binding to privileged ports

Kevin Steves stevesk at sweden.hp.com
Tue Oct 10 07:39:15 EST 2000


On Mon, 9 Oct 2000, Chris Lightfoot wrote:
: On Mon, 9 Oct 2000, Markus Friedl wrote:
: > On Mon, Oct 09, 2000 at 12:14:30AM +0100, Chris Lightfoot wrote:
: > > This creates problems in environments where a range of privileged ports
: > > (those which correspond to well-known services) are firewalled out,

I'm not sure what you mean by firewalled out.

: > > leaving the range from ~850 to 1023 available. From this point of view, it
: > > would seem desirable to count downwards as stock ssh does, rather than
: > > upwards.
: > > 
: > > What is the reasoning behind this decision?
: > 
: > i did not know that i causes problems.
: 
: It's a bit of a special case, but I think quite a few firewalls are
: constructed in this way.

Are you filtering connections via source port?  If so, how does that
increase the security of your firewall?  The use of source port <1024 as
a security mechanism is flawed.






More information about the openssh-unix-dev mailing list