Beyond Technology: UDP

Showing posts with label UDP. Show all posts

Monday, June 4, 2007

Internet Protocol keyword

Most Windows have the ability to define Internet Protocol (IP) packet filters for protocol numbers. IP packet filters are commonly used to restrict traffic in and out of each interface.

We used this Protocol number to configure firewalls, routers and proxy. Next session i want to write about network firewall. This is as reference only, so if you want to know more about this visit the associated, like Microsoft, cisco, etc..etc

Internet Protocol Number:

Decimal	Keyword	Protocol
0		Reserved
1	ICMP	Internet Control Message
2	IGMP	Internet Group Management
3	GGP	Gateway-To-Gateway
4	IP	IP in IP (Encapsulation)
5	ST	Stream
6	TCP	Transmission Control
7	UCL	UCL
8	EGP	Exterior Gateway Protocol
9	IGP	Any Private Interior Gateway
10	BBN-RCC-MON	BBN RCC Monitoring
11	NVP-II	Network Voice Protocol
12	PUP	PUP
13	ARGUS	ARGUS
14	EMCON	EMCON
15	XNET	Cross Net Debugger
16	CHAOS	Chaos
17	UDP	User Datagram
18	MUX	Multiplexing
19	DCN-MEAS	DCN Measurement Subsystems
20	HMP	Host Monitoring
21	PRM	Packet Radio Measurement
2	XNS-IDP	Xerox NS IDP
23	TRUNK-1	Trunk-1
24	TRUNK-2	Trunk-2
25	LEAF-1	LEAF-1
26	LEAF-2	LEAF2
27	RDP	Reliable Data Protocol
28	IRTP	Internet Reliable Transaction
29	ISO-TP4	ISO Transport Protocol Class 4
30	NETBLT	Bulk Data Transfer Protocol
31	MFE-NSP	MFE Network Services Protocol
32	MERIT-INP	MERIT Internodal Protocol
33	SEP	Sequential Exchange Protocol
34	3PC	Third Party Connect Protocol
35	IDPR	Inter-Domain Policy Routing Protocol
36	XTP	XTP
37	DDP	Datagram Delivery Protocol
38	IDPR-CMTP	IDPR Control Message Transport Protocol
39	TP++	TP++ Transport Protocol
40	IL	IL Transport Protocol
41	SIP	Simple Internet Protocol
42	SDRP	Source Demand Routing Protocol
43	SIP-SR	SIP Source Route
44	SIP-FRAG	SIP Fragment
45	IDRP	Inter Domain Routing Protocol
46	RSVP	Reservation Protocol
47	GRE	General Routing Encapsulation
48	MHRP	Mobile Host Routing Protocol
49	BNA	BNA
50	SIPP-ESP	SIPP Encap Security Payload
51	SIPP-AH	SIPP Authentication Header
52	I-NLSP	Integrated Net Layer Security TUBA
53	SWIPE	IP With Encryption
54	NHRP	NBMA Next Hoop Resolution Protocol
55 - 60		Unassigned
61		Any Host Internal Protocol
62	CFTP	CFTP
63		Any Local Network
64	SAT-EXPAK	SATNET and Backroom EXPAK
65	KRYPTOLAN	Kryptolan
66	RVD	MIT Remote Virtual Disk Protocol
67	IPPC	Internet Pluribus Packet Core
68		Any distributed File System
69	SAT-MON	SATNET Monitoring
70	VISA	VISA Protocol
71	IPCV	Internet Packet Core Utility
72	CPNX	Computer Protocol Network Executive
73	CPHB	Computer Protocol Heart Beat
74	WSN	Wang Span Network
75	PVP	Packet Video Protocol
76	BR-SAT-MON	Backroom SATNET Monitoring
77	SUN-ND	SUN ND PROTOCOL-Temporary
78	WB-MON	WIDEBAND Monitoring
79	WB-EXPAK	WIDEBAND Expak
80	ISO-IP	ISO Internet Protocol
81	VMTP	VMTP
82	SECURE-VMTP	Secure - VMTP
83	VINES	VINES
84	TTP	TTP
85	NSFNET-IGP	NSFNET-IGP
86	DGP	Dissimilar Gateway Protocol
87	TCF	TCF
88	IGRP	IGRP
89	OSPFIGP	OSPFIGP
90	SPRITE-RPC	Sprite RPC Protocol
91	LARP	Locus Address Resolution Protocol
92	MTP	Multicast Transport Protocol
93	AX.25	AX.25 Frames
94	IPIP	IP-within-IP Encapsulation Protocol
95	MICP	Mobile Internetworking Control Pro
96	SCC-SP	Semaphore Communication Sec. Pro
97	ETHERIP	Ethernet-within-IP Encapsulation
98	ENCAP	Encapsulation Header
99		Any Private Encryption Scheme
100	GMTP	GMTP
101-254		Unassigned
255		Reserved

Tuesday, May 29, 2007

Computer Port list

What is Computer port ?

