binding to privileged ports
Kevin Steves
stevesk at sweden.hp.com
Tue Oct 10 07:39:15 EST 2000
On Mon, 9 Oct 2000, Chris Lightfoot wrote:
: On Mon, 9 Oct 2000, Markus Friedl wrote:
: > On Mon, Oct 09, 2000 at 12:14:30AM +0100, Chris Lightfoot wrote:
: > > This creates problems in environments where a range of privileged ports
: > > (those which correspond to well-known services) are firewalled out,
I'm not sure what you mean by firewalled out.
: > > leaving the range from ~850 to 1023 available. From this point of view, it
: > > would seem desirable to count downwards as stock ssh does, rather than
: > > upwards.
: > >
: > > What is the reasoning behind this decision?
: >
: > i did not know that i causes problems.
:
: It's a bit of a special case, but I think quite a few firewalls are
: constructed in this way.
Are you filtering connections via source port? If so, how does that
increase the security of your firewall? The use of source port <1024 as
a security mechanism is flawed.
More information about the openssh-unix-dev
mailing list