03-31-2011
Quote:
Originally Posted by
rmtzcx
Add your application and port to the /etc/services file. I will prevent any other program to use the port (Obviously, any other program that is well written :P)
I don't think that's true, even by convention. How could even a well-written program prevent itself from being
randomly assigned a high port number? It has no choice in the matter, and the kernel certainly doesn't check /etc/services...
This may differ from system to system, but I think you're safe from random assignments when you use numbers less than 32768.
Last edited by Corona688; 03-31-2011 at 03:45 PM..
8 More Discussions You Might Find Interesting
1. Solaris
Hi Guys,
Anybody come across this error when formating a harddisk. "Reserved Failed"
Supected hardisk failure, is my assumption correct.
Thanks (5 Replies)
Discussion started by: bigmoon
5 Replies
2. Linux
How do you debug a perl script non interactively, similar to bash -x? (1 Reply)
Discussion started by: marcpascual
1 Replies
3. Solaris
We have several containers on one machine and would like to reserve some memory for the global zone. capped-memory only allows max physical/swap and setting a max on each container isn't an option. The server has 32GB physical and 30GB swap. Currently there are ten containers on it. Normally... (6 Replies)
Discussion started by: kharjahn
6 Replies
4. Filesystems, Disks and Memory
Hi All,
I want to make a 3GB of space reserve on Solaris. Let me know whether there is a way by creating empty file of 3GB so that i can delete that file in future to utilize that space. Or any other better ways for space reserve.
-Vinodh' Kumar (4 Replies)
Discussion started by: vino_hymi
4 Replies
5. Shell Programming and Scripting
I have a shell script which sets some variables and then calls modules of a program in succession, one by one. Problem is that the script is executed on servers with many users, so sometimes the script starts running, runs for 10 minutes and then breaks due to lack of resources when other users run... (1 Reply)
Discussion started by: tetreb
1 Replies
6. AIX
Hi
I have a ticket to Reserve ports for SAS install in SAS servers.
Does anyone knows the procedure how to do it.
it will be helpful for me please
Thanks in Advance (4 Replies)
Discussion started by: gulamibrahim
4 Replies
7. Red Hat
In my Linux system ephemeral port range is showing different ranges as follows
$ cat /proc/sys/net/ipv4/ip_local_port_range
32768 61000
cat /etc/sysctl.conf | grep net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 9000 65500
Which will be the effective ephemeral port... (5 Replies)
Discussion started by: steephen
5 Replies
8. AIX
I'll start with I'm not an AIX expert, I inherited a lot of AIX servers to maintain.
My problem is on AIX 7.1 TL4 SP4 environments. I'm running named as a DNS forwarder only to internal DNS servers.
These AIX servers have a customized UDP ephemeral port range to avoid conflicting with the... (0 Replies)
Discussion started by: seanc
0 Replies
LEARN ABOUT DEBIAN
blackhole
BLACKHOLE(4) BSD Kernel Interfaces Manual BLACKHOLE(4)
NAME
blackhole -- a sysctl(8) MIB for manipulating behaviour in respect of refused TCP or UDP connection attempts
SYNOPSIS
sysctl net.inet.tcp.blackhole[=[0 | 1 | 2]]
sysctl net.inet.udp.blackhole[=[0 | 1]]
DESCRIPTION
The blackhole sysctl(8) MIB is used to control system behaviour when connection requests are received on TCP or UDP ports where there is no
socket listening.
Normal behaviour, when a TCP SYN segment is received on a port where there is no socket accepting connections, is for the system to return a
RST segment, and drop the connection. The connecting system will see this as a ``Connection refused''. By setting the TCP blackhole MIB to
a numeric value of one, the incoming SYN segment is merely dropped, and no RST is sent, making the system appear as a blackhole. By setting
the MIB value to two, any segment arriving on a closed port is dropped without returning a RST. This provides some degree of protection
against stealth port scans.
In the UDP instance, enabling blackhole behaviour turns off the sending of an ICMP port unreachable message in response to a UDP datagram
which arrives on a port where there is no socket listening. It must be noted that this behaviour will prevent remote systems from running
traceroute(8) to a system.
The blackhole behaviour is useful to slow down anyone who is port scanning a system, attempting to detect vulnerable services on a system.
It could potentially also slow down someone who is attempting a denial of service attack.
WARNING
The TCP and UDP blackhole features should not be regarded as a replacement for firewall solutions. Better security would consist of the
blackhole sysctl(8) MIB used in conjuction with one of the available firewall packages.
This mechanism is not a substitute for securing a system. It should be used together with other security mechanisms.
SEE ALSO
ip(4), tcp(4), udp(4), ipf(8), ipfw(8), pfctl(8), sysctl(8)
HISTORY
The TCP and UDP blackhole MIBs first appeared in FreeBSD 4.0.
AUTHORS
Geoffrey M. Rehmet
BSD
January 1, 2007 BSD