rmgmt 4447/tcp N1-RMGMT n1-rmgmt 4447/udp N1-RMGMT asc-slmd 4448/udp ASC Licence Manager asc-slmd 4448/tcp ASC Licence Manager privatewire 4449/udp PrivateWire privatewire 4449/tcp PrivateWire camp 4450/udp Camp camp 4450/tcp Camp ctisystemmsg 4451/tcp CTI System Msg ctisystemmsg 4451/udp CTI System Msg ctiprogramload 4452/tcp CTI Program Load ctiprogramload 4452/udp CTI Program Load nssalertmgr 4453/udp NSS Alert Manager nssalertmgr 4453/tcp NSS Alert Manager nssagentmgr 4454/tcp NSS Agent Manager nssagentmgr 4454/udp NSS Agent Manager prchat-user 4455/tcp PR Chat User prchat-user 4455/udp PR Chat User prchat-server 4456/udp PR Chat Server prchat-server 4456/tcp PR Chat Server prregister 4457/tcp PR Register prregister 4457/udp PR Register ipsec-msft 4500/udp Microsoft IPsec NAT-T ipsec-msft 4500/tcp Microsoft IPsec NAT-T # Patrick Belcher safari 4500/tcp http://www.netzero.net/support/pat/questions_safar worldscores 4545/udp WorldScores worldscores 4545/tcp WorldScores sf-lm 4546/udp SF License Manager (Sentinel) sf-lm 4546/tcp SF License Manager (Sentinel) lanner-lm 4547/udp Lanner License Manager lanner-lm 4547/tcp Lanner License Manager rsip 4555/udp RSIP Port rsip 4555/tcp RSIP Port hylafax 4559/udp HylaFAX hylafax 4559/tcp HylaFAX tram 4567/tcp TRAM tram 4567/udp TRAM # Scott A. McIntyre filenail 4567/tcp bmc-reporting 4568/udp BMC Reporting bmc-reporting 4568/tcp BMC Reporting piranha1 4600/tcp Piranha1 piranha1 4600/udp Piranha1 piranha2 4601/udp Piranha2 piranha2 4601/tcp Piranha2 smaclmgr 4660/udp smaclmgr smaclmgr 4660/tcp smaclmgr kar2ouche 4661/tcp Kar2ouche Peer location service kar2ouche 4661/udp Kar2ouche Peer location service rfa 4672/tcp remote file access server rfa 4672/udp remote file access server snap 4752/udp Simple Network Audio Protocol snap 4752/tcp Simple Network Audio Protocol iims 4800/udp Icona Instant Messenging System iims 4800/tcp Icona Instant Messenging System iwec 4801/udp Icona Web Embedded Chat iwec 4801/tcp Icona Web Embedded Chat ilss 4802/tcp Icona License System Server ilss 4802/udp Icona License System Server htcp 4827/tcp HTCP htcp 4827/udp HTCP varadero-0 4837/udp Varadero-0 varadero-0 4837/tcp Varadero-0 varadero-1 4838/udp Varadero-1 varadero-1 4838/tcp Varadero-1 varadero-2 4839/udp Varadero-2 varadero-2 4839/tcp Varadero-2 appserv-http 4848/udp App Server - Admin HTTP appserv-http 4848/tcp App Server - Admin HTTP appserv-https 4849/tcp App Server - Admin HTTPS appserv-https 4849/udp App Server - Admin HTTPS phrelay 4868/udp Photon Relay phrelay 4868/tcp Photon Relay phrelaydbg 4869/udp Photon Relay Debug phrelaydbg 4869/tcp Photon Relay Debug abbs 4885/udp ABBS abbs 4885/tcp ABBS lyskom 4894/udp LysKOM Protocol A lyskom 4894/tcp LysKOM Protocol A # Scott A. McIntyre icq-trojan 4950/tcp att-intercom 4983/tcp AT&T Intercom att-intercom 4983/udp AT&T Intercom smar-se-port1 4987/udp SMAR Ethernet Port 1 smar-se-port1 4987/tcp SMAR Ethernet Port 1 smar-se-port2 4988/tcp SMAR Ethernet Port 2 smar-se-port2 4988/udp SMAR Ethernet Port 2 commplex-main 5000/udp commplex-main 5000/tcp # Scott A. McIntyre sockets-de-troie 5000/udp sockets-de-troie 5001/udp # Scott Craig ssdps 5000/tcp http://tds.diamondcs.com.au/html/frameset_selfsupp commplex-link 5001/udp commplex-link 5001/tcp # Derek Petersen ultima-online-game 5001/tcp http://www.uo.com/visitor/ ultima-online-game 5002/tcp http://www.uo.com/visitor/ ultima-online-game 5003/tcp http://www.uo.com/visitor/ ultima-online-game 5004/tcp http://www.uo.com/visitor/ ultima-online-game 5005/tcp http://www.uo.com/visitor/ ultima-online-game 5006/tcp http://www.uo.com/visitor/ ultima-online-game 5007/tcp http://www.uo.com/visitor/ ultima-online-game 5008/tcp http://www.uo.com/visitor/ ultima-online-game 5009/tcp http://www.uo.com/visitor/ rfe 5002/udp radio free ethernet rfe 5002/tcp radio free ethernet # joshua reed metaip-dhcp-failover 5002/udp fmpro-internal 5003/tcp FileMaker, Inc. - Proprietary transport fmpro-internal 5003/udp FileMaker, Inc. - Proprietary name binding avt-profile-1 5004/udp avt-profile-1 avt-profile-1 5004/tcp avt-profile-1 avt-profile-2 5005/udp avt-profile-2 avt-profile-2 5005/tcp avt-profile-2 wsm-server 5006/tcp wsm server wsm-server 5006/udp wsm server wsm-server-ssl 5007/udp wsm server ssl wsm-server-ssl 5007/tcp wsm server ssl synapsis-edge 5008/udp Synapsis EDGE synapsis-edge 5008/tcp Synapsis EDGE telelpathstart 5010/tcp TelepathStart telelpathstart 5010/udp TelepathStart telelpathattack 5011/udp TelepathAttack telelpathattack 5011/tcp TelepathAttack # Scott A. McIntyre ootlt 5011/tcp zenginkyo-1 5020/tcp zenginkyo-1 zenginkyo-1 5020/udp zenginkyo-1 zenginkyo-2 5021/udp zenginkyo-2 zenginkyo-2 5021/tcp zenginkyo-2 mice 5022/tcp mice server mice 5022/udp mice server htuilsrv 5023/udp Htuil Server for PLD2 htuilsrv 5023/tcp Htuil Server for PLD2 # Scott A. McIntyre netmetro 5031/tcp asnaacceler8db 5042/udp asnaacceler8db asnaacceler8db 5042/tcp asnaacceler8db mmcc 5050/tcp multimedia conference control tool mmcc 5050/udp multimedia conference control tool # Keyser Sosez accurev 5050/tcp http://www.ede.com/accurev/doc/site_install.html ita-agent 5051/tcp ITA Agent ita-agent 5051/udp ITA Agent ita-manager 5052/udp ITA Manager ita-manager 5052/tcp ITA Manager # Philip J. Koenig java-service 5053/tcp java-service 5054/tcp unot 5055/udp UNOT unot 5055/tcp UNOT # Derek Petersen yahoo!-messenger-voice-chat 5055/udp http://messenger.yahoo.com/ intecom-ps1 5056/tcp Intecom PS 1 intecom-ps1 5056/udp Intecom PS 1 intecom-ps2 5057/tcp Intecom PS 2 intecom-ps2 5057/udp Intecom PS 2 sip 5060/udp SIP sip 5060/tcp SIP sip-tls 5061/tcp SIP-TLS sip-tls 5061/udp SIP-TLS stanag-5066 5066/udp STANAG-5066-SUBNET-INTF stanag-5066 5066/tcp STANAG-5066-SUBNET-INTF i-net-2000-npr 5069/udp I/Net 2000-NPR i-net-2000-npr 5069/tcp I/Net 2000-NPR powerschool 5071/tcp PowerSchool powerschool 5071/udp PowerSchool sdl-ets 5081/tcp SDL - Ent Trans Server sdl-ets 5081/udp SDL - Ent Trans Server sentinel-lm 5093/tcp Sentinel LM sentinel-lm 5093/udp Sentinel LM sentlm-srv2srv 5099/udp SentLM Srv2Srv sentlm-srv2srv 5099/tcp SentLM Srv2Srv # Scott Craig sockserv 5099/tcp http://www.opentext.com/livelink/ talarian-udp 5101/udp Talarian_UDP talarian-tcp 5101/tcp Talarian_TCP rmonitor_secure 5145/tcp RMONITOR SECURE rmonitor_secure 5145/udp RMONITOR SECURE atmp 5150/udp Ascend Tunnel Management Protocol atmp 5150/tcp Ascend Tunnel Management Protocol esri_sde 5151/tcp ESRI SDE Instance esri_sde 5151/udp ESRI SDE Remote Start sde-discovery 5152/udp ESRI SDE Instance Discovery sde-discovery 5152/tcp ESRI SDE Instance Discovery ife_icorp 5165/tcp ife_1corp ife_icorp 5165/udp ife_1corp aol 5190/tcp America-Online aol 5190/udp America-Online # BAD-ASS icq-server 5190/tcp aol-1 5191/tcp AmericaOnline1 aol-1 5191/udp AmericaOnline1 aol-2 5192/udp AmericaOnline2 aol-2 5192/tcp AmericaOnline2 aol-3 5193/udp AmericaOnline3 aol-3 5193/tcp AmericaOnline3 targus-getdata 5200/tcp TARGUS GetData targus-getdata 5200/udp TARGUS GetData targus-getdata1 5201/tcp TARGUS GetData 1 targus-getdata1 5201/udp TARGUS GetData 1 targus-getdata2 5202/tcp TARGUS GetData 2 targus-getdata2 5202/udp TARGUS GetData 2 targus-getdata3 5203/udp TARGUS GetData 3 targus-getdata3 5203/tcp TARGUS GetData 3 jabber-client 5222/udp Jabber Client Connection jabber-client 5222/tcp Jabber Client Connection # Derek Petersen jabber 5222/tcp http://www.jabber.com hp-server 5225/udp HP Server hp-server 5225/tcp HP Server hp-status 5226/udp HP Status hp-status 5226/tcp HP Status padl2sim 5236/udp padl2sim 5236/tcp igateway 5250/udp iGateway igateway 5250/tcp iGateway jabber-server 5269/udp Jabber Server Connection jabber-server 5269/tcp Jabber Server Connection pk 5272/tcp PK pk 5272/udp PK transmit-port 5282/tcp Marimba Transmitter Port transmit-port 5282/udp Marimba Transmitter Port hacl-hb 5300/udp # HA cluster heartbeat hacl-hb 5300/tcp # HA cluster heartbeat hacl-gs 5301/udp # HA cluster general services hacl-gs 5301/tcp # HA cluster general services hacl-cfg 5302/udp # HA cluster configuration hacl-cfg 5302/tcp # HA cluster configuration hacl-probe 5303/udp # HA cluster probing hacl-probe 5303/tcp # HA cluster probing hacl-local 5304/udp hacl-local 5304/tcp # HA Cluster Commands hacl-test 5305/udp hacl-test 5305/tcp # HA Cluster Test sun-mc-grp 5306/udp Sun MC Group sun-mc-grp 5306/tcp Sun MC Group sco-aip 5307/udp SCO AIP sco-aip 5307/tcp SCO AIP cfengine 5308/udp CFengine cfengine 5308/tcp CFengine jprinter 5309/udp J Printer jprinter 5309/tcp J Printer outlaws 5310/udp Outlaws outlaws 5310/tcp Outlaws tmlogin 5311/udp TM Login tmlogin 5311/tcp TM Login opalis-rbt-ipc 5314/tcp opalis-rbt-ipc opalis-rbt-ipc 5314/udp opalis-rbt-ipc hacl-poll 5315/udp HA Cluster UDP Polling hacl-poll 5315/tcp HA Cluster UDP Polling # Scott A. McIntyre firehotcker 5321/udp mdns 5353/tcp Multicast DNS mdns 5353/udp Multicast DNS excerpt 5400/tcp Excerpt Search excerpt 5400/udp Excerpt Search # Scott A. McIntyre blade-runner 5400/udp blade-runner 5401/udp blade-runner 5402/udp # Scott A. McIntyre blade-runner 5400/tcp excerpts 5401/udp Excerpt Search Secure excerpts 5401/tcp Excerpt Search Secure mftp 5402/udp MFTP mftp 5402/tcp MFTP hpoms-ci-lstn 5403/udp HPOMS-CI-LSTN hpoms-ci-lstn 5403/tcp HPOMS-CI-LSTN hpoms-dps-lstn 5404/udp HPOMS-DPS-LSTN hpoms-dps-lstn 5404/tcp HPOMS-DPS-LSTN netsupport 5405/udp NetSupport netsupport 5405/tcp NetSupport systemics-sox 5406/tcp Systemics Sox systemics-sox 5406/udp Systemics Sox foresyte-clear 5407/udp Foresyte-Clear foresyte-clear 5407/tcp Foresyte-Clear foresyte-sec 5408/udp Foresyte-Sec foresyte-sec 5408/tcp Foresyte-Sec salient-dtasrv 5409/tcp Salient Data Server salient-dtasrv 5409/udp Salient Data Server salient-usrmgr 5410/tcp Salient User Manager salient-usrmgr 5410/udp Salient User Manager actnet 5411/udp ActNet actnet 5411/tcp ActNet continuus 5412/udp Continuus continuus 5412/tcp Continuus wwiotalk 5413/udp WWIOTALK wwiotalk 5413/tcp WWIOTALK statusd 5414/udp StatusD statusd 5414/tcp StatusD ns-server 5415/tcp NS Server ns-server 5415/udp NS Server sns-gateway 5416/tcp SNS Gateway sns-gateway 5416/udp SNS Gateway sns-agent 5417/udp SNS Agent sns-agent 5417/tcp SNS Agent mcntp 5418/udp MCNTP mcntp 5418/tcp MCNTP dj-ice 5419/udp DJ-ICE dj-ice 5419/tcp DJ-ICE cylink-c 5420/udp Cylink-C cylink-c 5420/tcp Cylink-C netsupport2 5421/tcp Net Support 2 netsupport2 5421/udp Net Support 2 salient-mux 5422/udp Salient MUX salient-mux 5422/tcp Salient MUX virtualuser 5423/tcp VIRTUALUSER virtualuser 5423/udp VIRTUALUSER devbasic 5426/udp DEVBASIC devbasic 5426/tcp DEVBASIC sco-peer-tta 5427/udp SCO-PEER-TTA sco-peer-tta 5427/tcp SCO-PEER-TTA telaconsole 5428/tcp TELACONSOLE