Sam Spade Frequently Asked Questions
SecurityUDP traffic on ports 33434 - 33523Most systems on the internet will see occasional unexpected traffic on their public network interfaces. This is nothing to be concerned about. In particular, UDP packets in the range 33434 to 33523 are normal and expected. They're a sign of someone using traceroute. Many 'personal firewall' security programs are faulty, and they will report this normal, expected traffic as a security problem. If yours does, contact the vendor of your software. Do not contact me. Similarly many inexperienced system administrators see accesses to a range of UDP ports and panic needlessly. Traceroute is a network diagnostic tool used to map out the path an IP packet will take from the source system to the destination system. (If you don't understand TCP/IP much you might want to try the alternative explanation of traceroute and section 3.4 of RFC 2151 instead) There are a few variants, but most traceroute algorithms rely on sending a sequence of packets from the source to the destination, each successive packet having its TTL (time to live) field increased by one. The first packet sent out will have a TTL of one, and will be killed at the first router. That router will return an ICMP TIME_EXCEEDED response to the source system. This is repeated until the packet reaches the destination, or a limit is reached. Most unix traceroutes send UDP packets to high (unused) ports, and recognise they've reached the destination system when they receive an ICMP UNREACHABLE response. (Most Windows hosted traceroutes use ICMP ECHO_REQUEST packets instead, and some unix hosted traceroutes can be configured to use ICMP ECHO_REQUEST, UDP packets or even IP tunneling packets. UDP is by far the most common outside the Windows world.) If the destination system is unavailable, or has been misconfigured[1] to drop packets then traceroute will not receive that UNREACHABLE response and will assume the packets it sent were lost and keep sending until it reaches a maximum limit. By default most traceroutes will send three packets at each TTL, to a maximum TTL of thirty - a maximum of 90 packets in total. Traceroute will send a sequence of UDP packets to a range of high ports[3], by default it will start at port 33434. Each datagram it sends out will be to one port higher, so the typical range of destination ports used will be 33434 to 33523. All the parameters are user configurable, so ports outside that range may occasionally receive datagrams from traceroute. (An ICMP TIME_EXCEEDED packet has only an eight byte payload, so will only contain the header of the expiring UDP packet, not any of the UDP packets payload. So to associate replies with the original datagram the necessary information must be coded in the UDP header. To allow multiple traceroutes simultaneously, the process ID is coded into the UDP source port and that leaves the destination port as the only convenient field to store the packet count in.) A destination system should see no more than three UDP port accesses in that range, unless it is misconfigured to drop UDP packets in that range rather than refusing them. If it is misconfigured in that way then it will see datagrams dropped at sequential destination ports in that range. Other Security IssuesAbout SamSpade.orgWhy "Sam Spade"?Sam Spade is a hard-boiled Film-Noir detective, famously played by Humphrey Bogart in The Maltese Falcon The film detective investigates, discovers clues, deduces implications and works to discover the truth. A number of people have contrasted that to the classic film caricature of a cop, more likely to beat the story they want to hear out of a suspect or jail the wrong guy. Why registration?There are quite a few reasons why I require registrations to use some tools.
