Am 10.12.2014 um 12:47 schrieb Bastien Nocera:
Even if we chose static ports for those (or rather port ranges, because if you have multiple users running, you'd need multiple ports), leaving only those ports opened wouldn't stop other random applications from choosing those ports to do something nefarious. You're just limiting the availability of ports without increasing security
in other words you see the attack surface is the same if you can choose any random port with a wild guess or need at least to know something about the target system?
not that security by obsucrity alone helps much *but* any piece making intrusion harder helps and the overall security is defined by the summary of all pieces given that 100% security don't exist
and even if there is some hole it makes a difference how easy is it to find or let the attacker just move to a more open target
security is all about making things harder as long as you need a network connection and can't go offline
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