telaconsole 5428/udp TELACONSOLE base 5429/udp Billing and Accounting System Exchange base 5429/tcp Billing and Accounting System Exchange radec-corp 5430/udp RADEC CORP radec-corp 5430/tcp RADEC CORP park-agent 5431/udp PARK AGENT park-agent 5431/tcp PARK AGENT postgresql 5432/udp PostgreSQL Database postgresql 5432/tcp PostgreSQL Database # Ramji jhcts 5432/tcp http://www.jhc.co.uk # John Ekins postgres-database 5432/tcp www.postgresql.org dttl 5435/tcp Data Tunneling Transceiver Linking (DTTL) dttl 5435/udp Data Tunneling Transceiver Linking (DTTL) apc-tcp-udp-4 5454/tcp apc-tcp-udp-4 apc-tcp-udp-4 5454/udp apc-tcp-udp-4 apc-tcp-udp-5 5455/tcp apc-tcp-udp-5 apc-tcp-udp-5 5455/udp apc-tcp-udp-5 apc-tcp-udp-6 5456/tcp apc-tcp-udp-6 apc-tcp-udp-6 5456/udp apc-tcp-udp-6 silkmeter 5461/tcp SILKMETER silkmeter 5461/udp SILKMETER ttl-publisher 5462/udp TTL Publisher ttl-publisher 5462/tcp TTL Publisher ttlpriceproxy 5463/udp TTL Price Proxy ttlpriceproxy 5463/tcp TTL Price Proxy netops-broker 5465/tcp NETOPS-BROKER netops-broker 5465/udp NETOPS-BROKER fcp-addr-srvr1 5500/tcp fcp-addr-srvr1 fcp-addr-srvr1 5500/udp fcp-addr-srvr1 # Ramji secureid 5500/udp http://www.rsasecurity.com fcp-addr-srvr2 5501/udp fcp-addr-srvr2 fcp-addr-srvr2 5501/tcp fcp-addr-srvr2 fcp-srvr-inst1 5502/tcp fcp-srvr-inst1 fcp-srvr-inst1 5502/udp fcp-srvr-inst1 fcp-srvr-inst2 5503/udp fcp-srvr-inst2 fcp-srvr-inst2 5503/tcp fcp-srvr-inst2 fcp-cics-gw1 5504/tcp fcp-cics-gw1 fcp-cics-gw1 5504/udp fcp-cics-gw1 # Ramji secureidprop 5510/tcp http://www.rsasecurity.com # Ramji sdlog 5520/tcp http://www.rsasecurity.com # Scott A. McIntyre illusionmailer 5521/tcp # Ramji sdserv 5530/tcp http://www.rsasecurity.com # Ramji sdreport 5540/tcp http://www.rsasecurity.com # Scott A. McIntyre xtcp2 5550/tcp # Ramji sdadmind 5550/tcp http://www.rsasecurity.com sgi-esphttp 5554/tcp SGI ESP HTTP sgi-esphttp 5554/udp SGI ESP HTTP personal-agent 5555/udp Personal Agent personal-agent 5555/tcp Personal Agent # Rick Payne napster 5555/tcp http://opennap.sourceforge.net/napster.txt # Scott Craig knark 5555/tcp http://www.securityfocus.com/archive/75/163619 # Scott Craig knark 5555/tcp http://www.securityfocus.com/archive/75/163619 # Scott A. McIntyre remotewatch 5556/tcp udpplus 5566/udp UDPPlus udpplus 5566/tcp UDPPlus # Scott A. McIntyre robohack 5569/tcp esinstall 5599/tcp Enterprise Security Remote Install esinstall 5599/udp Enterprise Security Remote Install esmmanager 5600/udp Enterprise Security Manager esmmanager 5600/tcp Enterprise Security Manager # Dean W. Bettinger jabberim 5600/tcp esmagent 5601/tcp Enterprise Security Agent esmagent 5601/udp Enterprise Security Agent a1-msc 5602/udp A1-MSC a1-msc 5602/tcp A1-MSC a1-bs 5603/udp A1-BS a1-bs 5603/tcp A1-BS a3-sdunode 5604/tcp A3-SDUNode a3-sdunode 5604/udp A3-SDUNode a4-sdunode 5605/tcp A4-SDUNode a4-sdunode 5605/udp A4-SDUNode pcanywheredata 5631/tcp pcANYWHEREdata pcanywheredata 5631/udp pcANYWHEREdata pcanywherestat 5632/udp pcANYWHEREstat pcanywherestat 5632/tcp pcANYWHEREstat # Russell Foster netsaint 5666/tcp www.netsaint.org jms 5673/udp JACL Message Server jms 5673/tcp JACL Message Server hyperscsi-port 5674/udp HyperSCSI Port hyperscsi-port 5674/tcp HyperSCSI Port v5ua 5675/udp V5UA application port v5ua 5675/tcp V5UA application port raadmin 5676/tcp RA Administration raadmin 5676/udp RA Administration questdb2-lnchr 5677/udp Quest Central DB2 Launchr questdb2-lnchr 5677/tcp Quest Central DB2 Launchr rrac 5678/udp Remote Replication Agent Connection rrac 5678/tcp Remote Replication Agent Connection dccm 5679/tcp Direct Cable Connect Manager dccm 5679/udp Direct Cable Connect Manager proshareaudio 5713/udp proshare conf audio proshareaudio 5713/tcp proshare conf audio prosharevideo 5714/udp proshare conf video prosharevideo 5714/tcp proshare conf video prosharedata 5715/udp proshare conf data prosharedata 5715/tcp proshare conf data prosharerequest 5716/udp proshare conf request prosharerequest 5716/tcp proshare conf request prosharenotify 5717/tcp proshare conf notify prosharenotify 5717/udp proshare conf notify openmail 5729/udp Openmail User Agent Layer openmail 5729/tcp Openmail User Agent Layer unieng 5730/tcp Steltor's calendar access unieng 5730/udp Steltor's calendar access # -dkap steltor-calendar 5730/tcp http://www.securityportal.com/firewalls/ports/port ida-discover1 5741/udp IDA Discover Port 1 ida-discover1 5741/tcp IDA Discover Port 1 ida-discover2 5742/tcp IDA Discover Port 2 ida-discover2 5742/udp IDA Discover Port 2 # Scott A. McIntyre wincrash 5742/tcp # Scott A. McIntyre wincrash 5742/udp fcopy-server 5745/udp fcopy-server fcopy-server 5745/tcp fcopy-server fcopys-server 5746/tcp fcopys-server fcopys-server 5746/udp fcopys-server openmailg 5755/udp OpenMail Desk Gateway server openmailg 5755/tcp OpenMail Desk Gateway server x500ms 5757/udp OpenMail X.500 Directory Server x500ms 5757/tcp OpenMail X.500 Directory Server openmailns 5766/udp OpenMail NewMail Server openmailns 5766/tcp OpenMail NewMail Server s-openmail 5767/udp OpenMail Suer Agent Layer (Secure) s-openmail 5767/tcp OpenMail Suer Agent Layer (Secure) openmailpxy 5768/tcp OpenMail CMTS Server openmailpxy 5768/udp OpenMail CMTS Server netagent 5771/udp NetAgent netagent 5771/tcp NetAgent # Rick Payne vnc 5800/tcp http://www.uk.research.att.com/vnc/ vnc 5801/tcp http://www.uk.research.att.com/vnc/ # Ronald vnc 5800/tcp www.uk.research.att.com/vnc/ icmpd 5813/tcp ICMPD icmpd 5813/udp ICMPD # Scott Craig otadmin 5858/tcp http://www.opentext.com/livelink/ wherehoo 5859/tcp WHEREHOO wherehoo 5859/udp WHEREHOO # Greg Pruitt remote-access-/-icq-trojan 5881/udp # John Ekins y3k 5882/tcp http://www.tlsecurity.com/backdoor/y.3k.html # John Ekins y3k 5882/udp http://www.tlsecurity.com/backdoor/y.3k.html # John Ekins y3k 5888/tcp http://www.tlsecurity.com/backdoor/y.3k.html # John Ekins y3k 5888/udp http://www.tlsecurity.com/backdoor/y.3k.html # John Ekins y3k 5889/tcp http://www.tlsecurity.com/backdoor/y.3k.html # Stan Simmons vnc-java 5900/tcp # Thilo Hilpert vnc 5900/tcp http://www.uk.research.att.com/vnc/ # Ronald vnc 5900/tcp www.uk.research.att.com/vnc/ # Scott Sanchez vnc-data 5900/tcp http://www.uk.research.att.com/vnc/faq.html#q52 mppolicy-v5 5968/udp mppolicy-v5 mppolicy-v5 5968/tcp mppolicy-v5 mppolicy-mgr 5969/udp mppolicy-mgr mppolicy-mgr 5969/tcp mppolicy-mgr wbem-rmi 5987/tcp WBEM RMI wbem-rmi 5987/udp WBEM RMI wbem-http 5988/tcp WBEM HTTP wbem-http 5988/udp WBEM HTTP wbem-https 5989/tcp WBEM HTTPS wbem-https 5989/udp WBEM HTTPS wbem-local 5990/udp HP WBEM Local Connection wbem-local 5990/tcp HP WBEM Local Connection nuxsl 5991/udp NUXSL nuxsl 5991/tcp NUXSL cvsup 5999/tcp CVSup cvsup 5999/udp CVSup x11 6000/udp X Window System x11 6001/udp X Window System x11 6002/udp X Window System x11 6003/udp X Window System x11 6004/udp X Window System x11 6005/udp X Window System x11 6006/udp X Window System x11 6007/udp X Window System x11 6008/udp X Window System x11 6009/udp X Window System x11 6010/udp X Window System x11 6011/udp X Window System x11 6012/udp X Window System x11 6013/udp X Window System x11 6014/udp X Window System x11 6015/udp X Window System x11 6016/udp X Window System x11 6017/udp X Window System x11 6018/udp X Window System x11 6019/udp X Window System x11 6020/udp X Window System x11 6021/udp X Window System x11 6022/udp X Window System x11 6023/udp X Window System x11 6024/udp X Window System x11 6025/udp X Window System x11 6026/udp X Window System x11 6027/udp X Window System x11 6028/udp X Window System x11 6029/udp X Window System x11 6030/udp X Window System x11 6031/udp X Window System x11 6032/udp X Window System x11 6033/udp X Window System x11 6034/udp X Window System x11 6035/udp X Window System x11 6036/udp X Window System x11 6037/udp X Window System x11 6038/udp X Window System x11 6039/udp X Window System x11 6040/udp X Window System x11 6041/udp X Window System x11 6042/udp X Window System x11 6043/udp X Window System x11 6044/udp X Window System x11 6045/udp X Window System x11 6046/udp X Window System x11 6047/udp X Window System x11 6048/udp X Window System x11 6049/udp X Window System x11 6050/udp X Window System x11 6051/udp X Window System x11 6052/udp X Window System x11 6053/udp X Window System x11 6054/udp X Window System x11 6055/udp X Window System x11 6056/udp X Window System x11 6057/udp X Window System x11 6058/udp X Window System x11 6059/udp X Window System x11 6060/udp X Window System x11 6061/udp X Window System x11 6062/udp X Window System x11 6063/udp X Window System x11 6000/tcp X Window System x11 6001/tcp X Window System x11 6002/tcp X Window System x11 6003/tcp X Window System x11 6004/tcp X Window System x11 6005/tcp X Window System x11 6006/tcp X Window System x11 6007/tcp X Window System x11 6008/tcp X Window System x11 6009/tcp X Window System x11 6010/tcp X Window System x11 6011/tcp X Window System x11 6012/tcp X Window System x11 6013/tcp X Window System x11 6014/tcp X Window System x11 6015/tcp X Window System x11 6016/tcp X Window System x11 6017/tcp X Window System x11 6018/tcp X Window System x11 6019/tcp X Window System x11 6020/tcp X Window System x11 6021/tcp X Window System x11 6022/tcp X Window System x11 6023/tcp X Window System x11 6024/tcp X Window System x11 6025/tcp X Window System x11 6026/tcp X Window System x11 6027/tcp X Window System x11 6028/tcp X Window System x11 6029/tcp X Window System x11 6030/tcp X Window System x11 6031/tcp X Window System x11 6032/tcp X Window System x11 6033/tcp X Window System x11 6034/tcp X Window System x11 6035/tcp X Window System x11 6036/tcp X Window System x11 6037/tcp X Window System x11 6038/tcp X Window System x11 6039/tcp X Window System x11 6040/tcp X Window System x11 6041/tcp X Window System x11 6042/tcp X Window System x11 6043/tcp X Window System x11 6044/tcp X Window System x11 6045/tcp X Window System x11 6046/tcp X Window System x11 6047/tcp X Window System x11 6048/tcp X Window System x11 6049/tcp X Window System x11 6050/tcp X Window System x11 6051/tcp X Window System x11 6052/tcp X Window System x11 6053/tcp X Window System x11 6054/tcp X Window System x11 6055/tcp X Window System x11 6056/tcp X Window System x11 6057/tcp X Window System x11 6058/tcp X Window System x11 6059/tcp X Window System x11 6060/tcp X Window System x11 6061/tcp X Window System x11 6062/tcp X Window System x11 6063/tcp X Window System # Oliver Kollenberg brick-rcapi 6000/tcp http://www.securiteam.com/securitynews/BinTec_rout # Chris Green arcserve-nt 6050/tcp http://www.securiteam.com/windowsntfocus/2IUQBRFQA ndl-ahp-svc 6064/udp NDL-AHP-SVC ndl-ahp-svc 6064/tcp NDL-AHP-SVC winpharaoh 6065/tcp WinPharaoh winpharaoh 6065/udp WinPharaoh ewctsp 6066/tcp EWCTSP ewctsp 6066/udp EWCTSP srb 6067/udp SRB srb 6067/tcp SRB gsmp 6068/tcp GSMP gsmp 6068/udp GSMP trip 6069/tcp TRIP trip 6069/udp TRIP messageasap 6070/udp Messageasap messageasap 6070/tcp Messageasap ssdtp 6071/udp SSDTP ssdtp 6071/tcp SSDTP diagnose-proc 6072/udp DIAGNOSE-PROC diagnose-proc 6072/tcp DIAGNOSE-PROC directplay8 6073/udp DirectPlay8 directplay8 6073/tcp DirectPlay8 synchronet-db 6100/udp SynchroNet-db synchronet-db 6100/tcp SynchroNet-db synchronet-rtc 6101/tcp SynchroNet-rtc synchronet-rtc 6101/udp SynchroNet-rtc synchronet-upd 6102/udp SynchroNet-upd synchronet-upd 6102/tcp SynchroNet-upd rets 6103/tcp RETS rets 6103/udp RETS dbdb 6104/udp DBDB dbdb 6104/tcp DBDB primaserver 6105/udp Prima Server primaserver 6105/tcp Prima Server mpsserver 6106/tcp MPS Server mpsserver 6106/udp MPS Server etc-control 6107/udp ETC Control etc-control 6107/tcp ETC Control sercomm-scadmin 6108/udp Sercomm-SCAdmin sercomm-scadmin 6108/tcp Sercomm-SCAdmin globecast-id 6109/tcp GLOBECAST-ID globecast-id 6109/udp GLOBECAST-ID softcm 6110/tcp HP SoftBench CM softcm 6110/udp HP SoftBench CM spc 6111/udp HP SoftBench Sub-Process Control spc 6111/tcp HP SoftBench Sub-Process Control dtspcd 6112/tcp dtspcd dtspcd 6112/udp dtspcd # Derek Petersen starcraft 6112/udp http://www.blizzard.com/starcraft/ # William diablo 6112/tcp backup-express 6123/tcp Backup Express backup-express 6123/udp Backup Express meta-corp 6141/udp Meta Corporation License Manager meta-corp 6141/tcp Meta Corporation License Manager aspentec-lm 6142/udp Aspen Technology License Manager aspentec-lm 6142/tcp Aspen Technology License Manager watershed-lm 6143/udp Watershed License Manager watershed-lm 6143/tcp Watershed License Manager statsci1-lm 6144/udp StatSci License Manager - 1 statsci1-lm 6144/tcp StatSci License Manager - 1 statsci2-lm 6145/udp StatSci License Manager - 2 statsci2-lm 6145/tcp StatSci License Manager - 2 lonewolf-lm 6146/tcp Lone Wolf Systems License Manager lonewolf-lm 6146/udp Lone Wolf Systems License Manager montage-lm 6147/tcp Montage License Manager montage-lm 6147/udp Montage License Manager ricardo-lm 6148/tcp Ricardo North America License Manager ricardo-lm 6148/udp Ricardo North America License Manager tal-pod 6149/udp tal-pod tal-pod 6149/tcp tal-pod crip 6253/tcp CRIP crip 6253/udp CRIP bmc-grx 6300/udp BMC GRX bmc-grx 6300/tcp BMC GRX emp-server1 6321/udp Empress Software Connectivity Server 1 emp-server1 6321/tcp Empress Software Connectivity Server 1 emp-server2 6322/udp Empress Software Connectivity Server 2 emp-server2 6322/tcp Empress Software Connectivity Server 2 gnutella-svc 6346/udp gnutella-svc gnutella-svc 6346/tcp gnutella-svc # Andrew Daviel xolox 6346/tcp http://www.xolox.nl xolox 6347/tcp http://www.xolox.nl gnutella-rtr 6347/udp gnutella-rtr gnutella-rtr 6347/tcp gnutella-rtr # Scott A. McIntyre sco-calserver 6373/tcp metatude-mds 6382/udp Metatude Dialogue Server metatude-mds 6382/tcp Metatude Dialogue Server clariion-evr01 6389/udp clariion-evr01 clariion-evr01 6389/tcp clariion-evr01 # Scott A. McIntyre thething 6400/tcp skip-cert-recv 6455/tcp SKIP Certificate Receive skip-cert-send 6456/tcp SKIP Certificate Send lvision-lm 6471/tcp LVision License Manager lvision-lm 6471/udp LVision License Manager boks 6500/udp BoKS Master boks 6500/tcp BoKS Master # Gary Gaskell reuters 6500/tcp boks_servc 6501/udp BoKS Servc boks_servc 6501/tcp BoKS Servc boks_servm 6502/tcp BoKS Servm boks_servm 6502/udp BoKS Servm boks_clntd 6503/tcp BoKS Clntd boks_clntd 6503/udp BoKS Clntd badm_priv 6505/udp BoKS Admin Private Port badm_priv 6505/tcp BoKS Admin Private Port badm_pub 6506/tcp BoKS Admin Public Port badm_pub 6506/udp BoKS Admin Public Port bdir_priv 6507/tcp BoKS Dir Server, Private Port bdir_priv 6507/udp BoKS Dir Server, Private Port bdir_pub 6508/udp BoKS Dir Server, Public Port bdir_pub 6508/tcp BoKS Dir Server, Public Port mgcs-mfp-port 6509/udp MGCS-MFP Port mgcs-mfp-port 6509/tcp MGCS-MFP Port mcer-port 6510/tcp MCER Port mcer-port 6510/udp MCER Port apc-tcp-udp-1 6547/tcp apc-tcp-udp-1 apc-tcp-udp-1 6547/udp apc-tcp-udp-1 apc-tcp-udp-2 6548/udp apc-tcp-udp-2 apc-tcp-udp-2 6548/tcp apc-tcp-udp-2 apc-tcp-udp-3 6549/udp apc-tcp-udp-3 apc-tcp-udp-3 6549/tcp apc-tcp-udp-3 fg-sysupdate 6550/tcp fg-sysupdate fg-sysupdate 6550/udp fg-sysupdate xdsxdm 6558/tcp xdsxdm 6558/udp parsec-master 6580/tcp Parsec Masterserver parsec-master 6580/udp Parsec Masterserver parsec-peer 6581/tcp Parsec Peer-to-Peer parsec-peer 6581/udp Parsec Peer-to-Peer parsec-game 6582/udp Parsec Gameserver parsec-game 6582/tcp Parsec Gameserver ircu 6665/udp IRCU ircu 6666/udp IRCU ircu 6667/udp IRCU ircu 6668/udp IRCU ircu 6669/udp IRCU ircu 6665/tcp IRCU ircu 6666/tcp IRCU ircu 6667/tcp IRCU ircu 6668/tcp IRCU ircu 6669/tcp IRCU # Ramji Venkateswaran irc 6666/tcp http://www.irc.org # Rick Payne napster 6666/tcp http://opennap.sourceforge.net/napster.txt # Scott A. McIntyre vampire 6669/tcp vocaltec-gold 6670/udp Vocaltec Global Online Directory vocaltec-gold 6670/tcp Vocaltec Global Online Directory # Scott A. McIntyre deep-throat 6670/udp # Scott A. McIntyre deep-throat 6670/tcp vision_server 6672/tcp vision_server vision_server 6672/udp vision_server vision_elmd 6673/udp vision_elmd vision_elmd 6673/tcp vision_elmd # Kimberley Hamilton napster 6688/udp # Derek Petersen napster 6699/tcp http://www.napster.com # Pi carracho-server 6700/tcp www.carracho.com # Pi carracho-server 6700/tcp www.carracho.com kti-icad-srvr 6701/tcp KTI/ICAD Nameserver kti-icad-srvr 6701/udp KTI/ICAD Nameserver # Pi carracho-tracker 6701/udp www.carracho.com # Scott A. McIntyre ibprotocol 6714/tcp Internet Backplane Protocol ibprotocol 6714/udp Internet Backplane Protocol bmc-perf-agent 6767/udp BMC PERFORM AGENT bmc-perf-agent 6767/tcp BMC PERFORM AGENT bmc-perf-mgrd 6768/udp BMC PERFORM MGRD bmc-perf-mgrd 6768/tcp BMC PERFORM MGRD # Scott A. McIntyre subseven 6776/tcp hnmp 6790/tcp HNMP hnmp 6790/udp HNMP ambit-lm 6831/udp ambit-lm ambit-lm 6831/tcp ambit-lm netmo-default 6841/udp Netmo Default netmo-default 6841/tcp Netmo Default netmo-http 6842/tcp Netmo HTTP netmo-http 6842/udp Netmo HTTP iccrushmore 6850/udp ICCRUSHMORE iccrushmore 6850/tcp ICCRUSHMORE # Scott A. McIntyre deltasource 6883/tcp muse 6888/udp MUSE muse 6888/tcp MUSE # Derek Petersen msn-messenger-voice-chat 6901/tcp http://messenger.msn.com # Scott A. McIntyre indoctrination 6939/tcp jmact3 6961/tcp JMACT3 jmact3 6961/udp JMACT3 jmevt2 6962/tcp jmevt2 jmevt2 6962/udp jmevt2 swismgr1 6963/udp swismgr1 swismgr1 6963/tcp swismgr1 swismgr2 6964/udp swismgr2 swismgr2 6964/tcp swismgr2 swistrap 6965/tcp swistrap swistrap 6965/udp swistrap swispol 6966/udp swispol swispol 6966/tcp swispol acmsoda 6969/tcp acmsoda acmsoda 6969/udp acmsoda # Scott A. McIntyre gatecrasher 6969/tcp # Darren Honeyball rsfnet 6969/tcp http://www.high-availability.com/ # Darren Honeyball rsfreq 6970/tcp http://www.high-availability.com/ iatp-highpri 6998/tcp IATP-highPri iatp-highpri 6998/udp IATP-highPri iatp-normalpri 6999/udp IATP-normalPri iatp-normalpri 6999/tcp IATP-normalPri afs3-fileserver 7000/udp file server itself afs3-fileserver 7000/tcp file server itself # Scott A. McIntyre remote-grab 7000/udp # Oliver Kollenberg bricktrace-daemon 7000/tcp http://www.securiteam.com/securitynews/BinTec_rout # Derek Petersen everquest 7000/tcp http://www.everquest.com/ everquest 7001/tcp http://www.everquest.com/ everquest 7002/tcp http://www.everquest.com/ everquest 7003/tcp http://www.everquest.com/ afs3-callback 7001/udp callbacks to cache managers afs3-callback 7001/tcp callbacks to cache managers afs3-prserver 7002/udp users & groups database afs3-prserver 7002/tcp users & groups database afs3-vlserver 7003/udp volume location database afs3-vlserver 7003/tcp volume location database afs3-kaserver 7004/udp AFS/Kerberos authentication service afs3-kaserver 7004/tcp AFS/Kerberos authentication service afs3-volser 7005/udp volume managment server afs3-volser 7005/tcp volume managment server afs3-errors 7006/udp error interpretation service afs3-errors 7006/tcp error interpretation service afs3-bos 7007/udp basic overseer process afs3-bos 7007/tcp basic overseer process afs3-update 7008/tcp server-to-server updater afs3-update 7008/udp server-to-server updater afs3-rmtsys 7009/tcp remote cache manager service afs3-rmtsys 7009/udp remote cache manager service ups-onlinet 7010/tcp onlinet uninterruptable power supplies ups-onlinet 7010/udp onlinet uninterruptable power supplies talon-disc 7011/udp Talon Discovery Port talon-disc 7011/tcp Talon Discovery Port talon-engine 7012/tcp Talon Engine talon-engine 7012/udp Talon Engine microtalon-dis 7013/udp Microtalon Discovery microtalon-dis 7013/tcp Microtalon Discovery microtalon-com 7014/tcp Microtalon Communications microtalon-com 7014/udp Microtalon Communications talon-webserver 7015/udp Talon Webserver talon-webserver 7015/tcp Talon Webserver dpserve 7020/udp DP Serve dpserve 7020/tcp DP Serve dpserveadmin 7021/tcp DP Serve Admin dpserveadmin 7021/udp DP Serve Admin op-probe 7030/tcp ObjectPlanet probe op-probe 7030/udp ObjectPlanet probe arcp 7070/tcp ARCP arcp 7070/udp ARCP # Scott A. McIntyre real-audio 7070/tcp lazy-ptop 7099/udp lazy-ptop lazy-ptop 7099/tcp lazy-ptop font-service 7100/tcp X Font Service font-service 7100/udp X Font Service virprot-lm 7121/udp Virtual Prototypes License Manager virprot-lm 7121/tcp Virtual Prototypes License Manager # Scott A. McIntyre cisco 7161/tcp http://www.cisco.com # Rick Payne realaudio 7170/tcp http://www.real.net clutild 7174/udp Clutild clutild 7174/tcp Clutild fodms 7200/tcp FODMS FLIP fodms 7200/udp FODMS FLIP dlip 7201/udp DLIP dlip 7201/tcp DLIP itactionserver1 7280/udp ITACTIONSERVER 1 itactionserver1 7280/tcp ITACTIONSERVER 1 itactionserver2 7281/udp ITACTIONSERVER 2 itactionserver2 7281/tcp ITACTIONSERVER 2 # Scott A. McIntyre net-monitor 7300/udp net-monitor 7301/udp net-monitor 7302/udp net-monitor 7303/udp net-monitor 7304/udp net-monitor 7305/udp net-monitor 7306/udp net-monitor 7307/udp net-monitor 7308/udp # Scott A. McIntyre net-monitor 7300/tcp mindfilesys 7391/udp mind-file system server mindfilesys 7391/tcp mind-file system server mrssrendezvous 7392/tcp mrss-rendezvous server mrssrendezvous 7392/udp mrss-rendezvous server winqedit 7395/udp winqedit winqedit 7395/tcp winqedit pmdmgr 7426/udp OpenView DM Postmaster Manager pmdmgr 7426/tcp OpenView DM Postmaster Manager oveadmgr 7427/tcp OpenView DM Event Agent Manager oveadmgr 7427/udp OpenView DM Event Agent Manager ovladmgr 7428/udp OpenView DM Log Agent Manager ovladmgr 7428/tcp OpenView DM Log Agent Manager opi-sock 7429/udp OpenView DM rqt communication opi-sock 7429/tcp OpenView DM rqt communication xmpv7 7430/tcp OpenView DM xmpv7 api pipe xmpv7 7430/udp OpenView DM xmpv7 api pipe pmd 7431/udp OpenView DM ovc/xmpv3 api pipe pmd 7431/tcp OpenView DM ovc/xmpv3 api pipe faximum 7437/udp Faximum faximum 7437/tcp Faximum telops-lmd 7491/tcp telops-lmd telops-lmd 7491/udp telops-lmd ovbus 7501/udp HP OpenView Bus Daemon ovbus 7501/tcp HP OpenView Bus Daemon ovhpas 7510/udp HP OpenView Application Server ovhpas 7510/tcp HP OpenView Application Server pafec-lm 7511/udp pafec-lm pafec-lm 7511/tcp pafec-lm nta-ds 7544/udp FlowAnalyzer DisplayServer nta-ds 7544/tcp FlowAnalyzer DisplayServer nta-us 7545/tcp FlowAnalyzer UtilityServer nta-us 7545/udp FlowAnalyzer UtilityServer vsi-omega 7566/tcp VSI Omega vsi-omega 7566/udp VSI Omega aries-kfinder 7570/udp Aries Kfinder aries-kfinder 7570/tcp Aries Kfinder # Siraj 'Sid' Rakhada netcool-elmd 7575/tcp http://www.micromuse.com sun-lm 7588/tcp Sun License Manager sun-lm 7588/udp Sun License Manager # Troy Billington qaz.xx-trojan-communications 7597/tcp http://www.doshelp.com/trojanports.htm # Troy Billington qaz.xx-trojan-communications 7597/tcp http://www.doshelp.com/trojanports.htm indi 7624/tcp Instrument Neutral Distributed Interface indi 7624/udp Instrument Neutral Distributed Interface # Scott Craig glacier 7626/tcp http://www.ciac.org/ciac/bulletins/l-077.shtml # Scott Craig glacier 7626/tcp http://www.ciac.org/ciac/bulletins/l-077.shtml pmdfmgt 7633/udp PMDF Management pmdfmgt 7633/tcp PMDF Management imqtunnels 7674/udp iMQ SSL tunnel imqtunnels 7674/tcp iMQ SSL tunnel imqtunnel 7675/tcp iMQ Tunnel imqtunnel 7675/udp iMQ Tunnel imqbrokerd 7676/tcp iMQ Broker Rendezvous imqbrokerd 7676/udp iMQ Broker Rendezvous sstp-1 7743/udp Sakura Script Transfer Protocol sstp-1 7743/tcp Sakura Script Transfer Protocol # Derek Petersen ultima-online-login 7775/tcp http://www.uo.com/visitor/ ultima-online-login 7776/tcp http://www.uo.com/visitor/ ultima-online-login 7777/tcp http://www.uo.com/visitor/ cbt 7777/tcp cbt cbt 7777/udp cbt # Rick Payne napster 7777/tcp http://opennap.sourceforge.net/napster.txt # Dave Woods unreal-tournament 7777/udp www.unrealtournament.com interwise 7778/udp Interwise interwise 7778/tcp Interwise vstat 7779/udp VSTAT vstat 7779/tcp VSTAT accu-lmgr 7781/tcp accu-lmgr accu-lmgr 7781/udp accu-lmgr minivend 7786/udp MINIVEND minivend 7786/tcp MINIVEND # Scott A. McIntyre ickiller 7789/udp pnet-conn 7797/udp Propel Connector port pnet-conn 7797/tcp Propel Connector port pnet-enc 7798/tcp Propel Encoder port pnet-enc 7798/udp Propel Encoder port # Gary Gaskell beacon 7800/tcp # Gary Gaskell beacon-bops 7801/tcp apc-snmptrap 7845/udp APC SNMP Trap Proxy apc-snmptrap 7845/tcp APC SNMP Trap Proxy apc-snmp 7846/udp APC SNMP Proxy apc-snmp 7846/tcp APC SNMP Proxy # Derek Petersen uomonitor 7875/tcp http://www.uo.com/visitor/ # John Ekins dopewars 7902/tcp http://bellatrix.pcl.ox.ac.uk/~ben/dopewars/ qo-secure 7913/tcp QuickObjects secure port qo-secure 7913/udp QuickObjects secure port t2-drm 7932/udp Tier 2 Data Resource Manager t2-drm 7932/tcp Tier 2 Data Resource Manager t2-brm 7933/udp Tier 2 Business Rules Manager t2-brm 7933/tcp Tier 2 Business Rules Manager supercell 7967/tcp Supercell supercell 7967/udp Supercell micromuse-ncps 7979/udp Micromuse-ncps micromuse-ncps 7979/tcp Micromuse-ncps quest-vista 7980/udp Quest Vista quest-vista 7980/tcp Quest Vista irdmi2 7999/udp iRDMI2 irdmi2 7999/tcp iRDMI2 irdmi 8000/udp iRDMI irdmi 8000/tcp iRDMI # Derek Petersen shoutcast 8000/tcp http://www.SHOUTcast.com shoutcast 8001/tcp http://www.SHOUTcast.com shoutcast 8002/tcp http://www.SHOUTcast.com shoutcast 8003/tcp http://www.SHOUTcast.com shoutcast 8004/tcp http://www.SHOUTcast.com shoutcast 8005/tcp http://www.SHOUTcast.com vcom-tunnel 8001/udp VCOM Tunnel vcom-tunnel 8001/tcp VCOM Tunnel teradataordbms 8002/tcp Teradata ORDBMS teradataordbms 8002/udp Teradata ORDBMS # Ray Pesek norton-av-for-gateways-web-interface 8003/tcp # Killingtime jre 8007/tcp localhost:8007 # Killingtime jre 8007/tcp localhost:8007 http-alt 8008/tcp HTTP Alternate http-alt 8008/udp HTTP Alternate oa-system 8022/tcp oa-system oa-system 8022/udp oa-system pro-ed 8032/udp ProEd pro-ed 8032/tcp ProEd mindprint 8033/udp MindPrint mindprint 8033/tcp MindPrint http-alt 8080/udp HTTP Alternate (see port 80) http-alt 8080/tcp HTTP Alternate (see port 80) # Rick Payne webcache 8080/tcp # Scott A. McIntyre wingate-alt 8080/udp http://wingate.deerfield.com # Scott A. McIntyre wingate-alt 8080/tcp http://wingate.deerfield.com # Rick Payne wwwoffle 8081/tcp http://www.gedanken.demon.co.uk/wwwoffle radan-http 8088/udp Radan HTTP radan-http 8088/tcp Radan HTTP # Darlene Hall apache-administration-server 8089/tcp http://alpha2.ubi.pt/documents/admin/SSDMSTRN.HTM xprint-server 8100/udp Xprint Server xprint-server 8100/tcp Xprint Server mtl8000-matrix 8115/tcp MTL8000 Matrix mtl8000-matrix 8115/udp MTL8000 Matrix cp-cluster 8116/udp Check Point Clustering cp-cluster 8116/tcp Check Point Clustering indigo-vrmi 8130/tcp INDIGO-VRMI indigo-vrmi 8130/udp INDIGO-VRMI indigo-vbcp 8131/udp INDIGO-VBCP indigo-vbcp 8131/tcp INDIGO-VBCP dbabble 8132/tcp dbabble dbabble 8132/udp dbabble patrol 8160/tcp Patrol patrol 8160/udp Patrol patrol-snmp 8161/udp Patrol SNMP patrol-snmp 8161/tcp Patrol SNMP # gthorski homepage 8181/tcp http://65.82.161.114 homepage 8182/tcp http://65.82.161.114 homepage 8183/tcp http://65.82.161.114 homepage 8184/tcp http://65.82.161.114 homepage 8185/tcp http://65.82.161.114 homepage 8186/tcp http://65.82.161.114 homepage 8187/tcp http://65.82.161.114 homepage 8188/tcp http://65.82.161.114 homepage 8189/tcp http://65.82.161.114 homepage 8190/tcp http://65.82.161.114 homepage 8191/tcp http://65.82.161.114 homepage 8192/tcp http://65.82.161.114 homepage 8193/tcp http://65.82.161.114 homepage 8194/tcp http://65.82.161.114 homepage 8195/tcp http://65.82.161.114 homepage 8196/tcp http://65.82.161.114 homepage 8197/tcp http://65.82.161.114 homepage 8198/tcp http://65.82.161.114 homepage 8199/tcp http://65.82.161.114 homepage 8200/tcp http://65.82.161.114 homepage 8201/tcp http://65.82.161.114 homepage 8202/tcp http://65.82.161.114 homepage 8203/tcp http://65.82.161.114 homepage 8204/tcp http://65.82.161.114 homepage 8205/tcp http://65.82.161.114 homepage 8206/tcp http://65.82.161.114 homepage 8207/tcp http://65.82.161.114 homepage 8208/tcp http://65.82.161.114 homepage 8209/tcp http://65.82.161.114 homepage 8210/tcp http://65.82.161.114 homepage 8211/tcp http://65.82.161.114 homepage 8212/tcp http://65.82.161.114 homepage 8213/tcp http://65.82.161.114 homepage 8214/tcp http://65.82.161.114 homepage 8215/tcp http://65.82.161.114 homepage 8216/tcp http://65.82.161.114 homepage 8217/tcp http://65.82.161.114 homepage 8218/tcp http://65.82.161.114 homepage 8219/tcp http://65.82.161.114 homepage 8220/tcp http://65.82.161.114 homepage 8221/tcp http://65.82.161.114 homepage 8222/tcp http://65.82.161.114 homepage 8223/tcp http://65.82.161.114 homepage 8224/tcp http://65.82.161.114 homepage 8225/tcp http://65.82.161.114 homepage 8226/tcp http://65.82.161.114 homepage 8227/tcp http://65.82.161.114 homepage 8228/tcp http://65.82.161.114 homepage 8229/tcp http://65.82.161.114 homepage 8230/tcp http://65.82.161.114 homepage 8231/tcp http://65.82.161.114 homepage 8232/tcp http://65.82.161.114 homepage 8233/tcp http://65.82.161.114 homepage 8234/tcp http://65.82.161.114 homepage 8235/tcp http://65.82.161.114 homepage 8236/tcp http://65.82.161.114 homepage 8237/tcp http://65.82.161.114 homepage 8238/tcp http://65.82.161.114 homepage 8239/tcp http://65.82.161.114 homepage 8240/tcp http://65.82.161.114 homepage 8241/tcp http://65.82.161.114 homepage 8242/tcp http://65.82.161.114 homepage 8243/tcp http://65.82.161.114 homepage 8244/tcp http://65.82.161.114 homepage 8245/tcp http://65.82.161.114 homepage 8246/tcp http://65.82.161.114 homepage 8247/tcp http://65.82.161.114 homepage 8248/tcp http://65.82.161.114 homepage 8249/tcp http://65.82.161.114 homepage 8250/tcp http://65.82.161.114 homepage 8251/tcp http://65.82.161.114 homepage 8252/tcp http://65.82.161.114 homepage 8253/tcp http://65.82.161.114 homepage 8254/tcp http://65.82.161.114 homepage 8255/tcp http://65.82.161.114 homepage 8256/tcp http://65.82.161.114 homepage 8257/tcp http://65.82.161.114 homepage 8258/tcp http://65.82.161.114 homepage 8259/tcp http://65.82.161.114 homepage 8260/tcp http://65.82.161.114 homepage 8261/tcp http://65.82.161.114 homepage 8262/tcp http://65.82.161.114 homepage 8263/tcp http://65.82.161.114 homepage 8264/tcp http://65.82.161.114 homepage 8265/tcp http://65.82.161.114 homepage 8266/tcp http://65.82.161.114 homepage 8267/tcp http://65.82.161.114 homepage 8268/tcp http://65.82.161.114 homepage 8269/tcp http://65.82.161.114 homepage 8270/tcp http://65.82.161.114 homepage 8271/tcp http://65.82.161.114 homepage 8272/tcp http://65.82.161.114 homepage 8273/tcp http://65.82.161.114 homepage 8274/tcp http://65.82.161.114 homepage 8275/tcp http://65.82.161.114 homepage 8276/tcp http://65.82.161.114 homepage 8277/tcp http://65.82.161.114 homepage 8278/tcp http://65.82.161.114 homepage 8279/tcp http://65.82.161.114 homepage 8280/tcp http://65.82.161.114 # Gary Gaskell bloomberg 8194/tcp # Gary Gaskell bloomberg 8195/tcp bloomberg 8196/tcp bloomberg 8197/tcp bloomberg 8198/tcp bloomberg 8199/tcp bloomberg 8200/tcp bloomberg 8201/tcp bloomberg 8202/tcp bloomberg 8203/tcp bloomberg 8204/tcp bloomberg 8205/tcp bloomberg 8206/tcp bloomberg 8207/tcp bloomberg 8208/tcp bloomberg 8209/tcp bloomberg 8210/tcp bloomberg 8211/tcp bloomberg 8212/tcp bloomberg 8213/tcp bloomberg 8214/tcp bloomberg 8215/tcp bloomberg 8216/tcp bloomberg 8217/tcp bloomberg 8218/tcp bloomberg 8219/tcp bloomberg 8220/tcp bloomberg 8221/tcp bloomberg 8222/tcp bloomberg 8223/tcp bloomberg 8224/tcp bloomberg 8225/tcp bloomberg 8226/tcp bloomberg 8227/tcp bloomberg 8228/tcp bloomberg 8229/tcp bloomberg 8230/tcp bloomberg 8231/tcp bloomberg 8232/tcp bloomberg 8233/tcp bloomberg 8234/tcp bloomberg 8235/tcp bloomberg 8236/tcp bloomberg 8237/tcp bloomberg 8238/tcp bloomberg 8239/tcp bloomberg 8240/tcp bloomberg 8241/tcp bloomberg 8242/tcp bloomberg 8243/tcp bloomberg 8244/tcp bloomberg 8245/tcp bloomberg 8246/tcp bloomberg 8247/tcp bloomberg 8248/tcp bloomberg 8249/tcp bloomberg 8250/tcp bloomberg 8251/tcp bloomberg 8252/tcp bloomberg 8253/tcp bloomberg 8254/tcp bloomberg 8255/tcp bloomberg 8256/tcp bloomberg 8257/tcp bloomberg 8258/tcp bloomberg 8259/tcp bloomberg 8260/tcp bloomberg 8261/tcp bloomberg 8262/tcp bloomberg 8263/tcp bloomberg 8264/tcp bloomberg 8265/tcp bloomberg 8266/tcp bloomberg 8267/tcp