[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Application for port-number (system-klensin) (revised) (fwd)

To: Harald Tveit Alvestrand <harald@alvestrand.no>
Subject: Re: Application for port-number (system-klensin) (revised) (fwd)
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Fri, 07 Nov 2003 11:49:46 -0500
Cc: iesg@ietf.org
In-reply-to: Your message of "Thu, 06 Nov 2003 22:16:11 PST." <125206697.1068156971@localhost>

In message <125206697.1068156971@localhost>, Harald Tveit Alvestrand writes:
>
>
>--On 6. november 2003 09:16 -0500 "Steven M. Bellovin" 
><smb@research.att.com> wrote:
>
>> More seriously...  I can think of only two reasons why a server needs a
>> "system" port:  to prevent accidental or intentional collisions with
>> user processes that might be assigned that port, and to make it easier
>> to firewall if you're using a simple packet filter.
>
>As John says in his note:
>"the advantages of a well-known/ system port for an application protocol 
>that provides a support function should be obvious if the distinction is 
>worth anything at all."

It's not obvious, at least not to me -- or not any more.  (Aside:  
there are also major advantages to non-system ports in some scenarios.  
For example, when the NSA first set up its Web site, it ran on port 
8080, so that the server didn't have to run as root.  All that ran on 
port 80 was something that generated a "Location" redirect -- probably 
via the 'cat' command -- to the real server.)

		--Steve Bellovin, http://www.research.att.com/~smb

References:
- Re: Application for port-number (system-klensin) (revised) (fwd)
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>

Prev by Date: Re: draft-ietf-v6ops-unman-scenarios-03.txt
Next by Date: Re: SUGGESTIONS: Additional Disclaimer Notice at Announcements
Previous by thread: Re: Application for port-number (system-klensin) (revised) (fwd)
Next by thread: Re: Application for port-number (system-klensin) (revised) (fwd)
Index(es):
- Date
- Thread