On Mon, 2006-03-20 at 12:09 +0100, Stephane Bortzmeyer wrote:
Ned Freed <ned(_dot_)freed(_at_)mrochek(_dot_)com> wrote:
The privileged port concept has some marginal utility on multiuser
systems where you don't Joe-random-user to grab some port for a well
known service.
"had", not "has". The concept was invented at a time where multi-users
machines were rare and expensive monsters. So, a request coming from
source port 513 probably was "serious". Today, any highschool student
is root on his PC and therefore this protection is almost useless.
you shouldn't allow unrestricted access to the network from unmanaged
hosts, that's a recipe for disaster. consider rogue DHCP servers, for
instance. we still use host based authentication for port 514 (rsh) on
strictly managed networks as a supplement to SSH. this requires
physical security for network equipment or exposed hosts (not users)
doing 802.1x authentication. the protection is not useless in that
environment.
--
Kjetil T.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf