Home page logo

basics logo Security Basics mailing list archives

Re: trusted & untrusted ports
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Tue, 11 Nov 2003 11:38:32 +0100

On 2003-11-09 Hilal Hussein wrote:
I would like to open ports in my firewall so that i can access some
applications out of my network. consequently, I have two questions:

1 - How I can Identify trusted ports vs. Untrusted ports ? assuming
trust is directly concern with the security prespective (include
virus, worms, hack, ...).

A port is a port. What do you mean by "trusted"? On Unix systems only
root can attach services to the well known ports (< 1024), so you only
have to trust the sysadmin of that machine. On Windows systems any user
can attach services to any port that no other service is listening on.
So with Windows machines (and Unix machines for ports >= 1024) you have
to trust any user of the machine. Clients use arbitrary ports >= 1024
for connections to servers.

2 - corret me from wrong please. "There are two types of applications:
web application (access through the http port), and client/server
application (access through a defined port should be opened on the
internet gateway).

I would rather say "web applications are those accessible through HTTP",
because you can easily run those applications on ports != 80. In fact
you can run any application on any port that is not already used by
another application. It's just a convention to use port 80 for HTTP, so
your browser would assume that port if you omit a port number in an URL.
Most likely your web application will be a client/server application,
too. Client/server just determines that there are two applications with
different roles: one sending requests (client) and the other processing/
answering these requests (server).


Ansgar Wiechers

The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]