An interface on a computer to which you can connect a device. Personal computers have various types of ports. Internally, there are several ports for connecting disk drives, display screens, and keyboards.

Externally, personal computers have ports for connecting modems, printers, mice, and other peripheral devices.

Almost all personal computers come with a serial RS-232C port or RS-422 port for connecting a modem or mouse and a parallel port for connecting a printer.

On PCs, the parallel port is a Centronics interface that uses a 25-pin connector. SCSI (Small Computer System Interface) ports support higher transmission speeds than do conventional ports and enable you to attach up to seven devices to the same port.

In TCP/IP and UDP networks, an endpoint to a logical connection. The port number identifies what type of port it is.

For Network administrator must know about the computer Port, to identify network attack and network function purposed.

Below is a general computer port list and the service port name:

Service Name	Port Number
Windows Services
Browsing DHCP Lease DHCP Manager Directory Replication DNS Administration DNS Resolution Event Viewer File Sharing Logon Sequence NetLogon Pass Through Validation Performance Monitor PPTP Printing Registry Editor Server Manager Trusts User Manager WinNT Diagnostics WinNT Secure channel Wins Replication Wins Manager Wins Registration Direct Hosting of SMB over TCP/IP	UDP:137,138 UDP:67,68 TCP:135 UDP:138 TCP:139 TCP:135 UDP:53 TCP:139 TCP:139 UDP:137,138 TCP:139 UDP:138 UDP:137,138 TCP:139 TCP:139 TCP:1723 IP Protocol:47 (GRE) UDP:137,138 TCP:139 TCP:139 TCP:139 UDP:137,138 TCP:139 TCP:139 TCP:139 UDP:137,138 TCP:139 TCP:42 TCP:135 TCP:137 TCP,UDP:445

Service Name	Port Number
Windows Load balancing System (WLBS) & convoy for cluster Control
Convoy WLBS	UDP:1717 UDP:2504
Microsoft Exchange
Client/Server Comm. Exchange Administrator IMAP IMAP (SSL) LDAP LDAP (SSL) MTA – X.400 over TCP/IP POP3 POP3 (SSL) RPC SMTP NNTP NNTP (SSL)	TCP:135 TCP:135 TCP:143 TCP:993 TCP:389 TCP:636 TCP:102 TCP:110 TCP:995 TCP:135 TCP:25 TCP:119 TCP:563
Windows Terminal Services
RDP Client (Microsoft) ActiveX Client (TSAC) ICA Client (Citrix) Terminal Server IPSec ISAKMP ESP AH Karberos Karberos RSVP RSVP	TCP:3389 TCP:80,3389 TCP:1494 TCP:3389 UDP:500 IP Protocol 50 IP Protocol 51 TCP;UDP:88 IP Protocol:46

Thursday, May 17, 2007

Network security - Firewall setting

You probably know that you need firewall security; in fact, you may even already have a firewall management program in place. But what exactly is firewall security, and what does firewall management entail?

The word firewall originally referred literally to a wall, which was constructed to halt the spread of a fire. In the world of computer firewall protection, a firewall refers to a network device which blocks certain kinds of network traffic, forming a barrier between a trusted and an untrusted network. It is analogous to a physical firewall in the sense that firewall security attempts to block the spread of computer attacks.

How Does Firewall Management Work?

A firewall management program can be configured one of two basic ways:

* A default-deny policy. The firewall administrator lists the allowed network services, and everything else is denied.
* A default-allow policy. The firewall administrator lists network services which are not allowed, and everything else is accepted.

A default-deny approach to firewall security is by far the more secure, but due to the difficulty in configuring and managing a network in that fashion, many networks instead use the default-allow approach. Let's assume for the moment that your firewall management program utilizes a default-deny policy, and you only have certain services enabled that you want people to be able to use from the Internet. For example, you have a web server which you want the general public to be able to access. What happens next depends on what kind of firewall security you have.

