On Wed, Jan 14, 2009 at 7:15 AM, Scott Rohling <scott.rohl...@gmail.com> wrote:
> I don't get it - why do you find it an annoyance that IBM recommends using a > low port? I mean - I understand not having to alter TCPIP by using a port >> 1024 -- but do you think it's a bad idea to have TCPIP reserve the port > for PERFKIT? I'm sure the annoyance is in the default "protectlowports" which was carried over from the *nix world. Analogies are not always easy. The idea there is that sessions originating from a <1024 port can be trusted because the process runs with root privileges. But with IP connected workstations, this has become a pretty useless qualification because any Windows user is sort-of root on his system. I find very few installations that have enough CMS users on their system that there would be a real concern that any of them would fake a trusted service. It might be good to "dedicate" some ports to specific services (like telnet, ftp) to avoid denial of service. But the rest might well go with first-come first-serve basis. So I think default should be different. Additional complication is that it requires you to go through 400 lines of (partially commented-out) configuration options just to define a web server on port 80. Something like the /etc/services might be easier to manage. Rob -- Rob van der Heij Velocity Software http://www.velocitysoftware.com/
