[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is this mail list dead?
On Tue, Mar 13, 2001 at 02:09:10AM -0800, Crispin Cowan wrote:
> > bah, there are a lot of services that start from port>1024 nowadays
>
> No there aren't. There are a lot of *servants* (peer-to-peer server/client
> applications) that use high ports. True *services* use well-defined ports below
> 1024, precisely so that they can be authoritative for that host. If there are
> true services using high ports, then they had *better* be using strong crypto
> authentication (as was earlier suggested). For reference, here's the port number
> assignments http://www.isi.edu/in-notes/iana/assignments/port-numbers
i was thinking of radius, all databases, all backup software..
but maybe they are servants.
>
> > i believe the < 1024 thing was for the benefit of things like
> > rlogin/rsh
>
> Where "things like" means "services", then yes :-)
i mean that the client to these services may be trusted if it comes from
a port < 1024 from a "known" host.
i don't believe this security model has any chance nowadays.
L.
--
Luca Berra -- bluca@comedia.it
Communication Media & Services S.r.l.
/"\
\ / ASCII RIBBON CAMPAIGN
X AGAINST HTML MAIL
/ \
-
Securedistros: A common list for all secured Linux distributions
Archive: http://humbolt.nl.linux.org/lists/