[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is this mail list dead?
Luca Berra wrote:
> On Mon, Mar 12, 2001 at 09:07:41PM -0800, Crispin Cowan wrote:
> > How else would you (say) enforce that only the Duly Authorized Mailserver is
> > the one listening to example.com:25 ? If anyone can bind to port 25, then
> > anyone can kick the authorized mail server over (go find some DoS) and start
> > your own mail server. Repeat as necessary for various other important
> > services that bind to well-known ports <1024.
> bah, there are a lot of services that start from port>1024 nowadays
No there aren't. There are a lot of *servants* (peer-to-peer server/client
applications) that use high ports. True *services* use well-defined ports below
1024, precisely so that they can be authoritative for that host. If there are
true services using high ports, then they had *better* be using strong crypto
authentication (as was earlier suggested). For reference, here's the port number
assignments http://www.isi.edu/in-notes/iana/assignments/port-numbers
> i believe the < 1024 thing was for the benefit of things like
> rlogin/rsh
Where "things like" means "services", then yes :-)
Crispin
--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution: http://immunix.org
-
Securedistros: A common list for all secured Linux distributions
Archive: http://humbolt.nl.linux.org/lists/