Signature for non-protocol traffic on standard port

I've found signature to detect SSH traffic on a non-standard port (not port 22), but is there a signature that detects non-ssh traffic on port 22? Alternatively, is there any suggestions on how to create a custom signature to do this? We are also looking for non-ftp on port 21 or 20

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&topicID=.ee6e1fc&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbedd97/3#selected_message
sorry, that link explains how to detect SSH tunneling over HTTP ports, which isn't what you asked for. I'll have to think about it.

Similar Messages

  • How to use non-standard port for vnc?

    Our Windows users who use RDC to connect to their desktops from off-site come in on a non-standard port number. Part of our security setup.
    I'd like to do the same with Mac users who use screen sharing and vnc to connect remotely.
    How can I specify another port number at both ends to accomplish this?
    I can find nothing in the Network Utility app, or in the KB.
    Surely there's a short sequence of Terminal commands that will do this?

    I haven't tried this so don't know whether it will work. But I think it will. Presuming the target machine is a Mac, see if editing its /etc/services file will do it. Find the two lines that start with "vnc-server" and change the port number there. Launch Terminal.app as an administratively privileged user, sudo pico /etc/services, ^w to search for vnc-server, make the changes, ^x to exit, y to save and overwrite. Also, you will need to have screen sharing enabled in the target machine's System Preferences' Sharing, and the authorized users defined there, too. Reboot. Now, on the remote client, assuming it is also a Mac, the user would type ⌘k in the Finder (or mouse to Finder > Go > Connect to Server), and enter something like vnc://123.45.67.89:55900 where you substitute the actual IP address or host name for where I have entered 123.45.67.89, and where you substitute the actual alternate port number where I have entered 55900. Of course, in the clients' Screen Sharing's Preferences, they should choose to encrypt the entire session, not just the login. Like I said, I haven't tried this because I just tunnel my vnc stuff through ssh, but I'm thinking that this should work.

  • Does Anyone Know the Standard TCP Port number for "itpc" Protocol?

    Hello,
    I am trying to determine if the TCP port number for “itpc://” protocols is 3689 (iTunes Music Sharing), 443 (iTunes Store), 548 (Personal File Sharing, Apple File Share), or another number. Searching through this form and referring to “Well Known” TCP and UDP Ports Used By Apple Software Products Tech document help point me in the right direction, I have no way of confirming any of the numbers as the standard.
    I have attached the URLs to documents that go further in depth on what I am talking about.
    “Well Known” TCP and UDP Ports Used By Apple Software Products Tech document
    http://docs.info.apple.com/article.html?artnum=106439
    Article explaining iTunes podcast direct links (“itpc://”)
    http://www.apple.com/itunes/store/podcaststechspecs.html
    Thank you for your help.
    Toshiba   Windows XP Pro  

    Hi Krisina ,
    You could seek help referring to the following link and find your serial number easily.
    https://helpx.adobe.com/x-productkb/global/find-serial-number.html
    Regards
    Sukrit Dhingra

  • CSS 11501 ftp server setup problem using non-standard port

    Dear Expert,
    we would like to setup FTP server over CSS where our member sever use non-std-port to open both control/data channel (i.e. 6370 as ctrl and 6369 as data this case.) but seems we only get Passive mode FTP mode work only but not for Active mode FTP case for data channel establishement for server back to client...is there any professional advise can help on this case...? here is our setup info FYI
    #  sh ver
    Version:               sg0820501 (08.20.5.01)
    Flash (Locked):        08.10.1.06
    Flash (Operational):   08.20.5.01
    Type:                  PRIMARY
    Licensed Cmd Set(s):   Standard Feature Set
                           Secure Management
    CVDM Version:          cvdm-css-1.0_K9
    !*************** Global
    ftp data-channel-timeout 10
      ftp non-standard-ports
    !************************** SERVICE **************************
    service ftp_ftpgtw
      keepalive maxfailure 2
      keepalive frequency 15
      keepalive retryperiod 2
      keepalive type tcp
      ip address 192.168.52.170
      protocol tcp
      keepalive port 6370
      port 6370
      active
    # sh run group drfusegtwftp_grp 
    !*************************** GROUP ***************************
    group gtwftp_grp
      vip address 192.168.52.28
      add service ftp_ftpgtw
      active
      content ftp_gtwpkg-ftpgtw
        add service ftp_ftpgtw
        vip address 192.168.52.28
        port 21
        protocol tcp
        application ftp-control
        active

    Thanks for your confirmation on no prob found in config level 1st..:P..as to save us a lot of time in isolating problem at this level.
    What we can notice is seems the data port connection is fail to open  for server back to client....for our general sense..... the flow expected should be:
    TCP session A -- Client:1234 --> VIP:21 --> member svr:6370
    TCP session B -- Client: 5678 <--> VIP:20 <--> member Svr: 6379 [on demand generated between server/client]
    but we can only see session B fail  to setup when client side access VIP site on CSS..even we try to put the most standard case as below
    TCP session A -- Client:1234 --> VIP:21 --> member svr:21
    TCP session B -- Client: 5678 <--> VIP:20 <--> member Svr: 20
    we still unable to make the Active mode FTP access work either...hence we got no idea on how CSS handle FTP access when it involve services over multiple tcp ports..
    and from CSS xlate view...the problem is we can only see what NAT IP that used in CSS connect to client...but no way to confirm for which port for VIP using outgoing to client. neither it is dropped by CSS..nor it is never setup from VIP to Client side.

  • Port Translation (Non to Standard Ports)

    Hi Guys
    I would like some advise/ideas on the best solution for the below.
    I have a application server which uses non standard HTTP/HTTPS ports.
    What I want is a solution to translate these ports to standard ports.
    Client 1 accesses the site on port 80 – from a gateway or something similar – the gateway accesses the application server on port 4466 etc and presents the site to the client on port 80.
    I have various application servers which use non standard ports and want to create a central solution so that all three of my clients will not have to make any changes to the firewall/ proxy servers as to them they will be accessing the site on a standard port 80.
    Any advise much appreciated.
    Many thanks
    Ed

    The translation is from one port to another, not many to one.
    Meaning that we can't redirect all three ports to just one on the outside.
    We have to use one port per IP.
    Would this work if i had multiple ports ?
    Only if you have multiple addresses.
    Like:
    Test1.com:80---internalTest1.com:4445
    Test2.com:80---internalTest2.com:4456
    Test3.com:80---internalTest3.com:8776
    They will allow the traffic through as normal?
    Yes, the clients in the outside will just go to the websites as usual, the whole process will be transparent for them.

  • Isakmp peers using non-standard port 4500

    Hello,
    I have a remote site using the Internet to access corporate networks over IPSEC. Set-up is as below:
    Remote Router uses public IP across internet --> hits corporate untrusted nework FW --> NAT'ed to private 10.x.x.x IP --> reaches trusted network router.
    The problem is that the peer keeps hanging and the only way to reset it is to issue 'clear crypto session' on the central trusted router. I have added isakmp keepalives with the aim of forcing some keepalive traffic:
    crypto isakmp keepalive 90 30 periodic
    ...and this works to some degree (with DPD are u there keepalives). However I have noticed that the far end router uses non-standard ports when trying to set up phase-1 tunnel:
    BEVRLY_D_CR184_01#sh crypto isa pee
    Peer: 161.x.x.x Port: 4500 Local: 77.x.x.x
    Phase1 id: 10.2.0.92
    Peer: 161.x.x.x Port: 10456 Local: 77.x.x.x
    Phase1 id: 10.2.0.92
    Peer: 161.x.x.x Port: 10554 Local: 77.x.x.x
    Phase1 id: 10.2.0.92
    Peer: 161.x.x.x Port: 10557 Local: 77.x.x.x
    Phase1 id: 10.2.0.92
    Peer: 161.x.x.x Port: 10580 Local: 77.x.x.x
    Phase1 id: 10.2.0.92
    Peer: 161.x.x.x Port: 10589 Local: 77.x.x.x
    Phase1 id: 10.2.0.92
    Peer: 161.x.x.x Port: 10596 Local: 77.x.x.x
    Phase1 id: 10.2.0.92
    Peer: 161.x.x.x Port: 10600 Local: 77.x.x.x
    Phase1 id: 10.2.0.92
    These ports (non-4500) will be blocked by our firewalls. Why does it use these, and is there a way of stopping the router using anything other than port 4500?
    Thanks
    Phil

