Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Reserve Ephemeral ports
Top Forums UNIX for Advanced & Expert Users Reserve Ephemeral ports Post 302509721 by Corona688 on Thursday 31st of March 2011 02:35:28 PM
Old 03-31-2011
Quote:
Originally Posted by rmtzcx
Add your application and port to the /etc/services file. I will prevent any other program to use the port (Obviously, any other program that is well written :P)
I don't think that's true, even by convention. How could even a well-written program prevent itself from being randomly assigned a high port number? It has no choice in the matter, and the kernel certainly doesn't check /etc/services...

This may differ from system to system, but I think you're safe from random assignments when you use numbers less than 32768.
Last edited by Corona688; 03-31-2011 at 03:45 PM..
 

8 More Discussions You Might Find Interesting

1. Solaris

Reserve Failed error for HD

Hi Guys, Anybody come across this error when formating a harddisk. "Reserved Failed" Supected hardisk failure, is my assumption correct. Thanks (5 Replies)
Discussion started by: bigmoon
5 Replies

2. Linux

proper way to reserve ports in linux

How do you debug a perl script non interactively, similar to bash -x? (1 Reply)
Discussion started by: marcpascual
1 Replies

3. Solaris

Reserve Memory for Global Zone

We have several containers on one machine and would like to reserve some memory for the global zone. capped-memory only allows max physical/swap and setting a max on each container isn't an option. The server has 32GB physical and 30GB swap. Currently there are ten containers on it. Normally... (6 Replies)
Discussion started by: kharjahn
6 Replies

4. Filesystems, Disks and Memory

Create file for space Reserve

Hi All, I want to make a 3GB of space reserve on Solaris. Let me know whether there is a way by creating empty file of 3GB so that i can delete that file in future to utilize that space. Or any other better ways for space reserve. -Vinodh' Kumar (4 Replies)
Discussion started by: vino_hymi
4 Replies

5. Shell Programming and Scripting

Reserve resources (memory and processes)

I have a shell script which sets some variables and then calls modules of a program in succession, one by one. Problem is that the script is executed on servers with many users, so sometimes the script starts running, runs for 10 minutes and then breaks due to lack of resources when other users run... (1 Reply)
Discussion started by: tetreb
1 Replies

6. AIX

Reserve Ports

Hi I have a ticket to Reserve ports for SAS install in SAS servers. Does anyone knows the procedure how to do it. it will be helpful for me please Thanks in Advance (4 Replies)
Discussion started by: gulamibrahim
4 Replies

7. Red Hat

Which is the effective ephemeral port range in Linux 2.6 for this set up?

In my Linux system ephemeral port range is showing different ranges as follows $ cat /proc/sys/net/ipv4/ip_local_port_range 32768 61000  cat /etc/sysctl.conf | grep net.ipv4.ip_local_port_range net.ipv4.ip_local_port_range = 9000 65500 Which will be the effective ephemeral port... (5 Replies)
Discussion started by: steephen
5 Replies

8. AIX

Forcing named 9 to use a fixed ephemeral port range

I'll start with I'm not an AIX expert, I inherited a lot of AIX servers to maintain. My problem is on AIX 7.1 TL4 SP4 environments. I'm running named as a DNS forwarder only to internal DNS servers. These AIX servers have a customized UDP ephemeral port range to avoid conflicting with the... (0 Replies)
Discussion started by: seanc
0 Replies

LEARN ABOUT DEBIAN

blackhole

BLACKHOLE(4)						   BSD Kernel Interfaces Manual 					      BLACKHOLE(4)

NAME

     blackhole -- a sysctl(8) MIB for manipulating behaviour in respect of refused TCP or UDP connection attempts

SYNOPSIS

     sysctl net.inet.tcp.blackhole[=[0 | 1 | 2]]
     sysctl net.inet.udp.blackhole[=[0 | 1]]

DESCRIPTION

     The blackhole sysctl(8) MIB is used to control system behaviour when connection requests are received on TCP or UDP ports where there is no
     socket listening.

     Normal behaviour, when a TCP SYN segment is received on a port where there is no socket accepting connections, is for the system to return a
     RST segment, and drop the connection.  The connecting system will see this as a ``Connection refused''.  By setting the TCP blackhole MIB to
     a numeric value of one, the incoming SYN segment is merely dropped, and no RST is sent, making the system appear as a blackhole.  By setting
     the MIB value to two, any segment arriving on a closed port is dropped without returning a RST.  This provides some degree of protection
     against stealth port scans.

     In the UDP instance, enabling blackhole behaviour turns off the sending of an ICMP port unreachable message in response to a UDP datagram
     which arrives on a port where there is no socket listening.  It must be noted that this behaviour will prevent remote systems from running
     traceroute(8) to a system.

     The blackhole behaviour is useful to slow down anyone who is port scanning a system, attempting to detect vulnerable services on a system.
     It could potentially also slow down someone who is attempting a denial of service attack.

WARNING

     The TCP and UDP blackhole features should not be regarded as a replacement for firewall solutions.  Better security would consist of the
     blackhole sysctl(8) MIB used in conjuction with one of the available firewall packages.

     This mechanism is not a substitute for securing a system.	It should be used together with other security mechanisms.

SEE ALSO

     ip(4), tcp(4), udp(4), ipf(8), ipfw(8), pfctl(8), sysctl(8)

HISTORY

     The TCP and UDP blackhole MIBs first appeared in FreeBSD 4.0.

AUTHORS

     Geoffrey M. Rehmet

BSD
								  January 1, 2007							       BSD
All times are GMT -4. The time now is 10:51 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy