[59272] in North American Network Operators' Group
Re: ISPs are asked to block yet another port
daemon@ATHENA.MIT.EDU (Edward Lewis)
Mon Jun 23 09:18:02 2003
In-Reply-To: <3EF6A530.9090505@utc.edu>
Date: Mon, 23 Jun 2003 09:17:30 -0400
To: Jeff Kell <jeff-kell@utc.edu>
From: Edward Lewis <edlewis@arin.net>
Cc: nanog list <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
At 2:58 -0400 6/23/03, Jeff Kell wrote:
>And as was noted earlier, unconditionally blocking udp/1026 will cause
>a lot of collateral damage when udp/1026 outbound is used as an ephemeral port
>for a legitimate UDP-based service (DNS, NTP, etc).
>
>Jeff
It's been a long time since I did any substantial BSD-socket coding,
but, back in the day, when you asked for socket 0 in a bind call, the
OS would just pick one. The first (unused) one chosen would be 1024,
then incrementally pick the next up to some limit where it would then
circle around. Most clients (incl. DNS resolvers) would ask for port
0, so, well, y'all can predict the result if you were to filter any
of the "user space" ports.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-703-227-9854
ARIN Research Engineer
...as graceful as a blindfolded bull in a china shop...
