Re: Ports and privileges

[Bret McDanel <bret () rehost com>]

Correct me if I am wrong (hey someone surly will :)
but isnt nfs (port 2049) udp only?  So wouldnt tcp to port 2049be a non
issue?


As for changing the port access on solaris:
/usr/sbin/ndd /dev/tcp tcp_smallest_nonpriv_port <first nonpriv port>
/usr/sbin/ndd /dev/udp udp_smallest_nonpriv_port <first nonpriv port>



---Reply on mail from Vinci Chou about Ports and privileges

> I am very interested to know what OS(s) allow the range of privileged ports
> configurable and how.
>
> I have a question which I got no answer from the Firewalls mailing list (not
> FW-wizard) and the above seems to be the solution to my problem.  My question
> was, when the firewall initiate an HTTP connection, it used a random
> non-privileged port.  And occasionally, this port number happens to be 2049,
> and
> when the reply packets come back, they are blocked by my router.  I don't feel
> like allowing packets with ACK bits to port 2049.  So I would like to know if
> there is any way to prevent the firewall from using 2049 as the random port
> (similarly for other dangerous high port numbers).
>
> Thanks,
> Vinci.
>
> tqbf () secnet com wrote:
>
> >         - Some operating systems already allow you to effectively do
> >           this by making the range of privileged ports configurable.
---End reply
-- 
Bret McDanel                                    http://www.rehost.com
Realistic Technologies, Inc.                             973-514-1144

     These opinions are mine, and may not be the same as my employer