    Hello,
    Yes - there's NAT at the trusted central router end our side of the firewall... the config used is below:
    Remote Router end:
    crypto isakmp policy 10
    encr 3des
    hash md5
    authentication pre-share
    group 2
    lifetime 180
    crypto isakmp key address
    crypto isakmp invalid-spi-recovery
    crypto isakmp keepalive 90 30 periodic
    crypto ipsec security-association idle-time 300
    crypto ipsec transform-set BEVERLEY_Transform esp-3des esp-md5-hmac
    crypto ipsec profile VTI
    set security-association lifetime seconds 1800
    set transform-set BEVERLEY_Transform
    interface Tunnel1
    description BEVRLY_CC296_01 F0/8 (10.30.45.29)
    ip address x.x.x.x 255.255.255.252
    ip helper-address 10.91.6.30
    ip helper-address 10.4.162.92
    ip mtu 1400
    ip ospf message-digest-key 1 md5
    load-interval 30
    tunnel source Dialer1
    tunnel destination
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile VTI
    Central Router:
    crypto isakmp policy 10
    encr 3des
    hash md5
    authentication pre-share
    group 2
    lifetime 180
    crypto isakmp key address
    crypto isakmp invalid-spi-recovery
    crypto isakmp keepalive 90 30 periodic
    crypto ipsec security-association idle-time 300
    crypto ipsec transform-set BEVERLEY_Transform esp-3des esp-md5-hmac
    crypto ipsec profile VTI
    set security-association lifetime seconds 1800
    set transform-set BEVERLEY_Transform
    interface Tunnel1
    description link to Beverley via internet (BEVERLY_CR184_01 Tun1)
    ip address x.x.x.x 255.255.255.252
    ip mtu 1400
    ip ospf message-digest-key 1 md5
    load-interval 30
    tunnel source FastEthernet0/1
    tunnel destination
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile VTI
    I believe the DPD keepalives ensure NAT is known and compatible (crypto isakmp keepalive 90 30 periodic) between the peers....
    Any help gladly appreciated....
    thanks
    Phil

  • Cisco Secure ACS 5.6 Backup to FTP server listening on non-standard ports

    When defining a software repository from CLI or GUI, I have not been able to define the custom port that our FTP server is listening on.  Does ACS support the use of custom ports for FTP?

    Hi Anthony,
    I don't thing so it will support non-standard ports as the options are only Disk,FTP,SFTP,TFTP and NFS.
    Regards,
    Chris

  • Does it Possible? Double non standard-port FTP servers on PAT?

    Hello everyone!
    I need to know how to configure 2 ftp servers for following topology on pic.
    non standard ports
    I can do translation on 1 ftp server (http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13776-6.html)
    but when I am trying to add second FTP server I get following:
    #ip nat inside source static 192.168.1.129 46.229.139.130
    % similar static entry (192.168.1.236 -> x.x.y.y) already exists
    Thank you.

    Hello Jody.
    That's is great! Thank you! Just added couple "ip nat service" and now working!
    Also I noticed one thing.. 2 FTP servers is NAS Synology and that FTP servers have been configured slightly different. Look at the screenshot. With checked box "Report external ip in PASV mode".
    When FTP server with marked box it's doesn't work.
    When FTP server with unchecked box it does work.
    I've noticed that different and fixed it.
    Very interesting in the reason of that difference.

  • Reverse proxing on non-standard ports

    Hi,
    I want to create a new Reverse proxy mapping between an application and a GlassFish instance running on non standard port (not 80 / 443). Creating a mapping for HTTP works fine, but I can't find a way to map both the http and the https ports to the mapping.
    I have an application SecurityTest running on instance
    http://links.mycompany.com:38081/rsd/SecurityTest
    https://links.mycompany.com:38182/rsd/SecurityTest
    I want a mapping for the application
    http://www.mycompany.com/rsd/SecurityTest/ -> http://links.mycompany.com:38081/rsd/SecurityTest
    https://www.mycompany.com/rsd/SecurityTest/ -> https://links.mycompany.com:38182/rsd/SecurityTest
    The application is more or less a hello world servlet that is secure (form login) so it switch from HTTP to HTTPS when not logged in to ask for the username / password. Mapping to the http port works for the public page, the redirect gives an error:
    Gateway Timeout
    Processing of this request was delegated to a server that is not functioning properly.
    Can anyone tell me how to configure the Web Server to make it work?
    thanks

    Hi,
    I still get the same error:
    [12/Nov/2007:14:34:50] failure (16473) rsdts.mycomp.com: for host i78473.mycomp.com trying to GET http:/lidip/, service-http reports: HTTP7765: error reading response header (Server closed connection)
    And:
    Bad Gateway
    Processing of this request was delegated to a server that is not functioning properly.
    I don't get any logs on the other side...

  • Running the BO servers on non standard ports XIR2

    Hi all,
    I need to know how to get the bo servers to register with the cms when it is running on a non-standard port. The port I'm using is 6409, so I have tried adding -port 6409 to the command line string, but that didn't work.
    I'm running two instanceson BO on the box hence the need for non standard ports.
    Any thoughts?
    TIA,
    Jeff

    -port switch is the correct way to accomplish this.
    So your CMS will have -port 6409, the rest of servers will have -ns cmsname:6409 in their comand line.
    You might want to look at adding -requestport switches as well....
    Please review Admin guide for more details on usage of those switches.

  • How can ftp service on non-standard port be load balanced using Cisco ACE.

    How can ftp service on non-standard port be load balanced using Cisco ACE.For example ftp service required on tcp 2000 port

    Hi Samarjit,
    you can do this by specifying the port number in the class map that you create . Please find the below mentioend config guide where you can specify the tcp/udp port , range or ports or even the wild card to match the port.
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html#wp1318826
    Regards
    Abijith

  • Terminal: Stored Remote Connection with non-standard Port?

    Hi,
    I am new to MacOS and I am amazed by the integrated terminal. However, I sometimes need to connect to servers which use a non-standard SSH port, for example, 2020. I know that I can manually connect, but for convinience, I'd like to have a saved remote connection including the non-standard port. Is this possible somehow?
    Thanks,
    Felicitus

    I did some experimentation, using Terminal.
    Terminal -> New Remote Connection -> Service -> [+]
    now enter your own new service which includes
    /usr/bin/ssh -p 50022
    I found I had to enter a bonjour entry to get it to accept my new service, but once I did, I was able to use that new service with the custom -p 50022 port value.
    Your mileage may vary. I still prefer iTerm.
    Oh yea. In the future, Terminal and Unix oriented questions are better asked in the Mac OS X Technologies > Unix Forum
    <http://discussions.apple.com/forum.jspa?forumID=735>

  • Using the CSM to setup a HTTPS session on non-standard ports?

