Re: Guidance needed on well known ports

[Peter Dambier <peter at peter-dambier.de>]

Steven M. Bellovin wrote:
> On Sat, 18 Mar 2006 12:41:25 -0800, "Christian Huitema"
> <huitema at windows.microsoft.com> wrote:
>
> > If there is a reserved range, then it
> > is easy to start dynamic allocation outside the range.
>
>
> Yes -- this is my point.  I don't care about Unix-style privileged
> ports (and have never liked them anyway), but putting most services
> outside the well-known dynamic range is a good idea.

Yes, I agree, http should never have been assigned port 80. Randomly
looking for ports would make a lot more fun.

Maybe it is archaic, that all operating systems treat ports below
1024 special. But still they do. A normal user cannot gain access
to these ports.

Windows?

Is just a randomly changeing mess of dynamic link libraries that is
permanently modified by applications, viruses and the so called
operating system proper. The api is kept a trade secret.

VM, MVS, BS2000, VMS, all flavours of Unix including Minix, MAC OS-X,
BSD and Linux treat ports below 1024 special.

Special ports are required by servers running on real operating
systems. A windows client might be the user of such a port but
not the server. Or do you want to install a "trunk monkey" on
every host who takes care of an emerging error window and gives
the mouse a push?

How about a portmapper. It works with NIS and NFS. Yes the
port mapper needs a reserved port too, but that is already
allocated. Portmapper is a security hole but so is a randomly
changeing mess of DLLs.

> > Starting services quickly also helps with the "voluntary collisions"
> > between system services and applications, but is not foolproof. In any
> > case, it does not help with collisions between applications, e.g. two
> > applications trying to use the same port. What does help there is an
> > easily accessible registration system, so application developers can
> > easily "do the right thing", i.e. reserve a port and avoid collisions.
> > Note the emphasis on "easily accessible": if there are too many hoops to
> > jump through, the developers will likely just pick a number at random.

The portmapper is such a registration system.

I guess the port 42 nameserver was very early allocated and it still
works nicely for me but that could not prevent a collision with the
peculiar use of port 42 by windows.

> Right, though it's a delicate dancce.

I agree, and please keep http on port 80 :)

> 		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>
> _______________________________________________
> Ietf mailing list
> Ietf at ietf.org
> https://www1.ietf.org/mailman/listinfo/ietf

Cheers
Peter nd Karin
--
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf