Date: Fri, 6 Oct 1995 00:22:33 -0600 (MDT) From: Ade Barkah <mbarkah@hemi.com> To: chuckr@eng.umd.edu (Chuck Robey) Cc: freebsd-hackers@freebsd.org Subject: Re: Fiskars UPS support... Message-ID: <199510060622.AAA02872@hemi.com> In-Reply-To: <Pine.SUN.3.91.951005231124.13859B-100000@espresso.eng.umd.edu> from "Chuck Robey" at Oct 5, 95 11:14:46 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> I don't find 'privileged ports' in my trusty O'Reillly TCP/IP book, could > you give me a reference? It refers to port numbers below 1024. In Unix systems, only the super-user can bind a socket to listen to ports < 1024. It is an "extra" bit of security, but easily defeated if someone has root priviledges or run a non-Unix operating system on the wire. > I just don't see, right now, what would stop someone with a packet > sniffer, finding how I communicate, then spoofing the remote. Authentication is always a problem when dealing with client-server programs. You need to devise a way for the programs to authenticate themselves, perhaps by using encryption methods. Popular protocols use "challenge passwords" to verify that each end is properly authorized. A simple scheme is to have a specific "shutdown password" that is only sent when a shutdown is necessary, and changes each time the system is shut down. This scheme defeats packet sniffing since 1) the password is not normally sent for simple status checks and 2) when it is sent, it is immediately changed. Of course, if someone is packet sniffing your internal organization's wire, you have bigger problems. -Ade Barkah -------------------------------------------------------------------- Inet: mbarkah@hemi.com - HEMISPHERE ONLINE - www: <http://hemi.com/>; --------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510060622.AAA02872>