Date: Sat, 1 Mar 2008 14:27:45 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Fernando Gont <fernando@gont.com.ar> Cc: Rui Paulo <rpaulo@fnop.net>, freebsd-net@freebsd.org Subject: Re: Ephemeral port range (patch) Message-ID: <20080301142538.L29763@odysseus.silby.com> In-Reply-To: <200803011338.m21DcY9Z026418@venus.xmundo.net> References: <200803011338.m21DcY9Z026418@venus.xmundo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 1 Mar 2008, Fernando Gont wrote: > Folks, > > This patch changes the default ephemeral port range from 49152-65535 to > 1024-65535. This makes it harder for an attacker to guess the ephemeral ports > (as the port number space is larger). Also, it makes the chances of port > number collisions smaller. > (http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-port-randomization-01.txt) There are a number of commonly used ports above 1000, such as nfs and x11. I think OpenBSD uses 10000-65535, maybe that's a safer choice to go with. -Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080301142538.L29763>