Andreas Sikkema wrote: > > [EMAIL PROTECTED] wrote: > > > Seems to me that the average user application doesn't need to open > > TCP/UDP ports for listening. Attack bots tend to do this kind > > of thing. > > Unfortunately there are applications like VoIP softphones which have > to have a listener socket (more than one in many cases).
Such listener sockets should be invoked as privileged servers/services, and the application the user runs only connects via an API to the server process. So the server can be programmed to only accept certain requests from the client, which would make it qzuite difficult for malware to misuse the service. This is the way many Unix-like systems work by default: non-privileged users cannot open a network connection, they need to use a system service instead (like NFS, RPC, a web proxy etc.). If the services are programmed in a secure manner, they can prevent misuse quite good. Best regards, Martin Stricker -- Homepage: http://www.martin-stricker.de/ Linux Migration Project: http://www.linux-migration.org/ Red Hat Linux 9 for low memory: http://www.rule-project.org/ Registered Linux user #210635: http://counter.li.org/
