Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
What are Secondary Connections REALLY?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
What are Secondary Connections REALLY? - 8.Jul.2005 4:12:00 PM
|
|
|
solidus667
Posts: 28
Joined: 8.May2004
From: Dallas, TX
Status: offline
|
In the help file it says "additional connections or packets that follow the initial connection". But that seems a little ambiguous to me.
I've been writing a lot of access rules lately, as I have just installed ISA 2004. So far I really like it a lot and have had no problems.
Quite often, vendors of small socket apps (chat apps and similar things) will say in their support forums "open port xxxx for TCP and port yyyy for UDP".
That too is ambiguous, but I can make a few assumptions. Usually I figure that unless this is a service, I won't be creating any server rules, so I just make the TCP rule "outbound" and the UDP rule "Send Receive", for example.
So far, it has always worked.
But I don't know which of these should be classified as a "secondary connection".
Do the TCP connections USUALLY happen first?
If I watch my logs before defining the protocl, and always see TCP connection attempts and no UDP connection attempts I figure it's safe to assume that the UDP connection is secondary. Is this always a safe assumption?
Why not just make everything a primary connection and not worry about it?
|
|
|
|
|
RE: What are Secondary Connections REALLY? - 9.Jul.2005 5:47:00 AM
|
|
|
isawader
Posts: 420
Joined: 27.Apr.2005
Status: offline
|
Your understanding of secondary connection is not right.
For the most network connections, only primary connection is involved.
For example, when you telnet, the client uses a port >1024 (say 2000) as source port and connects to the server on port 23 (destination port). Whenever the telnet server wants to send anything to the client, it uses port 23 as source and 2000 as destination. However, if either the client or the telnet server initiates a connection to or from ports other than 2000 or 23 during this session, that connection is considered as secondary. FTP protocol is a classic example inwhich the control channel uses different ports than the data channel. As far as the firewall is concerned, a secondary connection is just like any other primary connection and will drop it as intrusion (why? you need to know the three way TCP handshake and how packets are sequenced). However, smart firewalls like ISA will listen in on the client/server network communications and will make the necessary adjustments so that the secondary connections aren't dropped as an intrusion attempt.
Now the deal with the small socket apps. requiring you to "open" both TCP and UDP ports are for convenient. It has nothing to do with secondary connection. Both TCP and UDP are used for the primary connections in these apps. Since UDP is a connectionless protocol, it's relatively faster than TCP and most multimedia applications will use it to increase the streaming speed. Loosing few UDP packets aren't going to be detected by human ears when listening to an audio stream. So these apps will first try the UDP port. Most admins consider UDP protocol a security risk and will restrict its use. In this case, these apps will switch to TCP connection which is still a primary connection.
Hopefully, I haven't confused you further.
[ July 09, 2005, 06:18 AM: Message edited by: ISAwader ]
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
