... On port 37 (time, UDP). If timedc from a NetBSD host attempts clockdiff with an OpenBSD host (same ethernet, no firewalling involved), sending from a privileged port, OpenBSD (inetd, I presume) does not respond. If the UDP packet originates from an unprivileged port (say 63,xxx or 19,xxx), then all is happy. Why is OpenBSD set up this way? I recall a philosophical security issue for this, and would like to refresh my memory, so that I might offer an explanation to some people at Net. I can't seem to find a discussion anywhere in /usr/share/man/*.
They are taking the position that it is upside down to require an unprivileged source port. What are the issues? Thanks, Dave
