On Sat, 2011-02-26 at 12:41 -0800, John R Pierce wrote:
> On 02/26/11 12:33 PM, Rainer Duffner wrote:
> > With IPV6, you don't need to run it on a different port.
> > Just bind it to a different IP in the same prefix ;-)
> > So, that port-8080 stuff will be gone pretty soon.
> > In a year or two.
> > Cough-cough.
>
> when I first saw the spec for IPv6 I mistakenly thought they'd done away
> with ports entirely, and that you'd just use an IP range for a server
> for different services... but that would be a mess for DNS, having to
> use a different hostname for ssh rather than http etc, a physical host
> would likely use a subdomain in that scheme (ssh.myhost.mydomain.com vs
> http.myhost.mydomain.com etc etc)
When using a non-standard port on IP4, the hacker is not being pointed
directly at a specific door with a live application behind it.
Additionally if HTTP is operating on the same IP address, the hacker
might think that is the only application at the address. With a unique
IP6 address a hacker can be sure something is definitely there.
Creating lots of dummy IP6 addresses to confuse hackers is not an ideal
solution.
--
With best regards,
Paul.
England,
EU.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
