protecting ports >1024

Sat, 11 Nov 2000 17:04:41 +0100

Sheer El-Showk wrote:

> Normally I just run a default deny everything firewall and then allow
> anything destined to ports 1024-65535 on my internal machines.  But I end
> up having to manually deny every listeing port in that range.  Moreover
> some services, like ssh seem to violate the don't use ports < 1025 for
> dynamic connections (ie ssh clients seem to connect from ports 1000-1010
> from what I can tell).

>From ssh man-page:
-P      Use a non-privileged port for outgoing connections.  This can be
             used if your firewall does not permit connections from
privileged
             ports.  Note that this option turns off
RhostsAuthentication and
             RhostsRSAAuthentication.

Volker