Re: Guidance needed on well known ports

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Steven M. Bellovin wrote:
On Sat, 18 Mar 2006 12:41:25 -0800, "Christian Huitema"
<huitema@xxxxxxxxxxxxxxxxxxxxx> wrote:

If there is a reserved range, then it
is easy to start dynamic allocation outside the range.


Yes -- this is my point.  I don't care about Unix-style privileged
ports (and have never liked them anyway), but putting most services
outside the well-known dynamic range is a good idea.

Yes, I agree, http should never have been assigned port 80. Randomly
looking for ports would make a lot more fun.

Maybe it is archaic, that all operating systems treat ports below
1024 special. But still they do. A normal user cannot gain access
to these ports.

Windows?

Is just a randomly changeing mess of dynamic link libraries that is
permanently modified by applications, viruses and the so called
operating system proper. The api is kept a trade secret.

VM, MVS, BS2000, VMS, all flavours of Unix including Minix, MAC OS-X,
BSD and Linux treat ports below 1024 special.

Special ports are required by servers running on real operating
systems. A windows client might be the user of such a port but
not the server. Or do you want to install a "trunk monkey" on
every host who takes care of an emerging error window and gives
the mouse a push?

How about a portmapper. It works with NIS and NFS. Yes the
port mapper needs a reserved port too, but that is already
allocated. Portmapper is a security hole but so is a randomly
changeing mess of DLLs.


Starting services quickly also helps with the "voluntary collisions"
between system services and applications, but is not foolproof. In any
case, it does not help with collisions between applications, e.g. two
applications trying to use the same port. What does help there is an
easily accessible registration system, so application developers can
easily "do the right thing", i.e. reserve a port and avoid collisions.
Note the emphasis on "easily accessible": if there are too many hoops to
jump through, the developers will likely just pick a number at random.


The portmapper is such a registration system.

I guess the port 42 nameserver was very early allocated and it still
works nicely for me but that could not prevent a collision with the
peculiar use of port 42 by windows.


Right, though it's a delicate dancce.

I agree, and please keep http on port 80 :)


		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf


Cheers
Peter nd Karin
--
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter@xxxxxxxxxxxxxxxx
mail: peter@xxxxxxxxxxxxxxxxxxxxx
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]