|
On Mon, Jun 25, 2007 at 10:46:30AM -0700, Joseph Mack NA3T wrote:
>
> The machines behind the NAT router call from high ports in
> order. So say you're websurfing and you've just fired up the
> homecomputer, The first call to VIP:80 will come from
> CIP:1025. When that tcpip connection is closed down, the
> next call to VIP:80 will come from CIP:1026 etc. These calls
> get nat'ed into a similar monotonic series of ports from the
> NAT router (with 2.2 linux starting somewhere up near
> 40,000, but now starting with port 1025). Originally there
> was a separate range reserved for each client (I think),
> allowing the ISP to watch for multiple clients behind the
> nat router. Now I think theirs only one range (to stop this
> pattern being observed).
I beleive that there is a school of thought that source ports
should be randomised to mitigate certain classes of security threats.
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
|
