On 10/24/05, Carl Hartung
On Monday 24 October 2005 04:11, Sunny wrote:
I'd like to hear from someone more knowledgeabe than me what's going on.
Hi Sunny,
I'm not an expert and this topic seems to be a somewhat moving target, anyway, but I've been gradually studying this document: "FAQ: Firewall Forensics (What am I seeing?)", available here: (warning: very large)
http://www.robertgraham.com/pubs/firewall-seen.html
Confession: I didn't have time to check if it covers exactly this topic, but I'd be very surprised if it didn't.
regards,
- Carl
Thanks Carl. This link does not resolve, but I found the document here: http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html Reading the document, looks like ports 1024 and up are assigned randomly when an application needs a free port. So I guess kio_smb is opening some port in that range, and then sends a request for browsing, in which it describes where it listens ?!?!?!?, and the wins server returns the response on that port. I may be completely offroad of course, as I did not check the source of kio_smb, neither if I look at it, I'm capable to understand it :). Anyway, looks like my solution works for now. Later I'll post it on some kde list to see what the guys there can say. Cheers Sunny -- -- Svetoslav Milenov (Sunny)