I have a real philosophical problem with ceding ports to worms, viruses and trojans. Where will it stop? Portno is a finite resource.
This is a respectable position, but the notion of categorizing ranges of ports into an association with a security policy already exists: bindresvport().
Perhaps one could argue that this limitation isn't that meaningful now that it's unfortunately common for malware to be running with root privileges-- or the Windows equivalent, more likely. Still, if you and your users don't run untrusted programs as root, system permissions will prevent malware from acting as a rogue DHCP/DNS/arp/routed/NMBD/whatever server, sniffing the local network, etc...all of which contributes to slowing down the opportunities for and rate at which a worm spreads.
-- -Chuck
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
