ae3
Subj : Port 1872?
To   : Mike Luther
From : Peter Knapper
Date : Sun Jan 06 2002 02:13 am

Hi Mike,

 ML> What's Port 1872 used for in OS/2's services?

I don't have port 1872 referenced in MY services files, however from the 
official list  - 

#                           Sanjay Radia <srradia@kasumbi.Eng.Sun.COM>
canocentral1    1872/tcp    Cano Central 1
canocentral1    1872/udp    Cano Central 1

Whatever Cano Central1 might be. 1871 is Cano Central0, for what its worth. 
Also remember that a port can be used by anything, anywhere, at any time, the 
"assigned names" are just the official identification for use of that port. A 
hacker will exploit a particular port because they are looking for S/W using 
that port that has a weekness somewhere...

 ML> An Apache site at h195n1fls31o1001.telia.com also 
 ML> mounted 108 service via Port 8000 used for IJB.  IBJ's 
 ML> attack efforts thrust toward game box penetration.

#                           Preston Bannister <pbannister@quests.com>
irdmi           8000/tcp    iRDMI
irdmi           8000/udp    iRDMI

That is the "official" assigned use of that port, and it is part of a bigger 
assigned block (1781-8000), however I am unsure how it might relate to IJB.

 ML> Both blocked now at firewall but I'd like to know what 
 ML> Port 1872 is used for as it is not in the SERVICES file.

It sounds like you are blocking ports as they are discovered to not be what you 
want. Would it not be easier to block EVERYTHING, until you KNOW you are going 
to need something? This really requires a full "statefull" firewall that 
opens/closes ports depending on various parameters configured into it. The most 
common use is to create "one way" portals on demand (frequently this is to pass 
outbound initiated events), but block all traffic initiated in the inbound 
direction.


The details I have quoted above are taken directly from the IANA authoritative 
list of port allocations. This document can be found at -

  http://www.iana.org/assignments/port-numbers

and is about 480Kb of plain text. It won't necessarily tell you WHAT it is 
being used for, only WHO holds the official registration for use of that port 
number and may be able to provide more details of its intended purpose.

You can use the above file to build a FULL SERVICES file, but its rather large 
and much of it is not needed by most apps. As far as I know, the main purpose 
of a SERVICES file is to allow the person configuring a system to use NAMES in 
various places (eg named services for INETD), instead of actual port numbers, 
otherwise it is mainly used as a reference.

Cheers...............pk.


--- Maximus/2 3.01
 * Origin: Another Good Point About OS/2 (3:772/1.10)

.

0