[Stefan Sperling] > "Before the SO_EXCLUSIVEADDRUSE socket option was introduced, there was > very little a network application developer could do to prevent a > malicious program from binding to the port on which the network > application had its own sockets bound." > > So not using SO_EXCLUSIVEADDR means the denial-of-service still works?
Well, the same article describes the changes made in Windows Server 2003: now this seems to be true only if the malicious app is running as the same user as svnserve. -- Peter Samuelson | org-tld!p12n!peter | http://p12n.org/