bloomberg 8268/tcp bloomberg 8269/tcp bloomberg 8270/tcp bloomberg 8271/tcp bloomberg 8272/tcp bloomberg 8273/tcp bloomberg 8274/tcp bloomberg 8275/tcp bloomberg 8276/tcp bloomberg 8277/tcp bloomberg 8278/tcp bloomberg 8279/tcp bloomberg 8280/tcp bloomberg 8281/tcp bloomberg 8282/tcp bloomberg 8283/tcp bloomberg 8284/tcp bloomberg 8285/tcp bloomberg 8286/tcp bloomberg 8287/tcp bloomberg 8288/tcp bloomberg 8289/tcp bloomberg 8290/tcp bloomberg 8291/tcp bloomberg 8292/tcp bloomberg 8293/tcp bloomberg 8294/tcp vvr-data 8199/udp VVR DATA vvr-data 8199/tcp VVR DATA trivnet1 8200/tcp TRIVNET trivnet1 8200/udp TRIVNET trivnet2 8201/udp TRIVNET trivnet2 8201/tcp TRIVNET lm-perfworks 8204/tcp LM Perfworks lm-perfworks 8204/udp LM Perfworks lm-instmgr 8205/tcp LM Instmgr lm-instmgr 8205/udp LM Instmgr lm-dta 8206/udp LM Dta lm-dta 8206/tcp LM Dta lm-sserver 8207/udp LM SServer lm-sserver 8207/tcp LM SServer lm-webwatcher 8208/tcp LM Webwatcher lm-webwatcher 8208/udp LM Webwatcher # Joel Sderberg scour-exchange 8311/tcp http://www.scour.com/ server-find 8351/udp Server Find server-find 8351/tcp Server Find cruise-enum 8376/udp Cruise ENUM cruise-enum 8376/tcp Cruise ENUM cruise-swroute 8377/tcp Cruise SWROUTE cruise-swroute 8377/udp Cruise SWROUTE cruise-config 8378/tcp Cruise CONFIG cruise-config 8378/udp Cruise CONFIG cruise-diags 8379/tcp Cruise DIAGS cruise-diags 8379/udp Cruise DIAGS cruise-update 8380/udp Cruise UPDATE cruise-update 8380/tcp Cruise UPDATE cvd 8400/tcp cvd cvd 8400/udp cvd sabarsd 8401/udp sabarsd sabarsd 8401/tcp sabarsd abarsd 8402/tcp abarsd abarsd 8402/udp abarsd admind 8403/udp admind admind 8403/tcp admind pcsync-https 8443/udp PCsync HTTPS pcsync-https 8443/tcp PCsync HTTPS pcsync-http 8444/tcp PCsync HTTP pcsync-http 8444/udp PCsync HTTP npmp 8450/udp npmp npmp 8450/tcp npmp vp2p 8473/tcp Virtual Point to Point vp2p 8473/udp Virtual Point to Point rtsp-alt 8554/tcp RTSP Alternate (see port 554) rtsp-alt 8554/udp RTSP Alternate (see port 554) ibus 8733/udp iBus ibus 8733/tcp iBus mc-appserver 8763/udp MC-APPSERVER mc-appserver 8763/tcp MC-APPSERVER openqueue 8764/tcp OPENQUEUE openqueue 8764/udp OPENQUEUE ultraseek-http 8765/tcp Ultraseek HTTP ultraseek-http 8765/udp Ultraseek HTTP # Derek Petersen ultima-online-messenger 8800/tcp http://www.uo.com/visitor/ ultima-online-messenger 8801/tcp http://www.uo.com/visitor/ ultima-online-messenger 8802/tcp http://www.uo.com/visitor/ ultima-online-messenger 8803/tcp http://www.uo.com/visitor/ ultima-online-messenger 8804/tcp http://www.uo.com/visitor/ ultima-online-messenger 8805/tcp http://www.uo.com/visitor/ ultima-online-messenger 8806/tcp http://www.uo.com/visitor/ ultima-online-messenger 8807/tcp http://www.uo.com/visitor/ ultima-online-messenger 8808/tcp http://www.uo.com/visitor/ ultima-online-messenger 8809/tcp http://www.uo.com/visitor/ ultima-online-messenger 8810/tcp http://www.uo.com/visitor/ ultima-online-messenger 8811/tcp http://www.uo.com/visitor/ ultima-online-messenger 8812/tcp http://www.uo.com/visitor/ ultima-online-messenger 8813/tcp http://www.uo.com/visitor/ ultima-online-messenger 8814/tcp http://www.uo.com/visitor/ ultima-online-messenger 8815/tcp http://www.uo.com/visitor/ ultima-online-messenger 8816/tcp http://www.uo.com/visitor/ ultima-online-messenger 8817/tcp http://www.uo.com/visitor/ ultima-online-messenger 8818/tcp http://www.uo.com/visitor/ ultima-online-messenger 8819/tcp http://www.uo.com/visitor/ ultima-online-messenger 8820/tcp http://www.uo.com/visitor/ ultima-online-messenger 8821/tcp http://www.uo.com/visitor/ ultima-online-messenger 8822/tcp http://www.uo.com/visitor/ ultima-online-messenger 8823/tcp http://www.uo.com/visitor/ ultima-online-messenger 8824/tcp http://www.uo.com/visitor/ ultima-online-messenger 8825/tcp http://www.uo.com/visitor/ ultima-online-messenger 8826/tcp http://www.uo.com/visitor/ ultima-online-messenger 8827/tcp http://www.uo.com/visitor/ ultima-online-messenger 8828/tcp http://www.uo.com/visitor/ ultima-online-messenger 8829/tcp http://www.uo.com/visitor/ ultima-online-messenger 8830/tcp http://www.uo.com/visitor/ ultima-online-messenger 8831/tcp http://www.uo.com/visitor/ ultima-online-messenger 8832/tcp http://www.uo.com/visitor/ ultima-online-messenger 8833/tcp http://www.uo.com/visitor/ ultima-online-messenger 8834/tcp http://www.uo.com/visitor/ ultima-online-messenger 8835/tcp http://www.uo.com/visitor/ ultima-online-messenger 8836/tcp http://www.uo.com/visitor/ ultima-online-messenger 8837/tcp http://www.uo.com/visitor/ ultima-online-messenger 8838/tcp http://www.uo.com/visitor/ ultima-online-messenger 8839/tcp http://www.uo.com/visitor/ ultima-online-messenger 8840/tcp http://www.uo.com/visitor/ ultima-online-messenger 8841/tcp http://www.uo.com/visitor/ ultima-online-messenger 8842/tcp http://www.uo.com/visitor/ ultima-online-messenger 8843/tcp http://www.uo.com/visitor/ ultima-online-messenger 8844/tcp http://www.uo.com/visitor/ ultima-online-messenger 8845/tcp http://www.uo.com/visitor/ ultima-online-messenger 8846/tcp http://www.uo.com/visitor/ ultima-online-messenger 8847/tcp http://www.uo.com/visitor/ ultima-online-messenger 8848/tcp http://www.uo.com/visitor/ ultima-online-messenger 8849/tcp http://www.uo.com/visitor/ ultima-online-messenger 8850/tcp http://www.uo.com/visitor/ ultima-online-messenger 8851/tcp http://www.uo.com/visitor/ ultima-online-messenger 8852/tcp http://www.uo.com/visitor/ ultima-online-messenger 8853/tcp http://www.uo.com/visitor/ ultima-online-messenger 8854/tcp http://www.uo.com/visitor/ ultima-online-messenger 8855/tcp http://www.uo.com/visitor/ ultima-online-messenger 8856/tcp http://www.uo.com/visitor/ ultima-online-messenger 8857/tcp http://www.uo.com/visitor/ ultima-online-messenger 8858/tcp http://www.uo.com/visitor/ ultima-online-messenger 8859/tcp http://www.uo.com/visitor/ ultima-online-messenger 8860/tcp http://www.uo.com/visitor/ ultima-online-messenger 8861/tcp http://www.uo.com/visitor/ ultima-online-messenger 8862/tcp http://www.uo.com/visitor/ ultima-online-messenger 8863/tcp http://www.uo.com/visitor/ ultima-online-messenger 8864/tcp http://www.uo.com/visitor/ ultima-online-messenger 8865/tcp http://www.uo.com/visitor/ ultima-online-messenger 8866/tcp http://www.uo.com/visitor/ ultima-online-messenger 8867/tcp http://www.uo.com/visitor/ ultima-online-messenger 8868/tcp http://www.uo.com/visitor/ ultima-online-messenger 8869/tcp http://www.uo.com/visitor/ ultima-online-messenger 8870/tcp http://www.uo.com/visitor/ ultima-online-messenger 8871/tcp http://www.uo.com/visitor/ ultima-online-messenger 8872/tcp http://www.uo.com/visitor/ ultima-online-messenger 8873/tcp http://www.uo.com/visitor/ ultima-online-messenger 8874/tcp http://www.uo.com/visitor/ ultima-online-messenger 8875/tcp http://www.uo.com/visitor/ ultima-online-messenger 8876/tcp http://www.uo.com/visitor/ ultima-online-messenger 8877/tcp http://www.uo.com/visitor/ ultima-online-messenger 8878/tcp http://www.uo.com/visitor/ ultima-online-messenger 8879/tcp http://www.uo.com/visitor/ ultima-online-messenger 8880/tcp http://www.uo.com/visitor/ ultima-online-messenger 8881/tcp http://www.uo.com/visitor/ ultima-online-messenger 8882/tcp http://www.uo.com/visitor/ ultima-online-messenger 8883/tcp http://www.uo.com/visitor/ ultima-online-messenger 8884/tcp http://www.uo.com/visitor/ ultima-online-messenger 8885/tcp http://www.uo.com/visitor/ ultima-online-messenger 8886/tcp http://www.uo.com/visitor/ ultima-online-messenger 8887/tcp http://www.uo.com/visitor/ ultima-online-messenger 8888/tcp http://www.uo.com/visitor/ ultima-online-messenger 8889/tcp http://www.uo.com/visitor/ ultima-online-messenger 8890/tcp http://www.uo.com/visitor/ ultima-online-messenger 8891/tcp http://www.uo.com/visitor/ ultima-online-messenger 8892/tcp http://www.uo.com/visitor/ ultima-online-messenger 8893/tcp http://www.uo.com/visitor/ ultima-online-messenger 8894/tcp http://www.uo.com/visitor/ ultima-online-messenger 8895/tcp http://www.uo.com/visitor/ ultima-online-messenger 8896/tcp http://www.uo.com/visitor/ ultima-online-messenger 8897/tcp http://www.uo.com/visitor/ ultima-online-messenger 8898/tcp http://www.uo.com/visitor/ ultima-online-messenger 8899/tcp http://www.uo.com/visitor/ ultima-online-messenger 8900/tcp http://www.uo.com/visitor/ truecm 8804/tcp truecm truecm 8804/udp truecm # Bob Audlee pppoe 8863/tcp pppoe 8864/tcp # James R Grinter napster-metaserver 8875/tcp http://opennap.sourceforge.net/napster.txt cddbp-alt 8880/tcp CDDBP cddbp-alt 8880/udp CDDBP # Siraj 'Sid' Rakhada openview-http 8880/tcp http://www.openview.hp.com/ ddi-udp-1 8888/udp NewsEDGE server UDP (UDP 1) ddi-tcp-1 8888/tcp NewsEDGE server TCP (TCP 1) # Rick Payne napster 8888/tcp http://opennap.sourceforge.net/napster.txt # Derek Petersen ultima-online-patch 8888/tcp http://www.uo.com/visitor/ # stan unreal-tournament-remote-admin 8888/tcp ddi-tcp-2 8889/tcp Desktop Data TCP 1 ddi-udp-2 8889/udp NewsEDGE server broadcast ddi-udp-3 8890/udp NewsEDGE client broadcast ddi-tcp-3 8890/tcp Desktop Data TCP 2 ddi-tcp-4 8891/tcp Desktop Data TCP 3: NESS application ddi-udp-4 8891/udp Desktop Data UDP 3: NESS application ddi-tcp-5 8892/tcp Desktop Data TCP 4: FARM product ddi-udp-5 8892/udp Desktop Data UDP 4: FARM product ddi-udp-6 8893/udp Desktop Data UDP 5: NewsEDGE/Web application ddi-tcp-6 8893/tcp Desktop Data TCP 5: NewsEDGE/Web application ddi-tcp-7 8894/tcp Desktop Data TCP 6: COAL application ddi-udp-7 8894/udp Desktop Data UDP 6: COAL application jmb-cds1 8900/udp JMB-CDS 1 jmb-cds1 8900/tcp JMB-CDS 1 jmb-cds2 8901/udp JMB-CDS 2 jmb-cds2 8901/tcp JMB-CDS 2 manyone-http 8910/udp manyone-http manyone-http 8910/tcp manyone-http manyone-xml 8911/udp manyone-xml manyone-xml 8911/tcp manyone-xml cumulus-admin 8954/udp Cumulus Admin Port cumulus-admin 8954/tcp Cumulus Admin Port # Franz hostondemand-admin 8989/tcp bctp 8999/tcp Brodos Crypto Trade Protocol bctp 8999/udp Brodos Crypto Trade Protocol # Franz hostondemand 8999/tcp cslistener 9000/tcp CSlistener cslistener 9000/udp CSlistener etlservicemgr 9001/udp ETL Service Manager etlservicemgr 9001/tcp ETL Service Manager dynamid 9002/tcp DynamID authentication dynamid 9002/udp DynamID authentication tambora 9020/tcp TAMBORA tambora 9020/udp TAMBORA panagolin-ident 9021/udp Pangolin Identification panagolin-ident 9021/tcp Pangolin Identification paragent 9022/tcp PrivateArk Remote Agent paragent 9022/udp PrivateArk Remote Agent swa-1 9023/tcp Secure Web Access - 1 swa-1 9023/udp Secure Web Access - 1 swa-2 9024/udp Secure Web Access - 2 swa-2 9024/tcp Secure Web Access - 2 swa-3 9025/tcp Secure Web Access - 3 swa-3 9025/udp Secure Web Access - 3 swa-4 9026/udp Secure Web