Re: [squid-users] Port 1024

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 14 Feb 2002 05:43:21 +0100

Actually not..
ports 0-1023 are assigned by IANA to well known services.
ports 1024-65535 are registered, mostly open for anyone
ports 1023-512 is used by UNIX for trusted system authentication
(rlogin, rsh etc). On UNIX only root processes are allowed to use
ports 1-1023 (port 0 is not usable).

Port 1024 is reserved, with no official use.

Why squid.conf reads 1025 and not 1024 I don't know. Either a typo,
or there is a sensitive service often listening to port 1024. Does
not matter that much as it isn't very common to have web services
listening on port 1024.

The whole thing with the Safe_ports limit in Squid is to prevent your
users from bouncing off Squid when abusing other systems. The most
notable such abuse is bouncing off a Squid to send SMTP messages,
hiding the senders real IP from the email system.. but there are
numerous other services that can be abused in similar manners.

Regards
Henrik Nordström
Squid Developer

On Sunday 10 February 2002 17.55, Dave Raven wrote:
> because its not in the unassigned range.
> 1025+ are allowed because data is transfered on those
> ports randomly. 1024- are reserved for services.
>
>
> ----- Original Message -----
> From: "Ray Hillman" <R.K.Hillman@bton.ac.uk>
> To: <squid-users@squid-cache.org>
> Sent: Wednesday, February 06, 2002 4:31 PM
> Subject: [squid-users] Port 1024
>
> > Hi,
> >
> > One of our users is trying to contact a webserver
> > which runs on port 1024.
> >
> > By default, 1024 is not a 'safe port' in squid.
> > I just wondered why.
> >
> > Regards
> >
> > Ray
> > --
> > RFC-822 : R.K.Hillman@bton.ac.uk
> > X.400 : S=hillman; G=ray; O=bton; PRMD=uk.ac; ADMD= ; C=GB
> > Tel : +44 1273 600900 Ext. 2644 or +44 1273 642644 (direct)
> > Fax : +44 1273 642666
> > Http : http://www.bton.ac.uk/
> > Systems Manager, University of Brighton Information Services,
> > Watts Building, Moulsecoomb, Brighton, East Sussex, UK, BN2 4GJ

-- 
MARA Systems AB, Giving you basic free Squid support
Customized solutions, packaged solutions and priority support
available on request
Received on Wed Feb 13 2002 - 22:08:37 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:21 MST