ben.hutchings at roundpoint.com
Wed May 9 22:39:57 CEST 2001
grante at visi.com (Grant Edwards) writes:
> In article <kReK6.21$Dd5.7061 at ruti.visi.com>, Grant Edwards wrote:
> >A particular port can't be reused for X seconds after it's
> >closed (for security reasons).
> I should explain more precisely: it's so that if packets from
> the old connection come straggling in after wandering around
> the 'net for a while they don't interfere with the new
> connection. If you don't allow a port to be re-used for longer
> than the maximum time it could take for a packet to get from A
> to B, then that's not a problem. I have a vague recollection
> that there was a way that reusing a port immediately could be a
> security problem, but I can't figure out what the scenario
> would be.
If one user binds a socket to some specific port, and then closes it,
and then another user binds a socket to that port, the second user
could get packets destined for the first user. However, I don't think
that applies to TCP, because the OS would notice mismatched sequence
numbers and send back a reset. (Unprivileged users aren't allowed to
read raw packets, so they can't get around this.) A bigger problem
these days is that host addresses for dial-up connections can be
reassigned at short intervals.
Any opinions expressed are my own and not necessarily those of Roundpoint.
More information about the Python-list