From owner-freebsd-net@FreeBSD.ORG  Sun Mar  2 23:27:51 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A4B59106566B
	for <freebsd-net@freebsd.org>; Sun,  2 Mar 2008 23:27:51 +0000 (UTC)
	(envelope-from andre@freebsd.org)
Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2])
	by mx1.freebsd.org (Postfix) with ESMTP id 01F1B8FC1A
	for <freebsd-net@freebsd.org>; Sun,  2 Mar 2008 23:27:50 +0000 (UTC)
	(envelope-from andre@freebsd.org)
Received: (qmail 93803 invoked from network); 2 Mar 2008 22:41:54 -0000
Received: from localhost (HELO [127.0.0.1]) ([127.0.0.1])
	(envelope-sender <andre@freebsd.org>)
	by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP
	for <silby@silby.com>; 2 Mar 2008 22:41:54 -0000
Message-ID: <47CB37FB.3060009@freebsd.org>
Date: Mon, 03 Mar 2008 00:27:55 +0100
From: Andre Oppermann <andre@freebsd.org>
User-Agent: Thunderbird 1.5.0.14 (Windows/20071210)
MIME-Version: 1.0
To: Mike Silbersack <silby@silby.com>
References: <200803011338.m21DcY9Z026418@venus.xmundo.net>
	<20080301142538.L29763@odysseus.silby.com>
In-Reply-To: <20080301142538.L29763@odysseus.silby.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Rui Paulo <rpaulo@fnop.net>, freebsd-net@freebsd.org
Subject: Re: Ephemeral port range (patch)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Mar 2008 23:27:51 -0000

Mike Silbersack wrote:
> 
> 
> On Sat, 1 Mar 2008, Fernando Gont wrote:
> 
>> Folks,
>>
>> This patch changes the default ephemeral port range from 49152-65535 
>> to 1024-65535. This makes it harder for an attacker to guess the 
>> ephemeral ports (as the port number space is larger). Also, it makes 
>> the chances of port number collisions smaller. 
>> (http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-port-randomization-01.txt) 
>>
> 
> There are a number of commonly used ports above 1000, such as nfs and 
> x11. I think OpenBSD uses 10000-65535, maybe that's a safer choice to go 
> with.

Agreed about 10000-65535.

-- 
Andre