Re: TCP-Programming: Port connects to itself? Why is this possible?

jack <not@all.org> wrote:
> Example: "ssh localhost" - This will open a connection _from_
> "127.0.0.0:22" _to_ "127.0.0.0:22". Exactly what one wants to have.

Is that correct? I initiated an SSH session from my HP-UX system to
another system (that wasn't there) and se this in netstat:

$ netstat -a | grep SYN
tcp 0 1 tardy.53097 sweb169.22 SYN_SENT

which seems to suggest that the ssh client uses an anonymous/ephemeral
port number.

Similarly, if I ssh to a remote linux system that is indeed up and look there:

[raj@sweb897 raj]$ netstat -a | grep tardy
tcp 0 20 sweb897.cup.hp.com:ssh tardy.cup.hp.com:53101 ESTABLISHED
it shows that the client used an ephemeral port.

and then finally, if I do an ssh local host on the Linux system I see:

[raj@sweb897 raj]$ netstat -a | grep ssh
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.localdoma:ssh localhost.localdo:32786 ESTABLISHED
tcp 0 0 localhost.localdo:32786 localhost.localdoma:ssh ESTABLISHED

which shows that the ssh client's use of ephemeral ports was not
limited to the HP-UX client (tardy).

rick jones
--
firebug n, the idiot who tosses a lit cigarette out his car window
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to raj in cup.hp.com but NOT BOTH...

Rick Jones wrote:
> Is that correct? I initiated an SSH session from my HP-UX system to
> another system (that wasn't there) and se this in netstat:
>
> $ netstat -a | grep SYN
> tcp 0 1 tardy.53097 sweb169.22 SYN_SENT
>
> which seems to suggest that the ssh client uses an anonymous/ephemeral
> port number.

[snip]

> which shows that the ssh client's use of ephemeral ports was not
> limited to the HP-UX client (tardy).

It's not correct, and it is. - Outgoing connections that are initiated
by any user _must_ be assigned an _unprevileged_ port number.

What I am saying here is that if I write my own ssh-client code, that
will - permissions allowing - have a _source_ port of 22, the connection
_from_ :22 _to_ :22 _must_ not be rejected _only_ because it comes from
the same port that the server is listenning on.

Every connection that will be started by a non-priveleged user will
have a dport value >= 1024 by definition. I'm not too certain about
the X11 protocol, where there's a server listenning on :5111 or so.

Anyway, the idea I'm talking about is that a client to server
connection is possible regardless of originating and serving port
range - especially, what I want to emphasize, no connection will
be refused only because the source port equals the destination port,
and be it by coincidence. -- If You manage to configure Your web-
browser to "originate" from port 80, You probably won't find any
site that will deny access only because of that source port.


Only postponed, Yours Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...