> Date: Sat, 01 Mar 2008 11:34:27 -0200 > From: Fernando Gont <[EMAIL PROTECTED]> > Sender: [EMAIL PROTECTED] > > Folks, > > This patch changes the default ephemeral port range from 49152-65535 > to 1024-65535. This makes it harder for an attacker to guess the > ephemeral ports (as the port number space is larger). Also, it makes > the chances of port number collisions smaller. > (http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-port-randomization-01.txt) > > This patch also includes my previous patch that eliminated duplicated > code in in_pcb_bind().
The idea is good, but 1024 is way too low. Things like rpc and the like use ports well above 1024. Notably, 6000 and above are used by X. Maybe 10000 would be OK. Maybe not, though. I see that gnuserv and gkrellmd both use ports about 1000. (gnuserv uses 30871 and gkrellmd uses 19150.) -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
pgpcoGVxWd5BV.pgp
Description: PGP signature
