Results 1 to 3 of 3

Thread: Ephemeral Source Ports

  1. #1
    Join Date
    Feb 2013
    Posts
    3

    Default Ephemeral Source Ports

    Amanda seems to have a considerable amount of code dedicated to selecting a source port for TCP tansmission.
    For the insallations at the company I work for, this always equates to port 571.

    I have been searching for the reason that the method for choosing the port was chosen, but I have come up empty handed.
    Is anyone able to assist?

    The reason I ask is due to security and interoperability issues we have experienced in our environment.
    Some of these iisues are highlighted in RFC 6056.

    This can be easily eliminated by removing the source port logic and allowing the operating system to decide.
    Thies greatly simplifies the code and removes the risks of choosing predictable ports.

  2. #2
    Join Date
    Nov 2005
    Location
    Canada
    Posts
    1,044

    Default

    The amanda server use a port in the 'reserved-tcp-port' range to connect to the client, this is done to facilitate the firewall configuration y opening only a few port.
    It scan the port sequentially and use the first available.

    I will accept a patch that do it randomly instead of sequentially.

  3. #3
    Join Date
    Feb 2013
    Posts
    3

    Default

    Sorry for the late reply. I was on holiday. I believe random ports within the configured range is a good compromise.
    I am happy to do the code and tests for this if required.

    I have not done any developement for Amanda before. Where should I begin (coding standards doco, code review process, etc)?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •