I must be really confused. I was under the impression that telnet, ftp,
USENET,... used the ports specified in the /etc/services file, usually WAY below
1023. Like double-digits mostly. Where did I get lost?
______________________________ Reply Separator _________________________________
Subject: Re: http on ports > 1023
Author: Adam Prato <adamp @
com> at SMTPINET
Date: 3/15/96 8:09 PM
On Fri, 15 Mar 1996, Martin Peter wrote:
> How is such a situation usually handled ? What are the riscs if I
> enable ports higher than 1023 ?
for one if you disable access to your network above ports 1023, then noone on
the other side of the gateway will be able to telnet, ftp, or do any other
TCP/UDP client session outside your network.
If you have a unix machine that is directly on the internet, do a 'netstat'
and look at the result:
tcp 0 0 luscious.ovid.co.1023 psyche.ovid.com.login ESTABLISHED
tcp 0 0 luscious.ovid.co.1238 klinzhai.evolve..7326 ESTABLISHED
tcp 53 0 luscious.ovid.co.1167 psyche.ovid.com.nntp CLOSE_WAIT
tcp 0 0 luscious.ovid.co.1164 storm.texas.net.6667 ESTABLISHED
If I were to shut off >1023, I couldnt use any of these services (nntp, irc
icb, rlogin, telnet).
This only applies to machines that need direct internet access. Not if you
have a single host that acts as a proxy server, since the machines would
connect to internet services through this server.