Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!ucsd!ucbvax!RICE.EDU!retrac
From: retrac@RICE.EDU (John Carter)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: anonymous messages
Message-ID: <1988.11.14.12.13.34.retrac.05862@titan.rice.edu>
Date: 14 Nov 88 18:13:34 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 14


    In a message on tcp-ip, you proposed that requiring the originating port
for SMTP deliveries to be a privileged port (< 512) would solve "once and
for all" the problem of anonymous mail.  Unfortunately, making the
assumption that low numbered source ports are privileged is not a very good
idea (although Unix does it all over).  Many operating systems (including
the V system) don't have consider low numbered ports "privileged".  I can
trivially create a source port with whatever number I desire and connect to
your machine.  Also, standalone machines (say a PC) can also rather easily
create whatever port number you want.  Unix's assumption that low numbered
source ports for TCP connections are somehow `privileged' is not very safe.

John Carter
Rice University