Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!decvax!decwrl!ucbvax!cbosgd.ATT.COM!mark
From: mark@cbosgd.ATT.COM.UUCP
Newsgroups: mod.protocols.tcp-ip
Subject: Re: port collisions
Message-ID: <8605180416.AA17067@cbosgd.ATT.COM>
Date: Sun, 18-May-86 00:16:45 EDT
Article-I.D.: cbosgd.8605180416.AA17067
Posted: Sun May 18 00:16:45 1986
Date-Received: Mon, 19-May-86 20:28:36 EDT
References: <8605152016.AA14729@BORAX.LCS.MIT.EDU>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: AT&T Bell Laboratories, Columbus
Lines: 25
Approved: tcp-ip@sri-nic.arpa

>As far as I've found, this belief that some ports are secure while
>others aren't is only implemented by Berkekley Unix.  Since other IP
>implementations do not necessarily honor this belief, there is no
>security in using *secure* ports unless your network consists
>exclusively of machines running Berkelely Unix.

I wouldn't even go that far.  Even if your network is all based on
the UNIX conventions (the System V product is the same at Berkeley)
you still don't really have much security.  You have to trust the
super users of all the systems on your network, and keep the cable
physically secure.  There are enough cheap PCs running UNIX these
days that any user with a PC can break in with a little cleverness.

Many protocols depend on higher levels of security, e.g. FTP uses
a password on every connection.  I won't claim that there aren't
security problems here, either, but the point is that for many
applications, magic numbers like 255 or 1024 don't mean much.
As far as I'm concerned, I can choose any 16 bit number.  In fact,
our current protocol being developed uses port 1624 and we're
quite happy.  Nonetheless, I hope to reserve the port number
to avoid a possible random future collision.  Of course, we will
have some sort of management decision about publishing our protocol
before we can publish it.

	Mark