Ephemeral port range (patch)
Andre Oppermann
andre at freebsd.org
Sun Mar 2 23:27:51 UTC 2008
Mike Silbersack wrote:
>
>
> On Sat, 1 Mar 2008, Fernando Gont wrote:
>
>> Folks,
>>
>> This patch changes the default ephemeral port range from 49152-65535
>> to 1024-65535. This makes it harder for an attacker to guess the
>> ephemeral ports (as the port number space is larger). Also, it makes
>> the chances of port number collisions smaller.
>> (http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-port-randomization-01.txt)
>>
>
> There are a number of commonly used ports above 1000, such as nfs and
> x11. I think OpenBSD uses 10000-65535, maybe that's a safer choice to go
> with.
Agreed about 10000-65535.
--
Andre
More information about the freebsd-net
mailing list