Planning a Firewall -> Samba don't work! (ports)

[Anthony]

At 01:40 a 29/04/01, Bill wrote:
>Anthony wrote:
> > As far as I can tell, Windows doesn't
> > connect from ports 137-139 as you would expect. I've just set one of my
> > machines here to log to the system log, and it appears that Windows is
> > connecting FROM port 2695 TO port 139. I have no idea why it does this (if
> > anyone out there does know, please share it with us!)
>
>This is fairly typical of tcp communications. Consider the fact that the
>Windows machine is likely listening for connections from others on port
>139 already (if file sharing is enabled on that machine), so it could
>cause confusion to try to connect with that port on outgoing
>communication as well.
>Also, on any system with intelligent security (most UN*Ces and I believe
>the NT line) a non-root (admin) user can not establish connections on
>ports below 1024 (these are "priveledged" ports). Therefore, logging in
>to a sytem as a "normal user" does not enable you to open a connection
>from 139. Samba and the NT filesharing service both run as root/system
>so they are able to establish listening ports on 139, but you don't want
>to have everyone logging as root/admin. Most other communication
>services run in the same manner, including ftp, mail, http, etc ...
>
>Hope this helps some.
>
>-Bill

Thanx Bill, your explanation was extremely helpful. The best part is, I 
actually understand what you're saying. :) I have read before about the 
whole "privileged ports" thing, but I guess Windows isn't an OS that comes 
to mind when I think about ports. Anyway, thanx again!



----------------------------
Anthony (aslan at ispdr.net.au)
----------------------------