Below is a firewall security script, has been tested with Kerio Personal Firewall, may this rule can accepted to others firewall:

LSA Shell (lsass.exe) -> Ask - Permit - Ask - Ask
Windows NT Logon Application (winlogon.exe) -> Ask - Permit - Ask - Ask (log)
Userinit Logon Application (userinit.exe) -> Ask - Permit - Ask - Ask
Generic Host Process (svchost.exe) -> Ask - Permit - Ask - Ask (log)
Microsoft File & Printer Sharing -> Deny All (For LAN can be: Ask - Permit - Ask - Ask)
Any Other Application -> Deny - Ask - Deny - Ask (log & alert). invisible mode
Internet Browser Application -> ask - deny - deny - permit (log)
Kaspersky AntiVirus/ Kaspersky Internet Security -> ask - deny - deny - permit (log)
FTP Manager Application -> permit - permit - permit - permit (log & alert)
Yahoo Messenger -> deny - ask - deny - permit (log & alert)

Below is the rule script for Filter packet in Ferio Firewall or Tiny firewall and may can accepted to others firewall:

RULE 1
Description: ISP Domain Name Server Any App UDP
Protocol: UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: IP number (Your ISP DNS server)
Port type: Single
Port number: 53
Action PERMIT

RULE 2
Description: Other DNS
Protocol: TCP and UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Any
Port type: Single
Port number: 53
Action DENY

RULE 3
Description: Back Orifice Block (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports: 54320,54321,31337
Remote Address Type: Any
Port type: Any
Action DENY

RULE 4
Description: Netbus Block (Logged)
Protocol: TCP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports: 12456,12345,12346,20034
Remote Address Type: Any
Port type: Any
Action DENY

RULE 5
Description: RPCSS (Logged)
Protocol: UDP
Direction: Incoming
Port type: Single port
Local App.: Any
Port number: 135
Remote Address Type: Any
Port type: Any
Action DENY

RULE 6
Description: Block Low Trojan Ports TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Both
Port type: Port/range
Local App.: Any
First port number: 1
Last port number: 79
Remote Address Type: Any
Port type: Any
Action DENY

RULE 7
Description: Block High Trojan Ports TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Both
Port type: Port/range
Local App.: Any
First port number: 5000
Last port number: 65535
Remote Address Type: Any
Port type: Any
Action DENY

RULE 8
Description: Block Outbound Unauthorized Apps TCP UDP
(Notify)
Protocol: TCP and UDP
Direction: Outgoing
Port type: Any
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY
Nb: Kaspersky Antivirus 6 & Kaspersky Internet Security 6 usage, the remote port address choose Any)

RULE 9
Description: Block Inbound Unknown Apps TCP UDP
(Notify)
Protocol: TCP and UDP
Direction: Incoming
Port type: Any
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY

RULE 10
Description: Block ICMP (Logged)
Protocol: ICMP
Direction: Both
ICMP Type: Echo Reply, Destination Unreachable, Source
Quench, Redirect,
Echo, Time Exceeded, Parameter Prob, Time Stamp, Time
StampReply, Info
Request, Info Reply, Address, Address Reply, Router
Advertisement, Router
Solicitation (ALL)
Remote Endpoint: Any
Action DENY

RULE 11
Description: In Block Ping and TraceRoute ICMP
(Notify)
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo
Remote Endpoint: Any
Action DENY

RULE 12
Description: Out Block Ping and Trace Route ICMP
(Notify)
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action DENY

RULE 13
Description: Block Common Ports (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports:
113,79,21,80,443,8080,143,110,25,23,22,42,53,98
Remote Address Type: Any
Port type: Any
Action DENY

RULE 14
Description: Loopback
Protocol: TCP and UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: 127.0.0.1
Port type: Any
Action PERMIT

RULE 15
Description: Block Inbound NetBIOS TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Incoming
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY

RULE 16
Description: Block Outbound NetBIOS TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Outgoing
Local Port: Any
Local App.: Any
Remote Address Type: Any
Port type: Port/Range
First Port: 137
Last Port: 139
Action DENY

RULE 17
Description: Bootpc (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: Single port
Local App.: Any
Port number: 68
Remote Address Type: Any
Port type: Any
Action DENY

RULE 18
Description: Out Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo
Remote Endpoint: Any
Action PERMIT

RULE 19
Description: In Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action PERMIT

RULE 20
Description: Internet Explorer-Web browsing (logged)
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => iexplore.exe
Remote Address Type: Any
Port type: Any
List of ports: Any
Action PERMIT

RULE 21
Description: Outlook Express
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => msimn.exe
Remote Address Type: Any
Port type: List of ports
List of ports: 25,110,119,143
Action PERMIT

RULE 22
Description: Yahoo Messenger
Protocol: TCP
Direction: Outgoing
Port Type: Any
Local App.: Only selected below => yahoomessenger.exe
Remote Address Type: Any
Port Type: List of ports
List of ports: 443,80,5050
Action PERMIT

RULE 23
Description: Yahoo Messenger
Protocol: UDP
Direction: Outgoing
Port Type: Any
Local App.: Only selected below => yahoomessenger.exe
Remote Address Type: Any
Port Type: single
List of ports: 3478
Action PERMIT

RULE 24
Description: Download Manager (logged)
Protocol: TCP
Direction: Outgoing
Port Type: Any
Local App.: Only selected below => (your download manager file)
Remote Address Type: Any
Port Type: List of ports
List of ports: 80,21
Action PERMIT

For filter packet setting on Local Area Network (LAN) can added with below rule script to allow NetBIOS access at specific port:

RULE 15a
Description: Trusted Inbound NetBIOS TCP UDP
Protocol: TCP and UDP
Direction: Incoming
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Trusted Address Group
Port type: Any
Action PERMIT

RULE 16b
Description: Trusted Outbound NetBIOS TCP UDP
Protocol: TCP and UDP
Direction: Outgoing
Local Port: Any
Local App.: Any
Remote Address Type: Trusted Address Group
Port type: Port/Range
First Port: 137
Last Port: 139
Action PERMIT

Sunday, May 6, 2007

ROUTER Configuration (part: I)

The first question is, what’s Router ?

Router is A device that forwards data packets along networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP’s network. Routers are located at gateways, the places where two or more networks connect.

Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they use protocols such as ICMP to communicate with each other and configure the best route between any two hosts.

So how to connect between above network?
This posting will explain the mechanism, router basic command and Interior Routing Protocol that we called IRP.

I wrote this based on my tested and implemented at my office using Cisco Router 805 Series since 2002 until now and so far is working well.
TCP/IP Concept: what is tcp/ip ?

TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It canbe used as a communications protocol also in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your computer is provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP.

TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. The lower layer, Internet Protocol, handles the address part of each packet so that it gets to the right destination.
Each gateway computer on the network checks this address to see where to forward the message. Even though some packets from the same message are routed differently than others, they'll be reassembled at the destination.

TCP/IP uses the client/server model of communication in which a computer user requests and is provided a service (such as sending a Web page) by another computer (a server) in the network. TCP/IP communication is primarily point-to-point, meaning each communication is from one point (or host computer) in the network to another point or host computer. TCP/IP and the higher-level applications that use it are collectively said to be "stateless" because each client request is considered a new request unrelated to any previous one (unlike ordinary phone conversations that require a dedicated connection for the call duration). Being stateless frees network paths so that everyone can use them continuously. (Note that the TCP layer itself is not stateless as far as any one message is concerned. Its connection remains in place until all packets in a message have been received.)

Many Internet users are familiar with the even higher layer application protocols that use TCP/IP to get to the Internet. These include the World Wide Web's Hypertext Transfer Protocol (HTTP), the File Transfer Protocol (FTP), Telnet (Telnet) which lets you logon to remote computers, and the Simple Mail Transfer Protocol (SMTP). These and other protocols are often packaged together with TCP/IP as a "suite."

Personal computer users with an analog phone modem connection to the Internet usually get to the Internet through the Serial Line Internet Protocol (SLIP) or the Point-to-Point Protocol (PPP). These protocols encapsulate the IP packets so that they can be sent over the dial-up phone connection to an access provider's modem.

Protocols related to TCP/IP include the User Datagram Protocol (UDP), which is used instead of TCP for special purposes. Other protocols are used by network host computers for exchanging router information. These include the Internet Control Message Protocol (ICMP), the Interior Gateway Protocol (IGP), the Exterior Gateway Protocol (EGP), and the Border Gateway Protocol (BGP).

Routing: what Is Routing?

Routing is a process of moving a packet of data from source to destination. Routing is usually performed by a dedicated device called a router. Routing is a key feature of the Internet because it enables messages to pass from one computer to another and eventually reach the target machine. Each intermediary computer performs routing by passing along the message to the next computer. Part of this process involves analyzing a routing table to determine the best path.

Routing is often confused with bridging, which performs a similar function. The principal difference between the two is that bridging occurs at a lower level and is therefore more of a hardware function whereas routing occurs at a higher level where the software component is more important. And because routing occurs at a higher level, it can perform more complex analysis to determine the optimal path for the packet. Want to know more about routing.

to be continued.....