El 7/8/25 a las 3:38, Grant Edwards escribió:
According to IANA (and before that ICANN and USC/ISI) port numbers
from 1024 to 49151 are registerd ports, and are to be used for
specific protocols. For example ports 2222 and 44818 are registered
for used by the Ethernet/IP Rockwell PLC protocol.

Dynamic or ephemeral ports are supposed to be in the range
49152-65535.

Linux defaults to 32768-60999 for ephemeral ports. That clearly
overlaps with a _lot_ of assigned/registered port numbers in the range
32786-49151.

That seems just plain wrong. What am I missing?

It's simple enough to change the ephemeral range so it doesn't overlap
with registered port numbers, and it looks like I'm going to need to
do that to avoid possible collisions in a project I'm working on. The
question is why do I have to do that? The standards are pretty clear.
Why does Linux default to being broken like that?

--
Grant




Ephemeral ports needs be randomized, so, you need a range big enough.

Randomizing them are also critical, so you need a range big enough. You cant have 49151 registered ports most of them unused and left millions users share 11000 ports that needs to be randomized to avoid attacks as some that happens in DNS queries which got mitigated with source port randomization.

Attachment: OpenPGP_0x57E64E0B7FC3BEDF.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply via email to