Access - 4 swa-4 9026/tcp Secure Web Access - 4 websm 9090/tcp WebSM websm 9090/udp WebSM xmltec-xmlmail 9091/udp xmltec-xmlmail xmltec-xmlmail 9091/tcp xmltec-xmlmail hp-pdl-datastr 9100/udp PDL Data Streaming Port hp-pdl-datastr 9100/tcp PDL Data Streaming Port bacula-dir 9101/tcp Bacula Director bacula-dir 9101/udp Bacula Director bacula-fd 9102/udp Bacula File Daemon bacula-fd 9102/tcp Bacula File Daemon bacula-sd 9103/tcp Bacula Storage Daemon bacula-sd 9103/udp Bacula Storage Daemon # BAD-ASS sidewinder-game-voice 9110/tcp netlock1 9160/udp NetLOCK1 netlock1 9160/tcp NetLOCK1 netlock2 9161/tcp NetLOCK2 netlock2 9161/udp NetLOCK2 netlock3 9162/tcp NetLOCK3 netlock3 9162/udp NetLOCK3 netlock4 9163/tcp NetLOCK4 netlock4 9163/udp NetLOCK4 netlock5 9164/tcp NetLOCK5 netlock5 9164/udp NetLOCK5 wap-wsp 9200/udp WAP connectionless session service wap-wsp 9200/tcp WAP connectionless session service wap-wsp-wtp 9201/udp WAP session service wap-wsp-wtp 9201/tcp WAP session service wap-wsp-s 9202/udp WAP secure connectionless session service wap-wsp-s 9202/tcp WAP secure connectionless session service wap-wsp-wtp-s 9203/udp WAP secure session service wap-wsp-wtp-s 9203/tcp WAP secure session service wap-vcard 9204/udp WAP vCard wap-vcard 9204/tcp WAP vCard wap-vcal 9205/tcp WAP vCal wap-vcal 9205/udp WAP vCal wap-vcard-s 9206/udp WAP vCard Secure wap-vcard-s 9206/tcp WAP vCard Secure wap-vcal-s 9207/udp WAP vCal Secure wap-vcal-s 9207/tcp WAP vCal Secure lif-mlp 9210/udp LIF Mobile Locn Protocol lif-mlp 9210/tcp LIF Mobile Locn Protocol lif-mlp-s 9211/udp LIF Mobile Locn Secure lif-mlp-s 9211/tcp LIF Mobile Locn Secure fsc-port 9217/udp FSC Communication Port fsc-port 9217/tcp FSC Communication Port swtp-port1 9281/tcp SofaWare transport port 1 swtp-port1 9281/udp SofaWare transport port 1 swtp-port2 9282/tcp SofaWare transport port 2 swtp-port2 9282/udp SofaWare transport port 2 callwaveiam 9283/udp CallWaveIAM callwaveiam 9283/tcp CallWaveIAM visd 9284/udp VERITAS Information Serve visd 9284/tcp VERITAS Information Serve n2h2server 9285/udp N2H2 Filter Service Port n2h2server 9285/tcp N2H2 Filter Service Port cumulus 9287/udp Cumulus cumulus 9287/tcp Cumulus armtechdaemon 9292/tcp ArmTech Daemon armtechdaemon 9292/udp ArmTech Daemon guibase 9321/tcp guibase guibase 9321/udp guibase mpidcmgr 9343/tcp MpIdcMgr mpidcmgr 9343/udp MpIdcMgr mphlpdmc 9344/udp Mphlpdmc mphlpdmc 9344/tcp Mphlpdmc ctechlicensing 9346/udp C Tech Licensing ctechlicensing 9346/tcp C Tech Licensing fjdmimgr 9374/udp fjdmimgr fjdmimgr 9374/tcp fjdmimgr fjinvmgr 9396/udp fjinvmgr fjinvmgr 9396/tcp fjinvmgr mpidcagt 9397/udp MpIdcAgt mpidcagt 9397/tcp MpIdcAgt # Scott A. McIntyre incommand 9400/tcp ismserver 9500/tcp ismserver ismserver 9500/udp ismserver mngsuite 9535/udp mngsuite 9535/tcp msgsys 9594/tcp Message System msgsys 9594/udp Message System pds 9595/tcp Ping Discovery Service pds 9595/udp Ping Discovery Service micromuse-ncpw 9600/udp MICROMUSE-NCPW micromuse-ncpw 9600/tcp MICROMUSE-NCPW streamcomm-ds 9612/udp StreamComm User Directory streamcomm-ds 9612/tcp StreamComm User Directory # John Ekins rpc.statd-exploit 9704/tcp http://www.cert.org/advisories/CA-2000-17.html l5nas-parchan 9747/udp L5NAS Parallel Channel l5nas-parchan 9747/tcp L5NAS Parallel Channel rasadv 9753/tcp rasadv rasadv 9753/udp rasadv davsrc 9800/tcp WebDav Source Port davsrc 9800/udp WebDav Source Port sstp-2 9801/udp Sakura Script Transfer Protocol-2 sstp-2 9801/tcp Sakura Script Transfer Protocol-2 # Scott A. McIntyre portal-of-doom 9872/tcp sapv1 9875/udp Session Announcement v1 sapv1 9875/tcp Session Announcement v1 sd 9876/udp Session Director sd 9876/tcp Session Director cyborg-systems 9888/udp CYBORG Systems cyborg-systems 9888/tcp CYBORG Systems # Scott A. McIntyre inikiller 9889/tcp monkeycom 9898/udp MonkeyCom monkeycom 9898/tcp MonkeyCom sctp-tunneling 9899/tcp SCTP TUNNELING sctp-tunneling 9899/udp SCTP TUNNELING iua 9900/udp IUA iua 9900/tcp IUA domaintime 9909/udp domaintime domaintime 9909/tcp domaintime apcpcpluswin1 9950/tcp APCPCPLUSWIN1 apcpcpluswin1 9950/udp APCPCPLUSWIN1 apcpcpluswin2 9951/udp APCPCPLUSWIN2 apcpcpluswin2 9951/tcp APCPCPLUSWIN2 apcpcpluswin3 9952/tcp APCPCPLUSWIN3 apcpcpluswin3 9952/udp APCPCPLUSWIN3 # Scott Craig sysscanner-agent 9991/tcp www.iss.net palace-1 9992/tcp OnLive-1 palace-1 9992/udp OnLive-1 # Scott Craig sysscanner-console 9992/tcp www.iss.net palace-2 9993/udp OnLive-2 palace-2 9993/tcp OnLive-2 palace-3 9994/tcp OnLive-3 palace-3 9994/udp OnLive-3 palace-4 9995/udp Palace-4 palace-4 9995/tcp Palace-4 palace-5 9996/tcp Palace-5 palace-5 9996/udp Palace-5 palace-6 9997/udp Palace-6 palace-6 9997/tcp Palace-6 distinct32 9998/tcp Distinct32 distinct32 9998/udp Distinct32 distinct 9999/udp distinct distinct 9999/tcp distinct # Scott A. McIntyre theprayer1 9999/tcp ndmp 10000/udp Network Data Management Protocol ndmp 10000/tcp Network Data Management Protocol # Ted Behling webmin 10000/tcp http://www.webmin.com/webmin/ scp-config 10001/tcp SCP Configuration Port scp-config 10001/udp SCP Configuration Port mvs-capacity 10007/udp MVS Capacity mvs-capacity 10007/tcp MVS Capacity # Kendall Lister l10n-root-shell 10008/tcp # Scott A. McIntyre portal-of-doom 10067/udp amanda 10080/tcp Amanda amanda 10080/udp Amanda # Rick Payne amanda 10081/tcp http://www.amanda.org amanda 10082/tcp http://www.amanda.org amanda 10083/tcp http://www.amanda.org ezmeeting-2 10101/tcp eZmeeting ezmeeting-2 10101/udp eZmeeting ezproxy-2 10102/udp eZproxy ezproxy-2 10102/tcp eZproxy ezrelay 10103/tcp eZrelay ezrelay 10103/udp eZrelay netiq-endpoint 10113/tcp NetIQ Endpoint netiq-endpoint 10113/udp NetIQ Endpoint netiq-qcheck 10114/udp NetIQ Qcheck netiq-qcheck 10114/tcp NetIQ Qcheck netiq-endpt 10115/tcp NetIQ Endpoint netiq-endpt 10115/udp NetIQ Endpoint netiq-voipa 10116/tcp NetIQ VoIP Assessor netiq-voipa 10116/udp NetIQ VoIP Assessor bmc-perf-sd 10128/udp BMC-PERFORM-SERVICE DAEMON bmc-perf-sd 10128/tcp BMC-PERFORM-SERVICE DAEMON # Scott A. McIntyre portal-of-doom 10167/udp axis-wimp-port 10260/udp Axis WIMP Port axis-wimp-port 10260/tcp Axis WIMP Port blocks 10288/udp Blocks blocks 10288/tcp Blocks # Scott A. McIntyre coma 10607/tcp # Scott A. McIntyre ambush 10666/tcp # Scott A. McIntyre linux-mountd 10752/tcp rmiaux 10990/tcp Auxiliary RMI Port rmiaux 10990/udp Auxiliary RMI Port irisa 11000/udp IRISA irisa 11000/tcp IRISA # Scott A. McIntyre sennaspy 11000/tcp metasys 11001/udp Metasys metasys 11001/tcp Metasys vce 11111/udp Viral Computing Environment (VCE) vce 11111/tcp Viral Computing Environment (VCE) smsqp 11201/tcp smsqp smsqp 11201/udp smsqp # Scott A. McIntyre progenic-trojan 11223/tcp imip 11319/udp IMIP imip 11319/tcp IMIP imip-channels 11320/tcp IMIP Channels Port imip-channels 11320/udp IMIP Channels Port arena-server 11321/udp Arena Server Listen arena-server 11321/tcp Arena Server Listen atm-uhas 11367/tcp ATM UHAS atm-uhas 11367/udp ATM UHAS tempest-port 11600/udp Tempest Protocol Port tempest-port 11600/tcp Tempest Protocol Port h323callsigalt 11720/udp h323 Call Signal Alternate h323callsigalt 11720/tcp h323 Call Signal Alternate # Dave Westwood yahoogames 11999/tcp http://help.yahoo.com/help/us/games/games-05.html entextxid 12000/udp IBM Enterprise Extender SNA XID Exchange entextxid 12000/tcp IBM Enterprise Extender SNA XID Exchange entextnetwk 12001/tcp IBM Enterprise Extender SNA COS Network Priority entextnetwk 12001/udp IBM Enterprise Extender SNA COS Network Priority entexthigh 12002/tcp IBM Enterprise Extender SNA COS High Priority entexthigh 12002/udp IBM Enterprise Extender SNA COS High Priority entextmed 12003/udp IBM Enterprise Extender SNA COS Medium Priority entextmed 12003/tcp IBM Enterprise Extender SNA COS Medium Priority entextlow 12004/udp IBM Enterprise Extender SNA COS Low Priority entextlow 12004/tcp IBM Enterprise Extender SNA COS Low Priority # Scott A. McIntyre gjammer 12076/tcp hivep 12172/udp HiveP hivep 12172/tcp HiveP # Scott A. McIntyre hack99 12223/tcp # Scott A. McIntyre hack99 12223/udp italk 12345/tcp Italk Chat System italk 12345/udp Italk Chat System # Scott A. McIntyre netbus 12345/udp # Scott Craig officescan-listener 12345/tcp http://www.antivirus.com/products/osce # Scott A. McIntyre netbus/gabanbus 12346/tcp # Scott A. McIntyre whack-a-mole 12361/tcp whack-a-mole 12362/tcp # Scott A. McIntyre eclipse2k 12701/tcp tsaf 12753/tcp tsaf port tsaf 12753/udp tsaf port i-zipqd 13160/tcp I-ZIPQD i-zipqd 13160/udp I-ZIPQD powwow-client 13223/udp PowWow Client powwow-client 13223/tcp PowWow Client powwow-server 13224/tcp PowWow Server powwow-server 13224/udp PowWow Server bprd 13720/udp BPRD Protocol (VERITAS NetBackup) bprd 13720/tcp BPRD Protocol (VERITAS NetBackup) bpdbm 13721/udp BPDBM Protocol (VERITAS NetBackup) bpdbm 13721/tcp BPDBM Protocol (VERITAS NetBackup) bpjava-msvc 13722/tcp BP Java MSVC Protocol bpjava-msvc 13722/udp BP Java MSVC Protocol vnetd 13724/udp Veritas Network Utility vnetd 13724/tcp Veritas Network Utility bpcd 13782/tcp VERITAS NetBackup bpcd 13782/udp VERITAS NetBackup vopied 13783/udp VOPIED Protocol vopied 13783/tcp VOPIED Protocol dsmcc-config 13818/udp DSMCC Config dsmcc-config 13818/tcp DSMCC Config dsmcc-session 13819/udp DSMCC Session Messages dsmcc-session 13819/tcp DSMCC Session Messages dsmcc-passthru 13820/udp DSMCC Pass-Thru Messages dsmcc-passthru 13820/tcp DSMCC Pass-Thru Messages dsmcc-download 13821/udp DSMCC Download Protocol dsmcc-download 13821/tcp DSMCC Download Protocol dsmcc-ccp 13822/udp DSMCC Channel Change Protocol dsmcc-ccp 13822/tcp DSMCC Channel Change Protocol sua 14001/udp De-Registered (2001 June 06) sua 14001/tcp SUA sage-best-com1 14033/udp sage Best! Config Server 1 sage-best-com1 14033/tcp sage Best! Config Server 1 sage-best-com2 14034/udp sage Best! Config Server 2 sage-best-com2 14034/tcp sage Best! Config Server 2 vcs-app 14141/tcp VCS Application vcs-app 14141/udp VCS Application gcm-app 14145/tcp GCM Application gcm-app 14145/udp GCM Application vrts-tdd 14149/udp Veritas Traffic Director vrts-tdd 14149/tcp Veritas Traffic Director hde-lcesrvr-1 14936/tcp hde-lcesrvr-1 hde-lcesrvr-1 14936/udp hde-lcesrvr-1 hde-lcesrvr-2 14937/udp hde-lcesrvr-2 hde-lcesrvr-2 14937/tcp hde-lcesrvr-2 hydap 15000/tcp Hypack Data Aquisition hydap 15000/udp Hypack Data Aquisition xpilot 15345/tcp XPilot Contact Port xpilot 15345/udp XPilot Contact Port netserialext1 16360/tcp netserialext1 netserialext1 16360/udp netserialext1 netserialext2 16361/tcp netserialext2 netserialext2 16361/udp netserialext2 netserialext3 16367/udp netserialext3 netserialext3 16367/tcp netserialext3 netserialext4 16368/udp netserialext4 netserialext4 16368/tcp netserialext4 # Rick Payne stacheldraht 16660/tcp http://staff.washington.edu/dittrich/misc/stacheld # Scott A. McIntyre priority 16969/tcp intel-rci-mp 16991/udp INTEL-RCI-MP intel-rci-mp 16991/tcp INTEL-RCI-MP isode-dua 17007/tcp isode-dua 17007/udp soundsvirtual 17185/udp Sounds Virtual soundsvirtual 17185/tcp Sounds Virtual chipper 17219/udp Chipper chipper 17219/tcp Chipper # Scott A. McIntyre kuang2 17300/tcp # Nathan Mates battlezone-2 17770/tcp http://www.visi.com/~nathan/bz2/nettips.html battlezone-2 17771/tcp http://www.visi.com/~nathan/bz2/nettips.html battlezone-2 17772/tcp http://www.visi.com/~nathan/bz2/nettips.html # Nathan Mates battlezone-2 17770/udp http://www.visi.com/~nathan/bz2/nettips.html battlezone-2 17771/udp http://www.visi.com/~nathan/bz2/nettips.html battlezone-2 17772/udp http://www.visi.com/~nathan/bz2/nettips.html biimenu 18000/udp Beckman Instruments, Inc. biimenu 18000/tcp Beckman Instruments, Inc. opsec-cvp 18181/tcp OPSEC CVP opsec-cvp 18181/udp OPSEC CVP # Alex Butcher fw1_cvp 18181/tcp http://www.checkpoint.com/ opsec-ufp 18182/tcp OPSEC UFP opsec-ufp 18182/udp OPSEC UFP # Alex Butcher fw1_ufp 18182/tcp http://www.checkpoint.com/ opsec-sam 18183/tcp OPSEC SAM opsec-sam 18183/udp OPSEC SAM # Alex Butcher fw1_sam 18183/tcp http://www.checkpoint.com/ opsec-lea 18184/udp OPSEC LEA opsec-lea 18184/tcp OPSEC LEA # Alex Butcher fw1_lea 18184/tcp http://www.checkpoint.com/ opsec-omi 18185/udp OPSEC OMI opsec-omi 18185/tcp OPSEC OMI opsec-ela 18187/tcp OPSEC ELA opsec-ela 18187/udp OPSEC ELA checkpoint-rtm 18241/udp Check Point RTM checkpoint-rtm 18241/tcp Check Point RTM ac-cluster 18463/tcp AC Cluster ac-cluster 18463/udp AC Cluster apc-necmp 18888/tcp APCNECMP apc-necmp 18888/udp APCNECMP opsec-uaa 19191/udp opsec-uaa opsec-uaa 19191/tcp opsec-uaa keysrvr 19283/udp Key Server for SASSAFRAS keysrvr 19283/tcp Key Server for SASSAFRAS keyshadow 19315/tcp Key Shadow for SASSAFRAS keyshadow 19315/udp Key Shadow for SASSAFRAS mtrgtrans 19398/udp mtrgtrans mtrgtrans 19398/tcp mtrgtrans hp-sco 19410/udp hp-sco hp-sco 19410/tcp hp-sco hp-sca 19411/tcp hp-sca hp-sca 19411/udp hp-sca hp-sessmon 19412/udp HP-SESSMON hp-sessmon 19412/tcp HP-SESSMON jcp 19541/tcp JCP Client jcp 19541/udp JCP Client dnp 20000/tcp DNP dnp 20000/udp DNP # Scott A. McIntyre millennium 20000/udp millennium 20001/udp # Scott A. McIntyre millennium 20000/udp # Scott A. McIntyre netbus-pro 20034/tcp # Alex Butcher mailsweeper 20200/tcp http://www.mimesweeper.com/ # Scott A. McIntyre chupacabra 20203/tcp ipulse-ics 20222/tcp iPulse-ICS ipulse-ics 20222/udp iPulse-ICS track 20670/udp Track track 20670/tcp Track athand-mmp 20999/udp AT Hand MMP athand-mmp 20999/tcp At Hand MMP # Gary Gaskell gauntlet-admin 21000/tcp # Rick Payne gnuserv 21490/tcp http://www.xemacs.org # Scott A. McIntyre girlfriend 21544/udp # Scott A. McIntyre girlfriend 21544/tcp # Fernando Montenegro girlfriend 21554/udp vofr-gateway 21590/udp VoFR Gateway vofr-gateway 21590/tcp VoFR Gateway tvpm 21800/udp TVNC Pro Multiplexing tvpm 21800/tcp TVNC Pro Multiplexing webphone 21845/tcp webphone webphone 21845/udp webphone netspeak-is 21846/tcp NetSpeak Corp. Directory Services netspeak-is 21846/udp NetSpeak Corp. Directory Services netspeak-cs 21847/tcp NetSpeak Corp. Connection Services netspeak-cs 21847/udp NetSpeak Corp. Connection Services netspeak-acd 21848/tcp NetSpeak Corp. Automatic Call Distribution netspeak-acd 21848/udp NetSpeak Corp. Automatic Call Distribution netspeak-cps 21849/udp NetSpeak Corp. Credit Processing System netspeak-cps 21849/tcp NetSpeak Corp. Credit Processing System snapenetio 22000/tcp SNAPenetIO snapenetio 22000/udp SNAPenetIO optocontrol 22001/udp OptoControl optocontrol 22001/tcp OptoControl # Scott A. McIntyre prosiak 22222/tcp wnn6 22273/udp wnn6 wnn6 22273/tcp wnn6 vocaltec-phone 22555/udp Vocaltec Internet Phone vocaltec-wconf 22555/tcp Vocaltec Web Conference aws-brf 22800/tcp Telerate Information Platform LAN aws-brf 22800/udp Telerate Information Platform LAN brf-gw 22951/tcp Telerate Information Platform WAN brf-gw 22951/udp Telerate Information Platform WAN # Scott A. McIntyre evilftp 23456/tcp # Scott A. McIntyre whackjob 23456/tcp med-ltp 24000/udp med-ltp med-ltp 24000/tcp med-ltp med-fsp-rx 24001/udp med-fsp-rx med-fsp-rx 24001/tcp med-fsp-rx med-fsp-tx 24002/udp med-fsp-tx med-fsp-tx 24002/tcp med-fsp-tx med-supp 24003/udp med-supp med-supp 24003/tcp med-supp med-ovw 24004/tcp med-ovw med-ovw 24004/udp med-ovw med-ci 24005/tcp med-ci med-ci 24005/udp med-ci med-net-svc 24006/udp med-net-svc med-net-svc 24006/tcp med-net-svc filesphere 24242/tcp fileSphere filesphere 24242/udp fileSphere vista-4gl 24249/tcp Vista 4GL vista-4gl 24249/udp Vista 4GL intel_rci 24386/tcp Intel RCI intel_rci 24386/udp Intel RCI binkp 24554/tcp BINKP binkp 24554/udp BINKP flashfiler 24677/tcp FlashFiler flashfiler 24677/udp FlashFiler proactivate 24678/udp Turbopower Proactivate proactivate 24678/tcp Turbopower Proactivate snip 24922/udp Simple Net Ident Protocol snip 24922/tcp Simple Net Ident Protocol icl-twobase1 25000/tcp icl-twobase1 icl-twobase1 25000/udp icl-twobase1 icl-twobase2 25001/tcp icl-twobase2 icl-twobase2 25001/udp icl-twobase2 icl-twobase3 25002/udp icl-twobase3 icl-twobase3 25002/tcp icl-twobase3 icl-twobase4 25003/tcp icl-twobase4 icl-twobase4 25003/udp icl-twobase4 icl-twobase5 25004/udp icl-twobase5 icl-twobase5 25004/tcp icl-twobase5 icl-twobase6 25005/tcp icl-twobase6 icl-twobase6 25005/udp icl-twobase6 icl-twobase7 25006/tcp icl-twobase7 icl-twobase7 25006/udp icl-twobase7 icl-twobase8 25007/udp icl-twobase8 icl-twobase8 25007/tcp icl-twobase8 icl-twobase9 25008/tcp icl-twobase9 icl-twobase9 25008/udp icl-twobase9 icl-twobase10 25009/udp icl-twobase10 icl-twobase10 25009/tcp icl-twobase10 vocaltec-hos 25793/udp Vocaltec Address Server vocaltec-hos 25793/tcp Vocaltec Address Server niobserver 25901/tcp NIObserver niobserver 25901/udp NIObserver niprobe 25903/udp NIProbe niprobe 25903/tcp NIProbe quake 26000/udp quake quake 26000/tcp quake wnn6-ds 26208/udp wnn6-ds wnn6-ds 26208/tcp wnn6-ds ezproxy 26260/udp eZproxy ezproxy 26260/tcp eZproxy ezmeeting 26261/tcp eZmeeting ezmeeting 26261/udp eZmeeting k3software-svr 26262/udp K3 Software-Server k3software-svr 26262/tcp K3 Software-Server k3software-cli 26263/tcp K3 Software-Client k3software-cli 26263/udp K3 Software-Client gserver 26264/tcp Gserver gserver 26264/udp Gserver # Scott A. McIntyre delta 26274/udp # John Ekins halflife 27015/udp http://www.sierrastudios.com/games/half-life/ imagepump 27345/udp ImagePump imagepump 27345/tcp ImagePump # Mike Forrester sub-7 27374/tcp http://subseven.slak.org/ # Mike Forrester sub-7 27374/tcp http://subseven.slak.org/ # Ramji ramen 27374/tcp http://www.f-secure.com/v-descs/ramen.shtml # Rick Payne trinoo 27444/udp http://www.cert.org/incident_notes/IN-99-07.html # Rick Payne trinoo 27665/tcp http://www.cert.org/incident_notes/IN-99-07.html # Scott A. McIntyre quake-2 27901/udp # Bob Radvanovsky quake-ii-dedicated-server 27910/udp # Jeffrey Drake quake3-q3f 27960/udp quake3-q3f 27961/udp tw-auth-key 27999/tcp TW Authentication/Key Distribution and tw-auth-key 27999/udp Attribute Certificate Services # Fernando Montenegro hack'a'tack 28431/udp # Dave Wilson quake3 29760/udp http://www.quake3arena.com # Dave Wilson quake3 29760/udp http://www.quake3arena.com # Scott A. McIntyre theunexplained 29891/tcp pago-services1 30001/udp Pago Services 1 pago-services1 30001/tcp Pago Services 1 pago-services2 30002/tcp Pago Services 2 pago-services2 30002/udp Pago Services 2 # Scott A. McIntyre netsphere 30100/tcp netsphere 30101/tcp netsphere 30102/tcp # Scott A. McIntyre socket23 30303/tcp # Scott A. McIntyre kuang 30999/tcp # Scott A. McIntyre prosiak 31333/udp # Rick Payne trinoo 31335/udp http://www.cert.org/incident_notes/IN-99-07.html # Scott A. McIntyre back-orifice-tcp 31337/tcp # Scott A. McIntyre back-orifice-udp 31337/udp # Scott A. McIntyre deep-bo 31338/udp # Scott A. McIntyre netspy 31339/udp # Scott A. McIntyre netspydk 31339/tcp # Scott A. McIntyre schwindler 31554/tcp # Scott A. McIntyre bowhack 31666/udp # Scott A. McIntyre hack-a-tack 31785/tcp hack-a-tack 31786/tcp hack-a-tack 31787/tcp # Scott A. McIntyre hack-a-tack 31789/udp hack-a-tack 31790/udp hack-a-tack 31791/udp # Gary Gaskell interceptor-firewall-admin 32666/tcp filenet-tms 32768/udp Filenet TMS filenet-tms 32768/tcp Filenet TMS filenet-rpc 32769/udp Filenet RPC filenet-rpc 32769/tcp Filenet RPC filenet-nch 32770/tcp Filenet NCH filenet-nch 32770/udp Filenet NCH filenet-rmi 32771/udp FileNet RMI filenet-rmi 32771/tcp FileNET RMI # Scott A. McIntyre sunrpc 32771/udp # Scott A. McIntyre sunrpc 32771/tcp # Scott A. McIntyre solaris-snmp 32780/udp # Scott Craig trinityv3 33270/tcp http://xforce.iss.net/alerts/advise59.php traceroute 33434/tcp traceroute use traceroute 33434/udp traceroute use # Scott A. McIntyre spirit2001 33911/tcp turbonote-2 34249/tcp TurboNote Relay Server Default Port turbonote-2 34249/udp TurboNote Relay Server Default Port # Scott A. McIntyre biggluck 34324/tcp kastenxpipe 36865/tcp KastenX Pipe kastenxpipe 36865/udp KastenX Pipe neckar 37475/tcp science + computing's Venus Administration Port neckar 37475/udp science + computing's Venus Administration Port # Scott A. McIntyre yetanother 37651/tcp turbonote-1 39681/tcp TurboNote Default Port turbonote-1 39681/udp TurboNote Default Port # Scott A. McIntyre the-spy 40412/tcp # Scott A. McIntyre masters-pardise 40421/udp masters-pardise 40422/udp masters-pardise 40423/udp masters-pardise 40424/udp masters-pardise 40425/udp masters-pardise 40426/udp cscp 40841/tcp CSCP cscp 40841/udp CSCP csccredir 40842/tcp CSCCREDIR csccredir 40842/udp CSCCREDIR csccfirewall 40843/udp CSCCFIREWALL csccfirewall 40843/tcp CSCCFIREWALL fs-qos 41111/udp Foursticks QoS Protocol fs-qos 41111/tcp Foursticks QoS Protocol # Gary Gaskell inoculan 41508/tcp reachout 43188/tcp REACHOUT reachout 43188/udp REACHOUT ndm-agent-port 43189/udp NDM-AGENT-PORT ndm-agent-port 43189/tcp NDM-AGENT-PORT ip-provision 43190/tcp IP-PROVISION ip-provision 43190/udp IP-PROVISION # steve farb winrouteadmin 44333/tcp http://www.tinysoftware.com/ # Lapalissiano tiny-personal-firewall-(remote-administration) 44334/tcp www.tinysoftware.com rockwell-encap 44818/udp Rockwell Encapsulation rockwell-encap 44818/tcp Rockwell Encapsulation # Scott Craig netranger_comm 45000/udp http://www.cisco.com/univercd/cc/td/doc/product/ia # Scott Craig netranger_comm 45000/udp http://www.cisco.com/univercd/cc/td/doc/product/ia invision-ag 45054/tcp InVision AG invision-ag 45054/udp InVision AG eba 45678/tcp EBA PRISE eba 45678/udp EBA PRISE ssr-servermgr 45966/udp