InfrastructureSamSpade.org runs on a primary dedicated server colocated at Los Nettos using bandwidth donated by CenterGate A second dedicated server (acting as a backup to the first and providing a number of peripheral services) is hosted by MAPS Accounts on the system are not available, nor is webspace. (though if you maintain a useful resource relevant to the subjects covered on SamSpade.org and cannot find hosting for it, contact me.) DNS service is provided by UltraDNS ServicesMost services are provided via the web, though there are a few email based notification services. Webpages are served by a variety of servers, including Apache and thttpd. The tools used to be cgi or fast cgi scripts, implemented in C. The source code for them is not available, in general. If you're a large ISP or you have a good reason for wanting the source, contact me at steve@blighty.com. The current tools are implemented as part of a custom database backed webserver. FundingSamSpade.org receives no funding, nor does it accept any advertising revenue. I fund the development and the hardware myself, and bandwidth and network services are donated by Centergate and UltraDNS DesignSamSpade.org is maintained using a mixture of Emacs, make, htmlpp, ImageMagick, PhotoShop and a lot of custom code. Graphics are generated using PhotoShop and most artwork is from ArtToday FaviconSome versions of Internet Explorer allow assigning custom icons to webpages. How to do this is explained at http://msdn.microsoft.com/workshop/Author/dhtml/howto/ShortcutIcon.asp Contacting meSecurity and Abuse IssuesIf you want to report a security or abuse issue related to either SamSpade.org or blighty.com users, or originating from address 206.117.161.80 or 206.117.161.81:
If you want to report a security issue concerning any domain other than blighty.com or samspade.org, you are complaining to the wrong place. If you want to report a security issue concerning IP address other than 206.117.161.80 or 206.117.161.81, you are complaining to the wrong place. Take me off your blacklist!I don't run any blacklists (that's not entirely true - I do run the nofalsenegatives.stopspam.samspade.org blacklist, but that's not why your mail is bouncing). As I don't run any blacklists, I can't remove you from them. I provide a tool that allows people to search multiple blacklists to work out where and why they're listed. If you've been referred to that by an email bounce, please tell me about it, so I can break the knees of the administrator who configured their server to do so. If you're blacklisted and can't work out what to do about it, we do provide consulting services which may be able to help you understand why you're listed and what you need to do to be removed. Website issuesBroken linksI have bots that check the site for broken links, so notifying me of a broken link is generally a waste of time. If the destination link has moved, and you can tell me the correct URL, feel free to contact me at steve@blighty.com. Link Exchanges, Banner AdvertisingDon't. I sell no advertising space (the banner ads on occasional pages are provided freely at my whim - asking for advertising space guarantees you won't get any). I don't do link exchanges. You want to link to SamSpade.orgIf you want to link to any of
If you want to link to specific cgi scripts, don't. Link to http://samspade.org/t/ instead. I don't object to forms linking to my cgi scripts intended for purely personal use, though I don't guarantee they'll work. If you put forms on a publically accessible webpage that use my cgi scripts I am likely to object. If you want to link to Sam Spade for Windows, please link to either http://samspade.org/ssw/ or http://samspade.org/ssw/dl.html - that ensures people following the link will find the latest version. Need a link button? Try these. You want me to add a link from SamSpade.org to your siteIf you have a useful resource relevant to the content of SamSpade.org drop me a line at steve@blighty.com and tell me about it. Otherwise it's unlikely to happen - I seldom link to other sites. Software Distribution, Shareware RegistrationSam Spade for Windows is not shareware. It is freeware. You already have the full versions from http://samspade.org/ssw/. There's no need to register it. Software distribution. You may distribute Sam Spade for Windows on physical media, as long as no more than a nominal duplication fee is charged for it. Please don't distribute the binary from your own website, point people at http://samspade.org/ssw/ instead. ISPs are welcome to distribute Sam Spade for Windows as the self-extracting installation program (eg spade114.exe) on physical media or to point their customers at http://samspade.org/ or http://samspade.org/ssw/ Compliments, Comments, Constructive CriticismAlways welcomed - steve@blighty.com Review copies - books, software, hardwareIf you want me to review any product contact me at steve@blighty.com All my software is freely available - if you'd like to review it feel free to download it from the website. If you review it I'd appreciate a copy of the review. General QuestionsGenerally welcomed, at steve@blighty.com, but you may not get a response. In particular, any of these will be ignored:
Non spam related questions are far more likely to get an answer than spam related ones. Firewall related ones will be discarded all the time (unless you run BlackIce Defender or ZoneAlarm, in which case I may point out what an idiot you are...) |
Sam Spade Home - © - FAQ