10 Oct
2001
10 Oct
'01
08:59
By default when a program asks for a port Linux hands it one, starting at 1025 and going into the 5000 range, incrementing by one for each request (i.e. first requets gets 1025, second gets 1026, etc.). So when you do a default port scan first packet goes out from 1025, then 1026, then 1027, etc. You can specify local port used in nmap (i.e. 53, 20, other good choices exist). You can also set ip_local_poort_range. I used to have an article on all this, put it back online at: http://www.seifried.org/security/os/linux/ http://www.seifried.org/security/network/ Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/