SSRServerMgr ssr-servermgr 45966/tcp SSRServerMgr mbus 47000/udp Message Bus mbus 47000/tcp Message Bus # Scott A. McIntyre delta 47262/udp dbbrowse 47557/udp Databeam Corporation dbbrowse 47557/tcp Databeam Corporation directplaysrvr 47624/tcp Direct Play Server directplaysrvr 47624/udp Direct Play Server ap 47806/udp ALC Protocol ap 47806/tcp ALC Protocol bacnet 47808/tcp Building Automation and Control Networks bacnet 47808/udp Building Automation and Control Networks nimcontroller 48000/udp Nimbus Controller nimcontroller 48000/tcp Nimbus Controller nimspooler 48001/tcp Nimbus Spooler nimspooler 48001/udp Nimbus Spooler nimhub 48002/tcp Nimbus Hub nimhub 48002/udp Nimbus Hub nimgtw 48003/tcp Nimbus Gateway nimgtw 48003/udp Nimbus Gateway # Gary Gaskell wintrv-bloomberg 48129/tcp # Gary Gaskell wintrv-bloomberg 48129/udp wintrv-bloomberg 48130/udp wintrv-bloomberg 48131/udp wintrv-bloomberg 48132/udp wintrv-bloomberg 48133/udp wintrv-bloomberg 48134/udp wintrv-bloomberg 48135/udp wintrv-bloomberg 48136/udp wintrv-bloomberg 48137/udp wintrv-bloomberg 48138/udp wintrv-bloomberg 48139/udp wintrv-bloomberg 48140/udp wintrv-bloomberg 48141/udp wintrv-bloomberg 48142/udp wintrv-bloomberg 48143/udp wintrv-bloomberg 48144/udp wintrv-bloomberg 48145/udp wintrv-bloomberg 48146/udp wintrv-bloomberg 48147/udp wintrv-bloomberg 48148/udp wintrv-bloomberg 48149/udp wintrv-bloomberg 48150/udp wintrv-bloomberg 48151/udp wintrv-bloomberg 48152/udp wintrv-bloomberg 48153/udp wintrv-bloomberg 48154/udp wintrv-bloomberg 48155/udp wintrv-bloomberg 48156/udp wintrv-bloomberg 48157/udp wintrv-bloomberg 48158/udp wintrv-bloomberg 48159/udp wintrv-bloomberg 48160/udp wintrv-bloomberg 48161/udp wintrv-bloomberg 48162/udp wintrv-bloomberg 48163/udp wintrv-bloomberg 48164/udp wintrv-bloomberg 48165/udp wintrv-bloomberg 48166/udp wintrv-bloomberg 48167/udp wintrv-bloomberg 48168/udp wintrv-bloomberg 48169/udp wintrv-bloomberg 48170/udp wintrv-bloomberg 48171/udp wintrv-bloomberg 48172/udp wintrv-bloomberg 48173/udp wintrv-bloomberg 48174/udp wintrv-bloomberg 48175/udp wintrv-bloomberg 48176/udp wintrv-bloomberg 48177/udp wintrv-bloomberg 48178/udp wintrv-bloomberg 48179/udp wintrv-bloomberg 48180/udp wintrv-bloomberg 48181/udp wintrv-bloomberg 48182/udp wintrv-bloomberg 48183/udp wintrv-bloomberg 48184/udp wintrv-bloomberg 48185/udp wintrv-bloomberg 48186/udp wintrv-bloomberg 48187/udp wintrv-bloomberg 48188/udp wintrv-bloomberg 48189/udp wintrv-bloomberg 48190/udp wintrv-bloomberg 48191/udp com-bardac-dw 48556/tcp com-bardac-dw com-bardac-dw 48556/udp com-bardac-dw # Scott A. McIntyre sockets-de-troi 50505/udp # Scott A. McIntyre fore 50776/udp # Scott A. McIntyre fore 50776/tcp # Scott A. McIntyre winshut 53001/tcp # Scott A. McIntyre schoolbus 54321/tcp # Scott A. McIntyre netraider 57341/tcp # Buggy netprowler 61439/tcp netprowler 61440/tcp netprowler 61441/tcp # Scott A. McIntyre telecommando 61446/tcp # Rick Payne stacheldraht 65000/tcp http://staff.washington.edu/dittrich/misc/stacheld # Scott A. McIntyre devil 65000/udp # Scott A. McIntyre devil 65000/tcp �����������������������������������������������������������������������������������������������������������������������������������������������������������������mason-1.0.0.orig/prev.gif���������������������������������������������������������������������������0100644�0007657�0000764�00000000475�06675343464�014131� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������GIF89a�������p�p!# Imported from XPM image: prev.xpm�!���,������@63333#� B����� 0 A0 0 0 � 0 `0 `0 A �� � �����`0 `00000000000000000000000000000000000000���000000�� �� �000�� �0000000000000���000000000000000000` ��;���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������mason-1.0.0.orig/regression-test��������������������������������������������������������������������0100755�0007657�0000764�00000007161�07251526723�015540� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/bash #Copyright 1999-2000, William Stearns <wstearns@pobox.com> #FIXME - test all vars after running checksys for default values. #FIXME - feed log entry into mason and compare to all output formats. #FIXME - test that identical log entries, even separated, produce only one line of output. error () { echo echo Failed test: $* if [ -d /usr/src/mason-work ]; then echo Failed test: $* on $MASONVER >>/usr/src/mason-work/regression-log fi echo -n -e "\a" >/dev/stderr sleep 1 echo -n -e "\a" >/dev/stderr sleep 1 echo -n -e "\a" >/dev/stderr exit 1 } echo -n Load library:... . ./masonlib echo Done #Internal check. If you want to check that the error function actually catches failures, uncomment the following. #if ! false ; then error testfail ; fi echo ---------- General checks ---------- echo -n masonver... if [ -z "$MASONVER" ]; then error masonver ; fi echo done. echo ---------- Test should return true: ---------- #if ! ; then error tx ; fi echo done. echo ---------- Test should return false: ---------- #if ; then error fx ; fi echo done. echo ---------- General return values ---------- #if [ ! `` = "" ]; then error -x ; fi echo -n clientportrange... #CLIENTPORT, SERVERPORT, PRPROTO, ACKFLAG #if [ ! `GENERALIZETCPACK= UCPOLICY= clientportrange ` = "" ]; then error clientportrange-x ; fi PORT_MASQ_BEGIN=61000 ; PORT_MASQ_END=65096 ; TRACEROUTE_BEGIN=33434 ; TRACEROUTE_END=33524 if [ ! `GENERALIZETCPACK= UCPOLICY= clientportrange 1056 113 tcp ""` = "1024:65535" ]; then error clientportrange-1 ; fi if [ ! `GENERALIZETCPACK= UCPOLICY= clientportrange 61000 113 tcp ""` = "61000:65096" ]; then error clientportrange-2 ; fi if [ ! `GENERALIZETCPACK= UCPOLICY= clientportrange 65096 113 tcp ""` = "61000:65096" ]; then error clientportrange-3 ; fi if [ ! `GENERALIZETCPACK= UCPOLICY= clientportrange 65097 113 tcp ""` = "1024:65535" ]; then error clientportrange-4 ; fi unset PORT_MASQ_BEGIN PORT_MASQ_END TRACEROUTE_BEGIN TRACEROUTE_END echo -n generalportrange... PORT_MASQ_BEGIN=61000 ; PORT_MASQ_END=65096 if [ ! `generalportrange 0` = "0" ]; then error generalportrange-1 ; fi if [ ! `generalportrange 1` = "0:1023" ]; then error generalportrange-2 ; fi if [ ! `generalportrange 1023` = "0:1023" ]; then error generalportrange-3 ; fi if [ ! `generalportrange 1024` = "1024:65535" ]; then error generalportrange-4 ; fi if [ ! `generalportrange 60999` = "1024:65535" ]; then error generalportrange-5 ; fi if [ ! `generalportrange 61000` = "61000:65096" ]; then error generalportrange-6 ; fi if [ ! `generalportrange 65096` = "61000:65096" ]; then error generalportrange-7 ; fi if [ ! `generalportrange 65097` = "1024:65535" ]; then error generalportrange-8 ; fi if [ ! `generalportrange 65535` = "65535" ]; then error generalportrange-9 ; fi if [ ! `generalportrange 113` = "113" ]; then error generalportrange-10 ; fi unset PORT_MASQ_BEGIN PORT_MASQ_END echo -n nameof... if [ ! `HOSTLOOKUP=NONE nameof 127.0.0.1` = "127.0.0.1" ]; then error nameof-1 ; fi if [ ! `HOSTLOOKUP=FILESONLY nameof 127.0.0.1` = "localhost" ]; then error nameof-2 ; fi if [ ! `HOSTLOOKUP=FULL nameof 127.0.0.1` = "localhost" ]; then error nameof-3 ; fi echo done. echo ---------- Exit with a fanfare ---------- echo `cat $0 | sed -e 's/#.*//' | grep 'error .* fi' | grep -v regression | wc -l` regression tests successful on $MASONVER if [ -d /usr/src/mason-work ]; then date >>/usr/src/mason-work/regression-log echo `cat $0 | sed -e 's/#.*//' | grep 'error .* fi' | grep -v regression | wc -l` regression tests successful on $MASONVER >>/usr/src/mason-work/regression-log fi exit 0 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������mason-1.0.0.orig/saveips����������������������������������������������������������������������������0100755�0007657�0000764�00000001714�07201045372�014042� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/bash #Added by Mason. The files this creates store all the IP's an interface #has used. Mason uses these to figure out the smallest network that will #accomodate all these IP's. #This short section of code (without the first "#"): # # [ -f /var/lib/mason/saveips ] && . /var/lib/mason/saveips #Added by Mason # #should be appended to: # - /etc/rc.d/rc.local (or some file that gets run at boot time) # - any script that's run _after_ a new IP address is acquired, such as: # - /etc/ppp/ip-up or /etc/ppp/ip-up.local # - /etc/dhclient-script # - /etc/sysconfig/network-scripts/dhcpcd-eth* # - /etc/pcmcia/network (in the start_fn function) #FIXME - add to Makefile and install scripts... for ONEIF in `ifconfig | grep 'Link encap' | awk '{print $1}'` ; do NEWIP=`ifconfig $ONEIF | awk '/inet addr/{print substr($2,6)}'` if [ -n "$NEWIP" ] && [ -z "`cat /var/lib/mason/$ONEIF-ips | grep ^$NEWIP\$`" ]; then echo $NEWIP >>/var/lib/mason/$ONEIF-ips fi done ����������������������������������������������������mason-1.0.0.orig/sudo-notes�������������������������������������������������������������������������0100644�0007657�0000764�00000001112�07215740031�014454� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� "#SUDO checked" for each function - Add code to set SUDO to sudo binary and check that all needed commands are listed. - SUDO can also be an "ask me first" function. Needed sudo commands: - ipchains binary - iptables binary Assumed: - MASONDIR exists and is owned by firewalluser - the entire MASONDIR tree (with the exception of: /var/lib/mason /var/lib/mason/baserules.sample /var/lib/mason/masonlib /var/lib/mason/moreservices /var/lib/mason/nmap-services /var/lib/mason/regression-test is owned by firewalluser - /etc/masonrc is owned by firewalluser ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������mason-1.0.0.orig/systemrules������������������������������������������������������������������������0100644�0007657�0000764�00000000312�06744757514�015000� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/bash #I might implement this later. But not now. #FIXME - load variables #FIXME - add to Makefile and specs if [ -f /proc/net/ip_fwchains ]; then elif [ -f /proc/net/ip_input ]; then fi ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������mason-1.0.0.orig/toc.gif����������������������������������������������������������������������������0100644�0007657�0000764�00000000474�06675343464�013741� 0����������������������������������������������������������������������������������������������������ustar �martin��������������������������edv��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������GIF89a�������p����!" Imported from XPM image: toc.xpm�!���,������@6313c B0 0� �A0 0 0 �0 `0�@`0 `�  `0�@`0 `0�@`0000000000� �0000000000� �00000000� �000000� �0000����� �����000000000� �00000000000� �00000000000���000` ��;��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������