On Mon, 2006-03-20 at 12:09 +0100, Stephane Bortzmeyer wrote: > Ned Freed <ned.freed@xxxxxxxxxxx> wrote: > > The privileged port concept has some marginal utility on multiuser > > systems where you don't Joe-random-user to grab some port for a well > > known service. > > "had", not "has". The concept was invented at a time where multi-users > machines were rare and expensive monsters. So, a request coming from > source port 513 probably was "serious". Today, any highschool student > is root on his PC and therefore this protection is almost useless. you shouldn't allow unrestricted access to the network from unmanaged hosts, that's a recipe for disaster. consider rogue DHCP servers, for instance. we still use host based authentication for port 514 (rsh) on strictly managed networks as a supplement to SSH. this requires physical security for network equipment or exposed hosts (not users) doing 802.1x authentication. the protection is not useless in that environment. -- Kjetil T. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf