Re: Hardening a Solaris system.

From: Dr. David Kirkby (see_my_signature_for_my_real_address_at_hotmail.com)
Date: 11/28/03 

Date: 28 Nov 2003 08:50:10 -0800

Logan Shaw <lshaw-usenet@austin.rr.com> wrote in message news:<m_gxb.57230$Vs1.569@twister.austin.rr.com>...
> Rich Teer wrote:
> > The reason why a privileged port was chosen was presumably the
> > same as other network services: to help prevent unauthorised
> > versions of Apache running (although given that one can modify
> > the config file, I'm not sure how useful actually is). The idea
> > being that only root can bind to those privileged ports, and
> > presumably (in cases where it matters, like a uni, or commercial
> > environment) only trusted people have root. We can't have students
> > running their own version of Apache, purporting to be the "official"
> > web site for something, can we? :-)
>
> That gets to another reason why it's important. httpd was developed
> on Unix (mostly), and on Unix there is no way to reserve a port
> for a particular user (well, besides binding to it just to hog it).
> So, if you want to be sure that the port is available when it's
> time to start the service, you need to use one that only you (root)
> can have access to.
>
> - Logan

The web websever would normally be started in the startup scripts, so
there is no reason it should not be able to get any port it wants -
lets say 8888 for an example. So once apache is running, no normal
user would be able to take over port 8888.

If apache gets restarted, or the site does not wish to run a web
server at all, then it would be possible for someone to bind to port
8888. I guess there is some logic to prevent that from occuring.
Perhaps solutions that would prevent that - such as killing running a
minimilst server which did nothing but hold the port open, would cuase
more problems than they solve.

Dr. David Kirkby.

Relevant Pages

  • Re: Bird Flu - Scotland
    ... what was Britain's fastest growing port. ... Have you got your poultry in yet? ... No reason to do that yet as you would know if you had the smallest clue. ... Jill claims to run a business - and one with considerable ...
    (uk.business.agriculture)
  • Re: false portscan alarm
    ... What is the reason of that treffic? ... and the browser and/or the "personal firewall" had decided to close those ... which each have a local source port above 1024 opened outgoing to port 80 ... I've had a dig through my own PIX logs, and while there is nothing for today ...
    (comp.security.firewalls)
  • Re: false portscan alarm
    ... What is the reason of that treffic? ... which each have a local source port above 1024 opened outgoing to port 80 ... Windows Messenger? ... UDP packets from that IP have been MSN/Windows messenger spam (which is ...
    (comp.security.firewalls)
  • Re: Craigslist Bouncing Me - Non-generic DNS
    ... You do not need to use TCP source port 25, but you do need TCP destination port 25. ... It is systems that have become infected with a worm / virus of some sort that has its own SMTP engine in it that is sending the majority of the spam. ... The only reason I mentioned the mail servers is so that they people running them, be it hobbyist or businesses, could state that they will take responsibility for their systems and to request bypassing of the default outgoing destination port 25 block. ...
    (comp.mail.sendmail)
  • Re: "Dont panic"?
    ... have some other legitimate reason for scanning your network. ... While port scanning is a waste ... > cyberworld is fraught with danger. ... a port scan reports back to an ISP a lot of people time and network bandwidth ...
    (comp.security.ssh)