Re: Guidance needed on well known ports

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Stephane Bortzmeyer writes:
> On Sun, Mar 19, 2006 at 12:42:17PM -0800,
>  Ned Freed <ned.freed@xxxxxxxxxxx> wrote 
>  a message of 35 lines which said:
>> The privileged port concept has some marginal utility on multiuser
>> systems where you don't Joe-random-user to grab some port for a
>> well known service.

> "had", not "has". The concept was invented at a time where multi-users
> machines were rare and expensive monsters. So, a request coming from
> source port 513 probably was "serious". Today, any highschool student
> is root on his PC and therefore this protection is almost useless.

Stephane, you are thinking of a different "security mechanism" based
on ports <1024 - the one used by the infamous Berkeley r* utilities to
decide whether to trust a client's credentials.  This mechanism
doesn't use well-known ports, but "ephemeral" ports <1024 on the
client side.  I think it is fairly much consensus that this kind of
mechanism has become useless years ago, for the reason you state.

What we are collecting input on is for which kinds of use (if any) a
privileged/well-known (as opposed to just IANA "registered") *server*
port makes sense.
-- 
Simon.


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]