    Hi Guys,
    One of our clients wants to setup an SSL connection on a non-standard SSL port i.e. 4444 to begin with. Here the sever handles the SSL encryption / deccryption) instead of the SSL module.
    I've found the following config to work well:
    serverfarm FARM-MOBS-4444
    nat server
    no nat client
    predictor leastconns
    failaction purge
    real 130.194.12.81 4444
    inservice
    real 130.194.12.84 4444
    inservice
    probe MOBS-4444
    sticky 108 netmask 255.255.255.255 timeout 60
    vserver VMOBS-PROD-4444
    virtual 130.194.11.51 tcp https
    serverfarm FARM-MOBS-4444
    sticky 60 group 108
    persistent rebalance
    inservice
    With the above setup the CSM redirects the SSL connections (recieved on 443) to port 4444 on the sever and maintains this for the duration of the session.
    While the above setup works, is it possible to configure the VIP to use a HTTPS port other than 443 (which is default)? This would then allow for separate HTTPS paths to be setup on non-standard ports. I ask this since the client also wants to setup a HTTPS path on port 4443 as well.
    Any ideas would be useful.
    thanks
    Sheldon

    Hi Martin,
    Do you mean using the SSL module to perform the encryption / decryption? If so i've tried this and it does work without an issue.
    I was just wondering if it were possible to have a VIP setup where the HTTPS port is not 443 but say 4443, where the encryption / decryption is done by the real servers themselves.
    thanks
    Sheldon

  • Cannot setup work email using SSL on non standard port

    All,
      I've been trying now for a few hours to setup a corporate email account.  I've tried via the curve and via the bb internet service but in both cases since the service cannot detect the settings since a non standard port is in use I cannot use the the service and am considering returning the device to go with another easier to use device.  I love the hardware design but if I cannot setup my corporate email this is no good to me.  I'd appreciate any tips anyone has.
    Thanks,
      Frustrated.

    Your corprorate email account is an exchange server or what?
    You are on a personal BIS plan?
    1. If any post helps you please click the below the post(s) that helped you.
    2. Please resolve your thread by marking the post "Solution?" which solved it for you!
    3. Install free BlackBerry Protect today for backups of contacts and data.
    4. Guide to Unlocking your BlackBerry & Unlock Codes
    Join our BBM Channels (Beta)
    BlackBerry Support Forums Channel
    PIN: C0001B7B4   Display/Scan Bar Code
    Knowledge Base Updates
    PIN: C0005A9AA   Display/Scan Bar Code

  • Hi there, Can you please HELP ME? I created a signature for my email account, but I can not choose it because the option is daded under "none"and nothing happens when you click on it! Thank you, Johan

    Hi there, Can you please HELP ME? I created a signature for my email account, but I can not choose it because the option is daded under "none"and nothing happens when you click on it! Thank you, Johan

    This can be a problem with the file places.sqlite that stores the bookmarks and the history.
    * http://kb.mozillazine.org/Bookmarks_history_and_toolbar_buttons_not_working_-_Firefox

Maybe you are looking for

  • Can't locate Bonjour icon on Internet Explorer or in Programs list

    Hello Guys Downloaded the file BonjourSetup.exe and run it. Got indication that "installed successfuly" Now I can't locate the Program icon not on the "PROGRAMS" neither in the windows explorer 7 which I use, even not on the desktop Can some one advi

  • DateFormat can not format

    i use arabic calendar of icu , pattern of date : yyyy , MMMM d , EEEE when locale of DateFormat set to arabic or persian , date append in stringBuffer correctly but display incorrectly : yyyy, EEEE, d MMMM please help me. it must چهارشنبه , ۷ بهمن ,

  • Can I use Power BI capabilities in iPad with Office 365

    Hello, Can I use power BI features in office 365 as native app in ipad ? if this is not possible what are the other options we have to use power BI features in ipad ? Thanks in advance.

  • Form Reset When Radio Button Clicked.

    I have two radio buttons. One is checked and form elements are visible The second, when clicks, makes all but one form element uneditable When the Second is clicked, I need the form elements to be reset. Any Ideas?

  • Disc space needed: 250Gb available

    I'm sure there must be a post on this but I've not managed to find it. Issue I want to use boot camp to partition my drive for game playing and running an accounting programme in Win OS. The standard HDD is 250Gb and I'm averaging around 200Gb used s