Path: utzoo!attcan!uunet!yale!husc6!think!barmar
From: barmar@think.COM (Barry Margolin)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: anonymous messages
Message-ID: <31376@think.UUCP>
Date: 14 Nov 88 08:08:49 GMT
References: <8811072122.aa04460@ICS.UCI.EDU> <19432.595013634@paris.ics.uci.edu>
Sender: news@think.UUCP
Reply-To: barmar@kulla.think.com.UUCP (Barry Margolin)
Organization: Thinking Machines Corporation, Cambridge MA, USA
Lines: 29

In article <19432.595013634@paris.ics.uci.edu> raj@PARIS.ICS.UCI.EDU writes:
[Suggests requiring that the source port of an SMTP connection be <512.]
>Well, what's wrong this idea?  I figure there has to be something wrong with
>it or else it would have been suggested long ago.

There's nothing in the TCP spec that says that low-numbered ports are
"privileged".  While this is true on many systems, it is not true on
all, and there's no way that it could be made so.  What about TCP
implementations on personal computers?  You can't even depend on the
source address in the IP header to be correct, and you want to base a
security feature on the port number?

The mechanism you describe is used in Berkeley Unix's rsh and rlogin
protocols.  However, it is only permitted between consenting machines.
The server machine has a list of machines that it believes implements
this level of security.  If you come from a different machine, it
ignores the fact that you are coming from a low-numbered port.  (This
still isn't completely secure, since it ignores the fact that some
systems will allow the user to fake the source IP address, thus
pretending to be coming from a trusted machine; unfortunately, it's
difficult to do better than this.)

This is why this mechanism is not really useful in the general case.

Barry Margolin
Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar