also sprach Bob Proulx <bob@proulx.com> [2002.09.07.1757 +0200]: > IIRC there is nothing particularly interesting in that. The ftpd will > open a connection back to your port and will use a randomly assigned > port on its end. Remember that root access is needed to open a port > below 1024. But having every program run as root opens up many > possibilities for security attacks against it. Therefore there has > been a big movement to run as much of daemon code as possible > non-root. Which means that more and more you will see use of > privileged ports diminish in order to accomplish that. I am guessing > any change in behavior is due to this. i am well aware, but active FTP was defined so as to come from port 20. your reasoning makes sense, but it breaks stateless packetfilters (e.g. Ben Hur and early Cisco) as well as Check Point FW-1 4.1. But then again, who cares... -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck redistribution of this email via the micros~1 network is prohibited.
Attachment:
pgpV02iIA547C.pgp
Description: PGP signature