Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!auspex!guy
From: guy@auspex.UUCP (Guy Harris)
Newsgroups: comp.unix.wizards
Subject: Re: ftp using .rhosts or rhsts.equiv
Keywords: ftp, .rhosts
Message-ID: <2720@auspex.UUCP>
Date: 15 Dec 89 22:43:40 GMT
References: <Dec.8.16.10.03.1989.20166@pilot.njin.net> <32098@news.Think.COM>
Reply-To: guy@auspex.auspex.com (Guy Harris)
Organization: Auspex Systems, Santa Clara
Lines: 7

>For security, ftp should use a privileged port to connect to the daemon,
>and ftpd should check that the foreign port is privileged.  This prevents
>users from spoofing with "telnet <host> 20".

Well, some users, anyway.  Not all OSes in the known universe prevent
non-privileged users from using certain port numbers (and some of those
that don't may even have TCP/IP and TELNET implementations).