From: Javier Martinez <tazok.id0@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: Linux ephemeral port range defaults to "broken".
Date: Sun, 10 Aug 2025 23:43:42 +0200 [thread overview]
Message-ID: <5eb443f9-7c52-4a13-b8a8-4d2b2092b2c5@gmail.com> (raw)
In-Reply-To: <107b3j7$ikm$1@ciao.gmane.io>
[-- Attachment #1.1.1: Type: text/plain, Size: 785 bytes --]
El 10/8/25 a las 23:39, Grant Edwards escribió:
> On 2025-08-10, Javier Martinez <tazok.id0@gmail.com> wrote:
>
>> PD: nc -l myip myultracriticalport breaks your countermeasure of
>> using proc to avoid port use (ip_local_reserved_ports)
>
> You can not run "nc -l myip myultracriticalport" on the system in
> question.
>
>> is part of the solution, not the solution itself. You need iptables
>> in all cases.
>
> No, I do not.
>
> --
> Grant
>
>
>
>
>
>
>
>
Any user with access to python or any socket interface in any
programming language can put things to listen in ports above 1024 as are
unprivilege ports.
The only solution is to use iptables to restrict it and killing the
process that tried to use it triggered by iptables log.
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3145 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]
next prev parent reply other threads:[~2025-08-10 21:45 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-07 1:38 [gentoo-user] Linux ephemeral port range defaults to "broken" Grant Edwards
2025-08-07 3:49 ` Alexandru N. Barloiu
2025-08-07 6:44 ` Zhixu Liu
2025-08-07 13:04 ` Javier Martinez
2025-08-07 13:12 ` Javier Martinez
2025-08-07 14:01 ` [gentoo-user] " Grant Edwards
2025-08-07 14:25 ` Javier Martinez
2025-08-07 14:37 ` Javier Martinez
2025-08-10 1:54 ` [gentoo-user] " Grant Taylor
2025-08-10 21:13 ` [gentoo-user] " Grant Edwards
2025-08-10 21:25 ` Javier Martinez
2025-08-10 21:35 ` Grant Edwards
2025-08-10 21:28 ` Grant Edwards
2025-08-10 21:30 ` Javier Martinez
2025-08-10 21:39 ` Grant Edwards
2025-08-10 21:43 ` Javier Martinez [this message]
2025-08-10 22:55 ` Grant Edwards
2025-08-10 23:12 ` Javier Martinez
2025-08-10 21:59 ` Javier Martinez
2025-08-10 23:00 ` Grant Edwards
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5eb443f9-7c52-4a13-b8a8-4d2b2092b2c5@gmail.com \
--to=tazok.id0@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox