>>> On Thu, Jan 17, 2008 at 3:18 PM, in message <[EMAIL PROTECTED]>, "McKown, John" <[EMAIL PROTECTED]> wrote: -snip- > What is an "unsecured port"? Do you mean a port <1024? What does it > matter?
Loosely speaking, unprivileged ports, which are *above* 1024, because anyone can bind to them, not just processes running as UID 0. The NFS server used by Linux cares because the authors thought it would be a good idea to only accept incoming connections that originated on a privileged port (by default). By doing that, they can (perhaps foolishly, perhaps not) assume that the incoming connection is from a non-malicious source. Connections coming in from ports > 1024 could be initiated by anybody (from any IP address via IP spoofing), including crackers intent on subverting your NFS server, and then your entire system. > In any case, to answer your question: None of which is really going to help him, since he needs to force the z/OS NFS *client* to send its request out on a port < 1024, regardless of what port it is going to on the Linux system. In my case, I very vaguely remember seeing this before, but I don't recall if it even involved z/OS NFS or not. Mark Post ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
