Date: Mon, 03 Mar 2008 00:27:55 +0100 From: Andre Oppermann <andre@freebsd.org> To: Mike Silbersack <silby@silby.com> Cc: Rui Paulo <rpaulo@fnop.net>, freebsd-net@freebsd.org Subject: Re: Ephemeral port range (patch) Message-ID: <47CB37FB.3060009@freebsd.org> In-Reply-To: <20080301142538.L29763@odysseus.silby.com> References: <200803011338.m21DcY9Z026418@venus.xmundo.net> <20080301142538.L29763@odysseus.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Silbersack wrote: > > > On Sat, 1 Mar 2008, Fernando Gont wrote: > >> Folks, >> >> This patch changes the default ephemeral port range from 49152-65535 >> to 1024-65535. This makes it harder for an attacker to guess the >> ephemeral ports (as the port number space is larger). Also, it makes >> the chances of port number collisions smaller. >> (http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-port-randomization-01.txt) >> > > There are a number of commonly used ports above 1000, such as nfs and > x11. I think OpenBSD uses 10000-65535, maybe that's a safer choice to go > with. Agreed about 10000-65535. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47CB37FB.3060009>