On Wed, May 04, 2022 at 10:28:04AM +0200, Carsten Bormann wrote: > On 4. May 2022, at 10:23, Willy Tarreau <[email protected]> wrote: > > > >> Instead of collecting wafting lists of undesirable ports, would it make > >> sense > >> to more architecturally partition port numbers between those used by > >> servers > >> and those used by clients? > > > > That's the point, and that has been done for more than 40 years now > > by having unprivileged users only select ports >= 1024, resulting in > > the range 1024:65535 being commonly used as the only valid source > > range for incoming connections. > > Sure. But I wasn't talking about system ports (< 1024). > Ephemeral ports (client ports) used to be 48*1024 up, and (user-level) > servers were in 1*1024...48*1024.
It's always mostly been OS-dependent in fact. I remember being told in the 90s that "clients use ports 1024-4999 since ports 5000 and above are reserved" :-) > This has weakened over time, but maybe it is useful enough to use it more > again. Beyond that 1024 frontier there's not much that can be said anymore as various systems use different ranges *by default* and infrastructure components that use lots of ports are quickly tuned to extend these ranges as much as possible to reduce source port conflicts. Same for highly loaded NAT gateways by the way. For example I graphed what I'm seeing at home over a week (attached). ~30% of the incoming requests come from ports < 32768, and 65% from 32768..61000 (the default range on Linux). It's possible that sites that are more centric to other OSes would see a different distribution. Regards, Willy
