nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is NAT can provide some kind of protection?

From: William Herrin <bill () herrin us>
Date: Sat, 15 Jan 2011 16:43:55 -0500
On Sat, Jan 15, 2011 at 4:16 PM, Brian Keefer <chort () smtps net> wrote:

1.)  Allows you to redirect a privileged port (on UNIX) to a
non-privileged port. For daemons that don't implement some
form of privilege revoking after binding to a low port (and/or aren't
allowed to run as root), this is very useful.  It's much easier to
have a firewall redirect than to implement robust privilege revoking.
 Example: PAT 25/tcp -> 2525/tcp.


There was a patch offered for the Linux kernel years ago that exported
the network ports as a filesystem where you could set who could bind
which port by changing the ownership and permissions on the "files." I
never understood why Linus rejected it.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
Previous By Date Next
Previous By Thread Next

Current thread: