Securing Your OSPF Network

Previous Table of Contents Next


To avoid this spoofing situation, an input access list should be applied to the router interface to the outside world. This access list would not allow any packets with addresses that are from the internal networks of which the router is aware (13.0 and 14.0).


TIPS:  
If you have several internal networks connected to the firewall router and the router is using output filters, traffic between internal networks will see a reduction in performance created by the access list filters. If input filters are used only on the interface going from the router to the outside world, internal networks will not see any reduction in performance.

If an address uses source routing, it can send and receive traffic through the firewall router. For this reason, you should always disable source routing on the firewall router with the no ip source-route command.


Well-Known Port Assignments

Every application that intends to receive data from a TCP/IP network calls the TCP/IP service to acquire a port, a 16-bit number unique to that application on that particular host. Any well-formed incoming datagram with that port number in its TCP or UDP header is delivered to that application. Fragmented datagrams only contain port information in the first datagram fragment (fragment 0). By convention, any transmitting application also owns a port number on its host, and it supplies that port number in the destination port field of the datagrams it sends. The port numbers are divided into three ranges, as follows:

  Well-known ports range from 0-1023
  Registered ports range from 1024-49151
  Dynamic and/or private ports range from 49152-65535

Well-known ports are controlled and assigned by the IANA and on most systems can be used only by system (or root) processes or by programs executed by privileged users. Ports are used in the TCP [RFC793] to name the ends of logical connections that carry long term conversations. For providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact port. The contact port is sometimes called the “well-known port.”

Table 10-2 Port number assignments
Port # Port Type Protocol Keyword

0 TCP & UDP Reserved
1-4 TCP & UDP Unassigned
5 TCP & UDP Remote Job Entry RJE
7 TCP & UDP Echo ECHO
9 TCP & UDP Discard DISCARD
11 TCP & UDP Active Users USERS
13 TCP & UDP Daytime DAYTIME
15 TCP & UDP Who is up or Netstat NETSTAT
17 TCP & UDP Quote of the Day QUOTE
19 TCP & UDP Character Generator CHARGEN
20 TCP & UDP File Transfer (Default Data) FTP-DATA
21 TCP & UDP File Transfer (Control) FTP
23 TCP & UDP Telnet TELNET
25 TCP & UDP Simple Mail Transfer Protocol (SMTP) SMTP
37 TCP & UDP Time TIME
39 TCP & UDP Resource Location Protocol RLP
42 TCP & UDP Host Name Server NAMESERVER
43 TCP & UDP Who Is NICNAME
49 TCP & UDP Terminal Access Controller Access Control System (TACACS) TACACS
53 TCP & UDP Domain Name Server DOMAIN
67 TCP & UDP Bootstrap Protocol Server BOOTPS
68 TCP & UDP Bootstrap Protocol Client BOOTPC
69 TCP & UDP Trivial File Transfer Protocol TFTP
70 TCP & UDP Gopher GOPHER
75 TCP & UDP Any private dial-out service
77 TCP & UDP Any private RJE service
79 TCP & UDP Finger FINGER
80 TCP & UDP Hypertext Transfer Protocol (HTTP) www
87 TCP Link—commonly used by intruders
88 TCP & UDP Kerberos KERBEROS
89 TCP & UDP Open Shortest Path First OSPF
95 TCP SUPDUP Protocol SUPDUP
101 TCP NIC Host Name Server HOSTNAME
102 TCP ISO-TSAP ISO-TSAP
103 TCP X400 X400
104 TCP X400-SND X400-SND
107 TCP & UDP Remote Telnet Service RTELNET
109 TCP Post Office Protocol v2 POP2
110 TCP Post Office Protocol v3 POP3
111 TCP & UDP SUN Remote Procedure Call SUNRPC
113 TCP & UDP Authentication Service AUTH
117 TCP & UDP UUCP Path Service UUCP-PATH
119 TCP & UDP USENET Network News Transfer Protocol NNTP
123 TCP & UDP Network Time Protocol (NTP) Well-Known
133-136 TCP & UDP Unassigned
137 UDP NETBIOS Name Service NETBIOS-NS
137 TCP Unassigned
138 UDP NETBIOS Datagram Service NETBIOS-DGM
138 TCP Unassigned
139 UDP NETBIOS Session Service NETBIOS-SSN
144 TCP NeWS Well-Known
161 TCP & UDP Simple Network Mgmt. Protocol Q/R SNMP
162 TCP & UDP SNMP Event Traps SNMP-TRAP
177 UDP X Display Manager Control Protocol xdmcp
179 TCP & UDP Border Gateway Protocol (BGP) Well-Known
194 TCP & UDP Internet Relay Chat IRC
195 UDP DNSIX security protocol auditing Dnsix
389 TCP & UDP Lightweight Directory Access Protocol LDAP
434 UDP Mobile IP Registration Mobile-ip
512 TCP UNIX rexec (Control) rexec
513 TCP & UDP UNIX rlogin rlogin
514 TCP & UDP UNIX rsh and rcp, Remote Commands rsh
514 TCP System Logging Syslog
515 TCP UNIX Line Printer Remote Spooling printer
517 TCP & UDP Two User Interaction—talk Well-Known
518 TCP & UDP ntalk Well-Known
520 UDP Routing Information Protocol RIP
525 UDP Time Server timed
540 TCP UNIX-to-UNIX copy program daemon uucpd
543 TCP Kerberos login klogin
544 TCP Kerberos shell kshell
1993 TCP SNMP over TCP  
2000 TCP & UDP Open Windows Well-Known
2001 Auxiliary (AUX) port
2049 UDP Network File System (NFS) Well-Known
4001 Auxiliary (AUX) port (stream)
6000 TCP & UDP X11 (X Windows) Well-Known


Previous Table of Contents Next




OSPF Network Design Solutions
OSPF Network Design Solutions
ISBN: 1578700469
EAN: 2147483647
Year: 1998
Pages: 200
Authors: Tom Thomas

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net