On Mon, Jun 25, 2007 at 10:46:30AM -0700, Joseph Mack NA3T wrote: > > The machines behind the NAT router call from high ports in > order. So say you're websurfing and you've just fired up the > homecomputer, The first call to VIP:80 will come from > CIP:1025. When that tcpip connection is closed down, the > next call to VIP:80 will come from CIP:1026 etc. These calls > get nat'ed into a similar monotonic series of ports from the > NAT router (with 2.2 linux starting somewhere up near > 40,000, but now starting with port 1025). Originally there > was a separate range reserved for each client (I think), > allowing the ISP to watch for multiple clients behind the > nat router. Now I think theirs only one range (to stop this > pattern being observed).
I beleive that there is a school of thought that source ports should be randomised to mitigate certain classes of security threats. -- Horms H: http://www.vergenet.net/~horms/ W: http://www.valinux.co.jp/en/ _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
