Hacker Newsnew | comments | show | ask | jobs | submit login
The TCP/IP Drinking Game (valerieaurora.org)
47 points by rythie 1636 days ago | 14 comments



When I saw the title, I imagined several hackers sitting around with a handle of vodka and all eyes on a terminal running tcpdump.

-----


Remember, nobody wins a drinking game.

No, no, no. Everybody wins a drinking game.

-----


  Q: How does a Windows machine react if ports above 1080 are blocked by a router? 
  A: A regular user can surf for roughly 2min after booting, then has to reboot.
Huh?

-----


I wondered about that too.

Here's my guess (would welcome confirmation or a more accurate explanation, not least because I'm far from an expert on how TCP/IP works and know even less about Windows):

1) The router blocking outgoing connections coming from ports on that machine. That is, each time you make an outgoing connection, there's a port on your machine associated with that connection.

2) The ports associated with outgoing connections start at 1024. (Unix-specific? Traditionally only root could use ports lower than that.)

3) Each subsequent connection gets a higher port. Presumably they wrap around eventually.

4) So, after not too many outgoing connections, you've hit 1080, and you need to reboot to reset the count.

-----


Traditionally only root could use ports lower than [1024]

As an aside, this is one of the more daft aspects of Unix. There's no reason whatsoever that http should need bits to run. The reasons cited for services such as ftp, smtp, imap, etc aren't very compelling, either. This restriction, ostensibly in the name of security, has in fact been a cause of a number of security problems.

In the silliness scale, it's up there with exposing numeric user IDs. (You can't do arithmetic with them for anything useful.)

-----


I don't think you'd be very happy if the imap server crashed, a random user restarted it running as them, and then logged all the passwords entered...

-----


No, I wouldn't. But so what? Putting trust in a service just because it's running on a low-numbered port is ridiculous.

If we want trustable services, there are ways to do that, although with mixed track records to be sure.

To try to create trustable services by assigning a range of ports to the superuser is clumsy in the extreme, and has all sorts of bad side effects.

-----


Okay, outgoing ports makes sense. I didn't realize that was the meaning. And with persistent connections I was thinking down the wrong path.

-----


I think this is saying that Windows starts assigning ephermal ports at 1025 and a common rate of web browsing uses 55 ports after about 2 minutes, at which point ports above 1080 start to be assigned and are blocked.

-----


It probably starts with low numbered ports for new connections and by 2 minutes has reached 1080

-----


+ random facts:

Q: How many identical acks need to be received for fast retransmit to occur?

The DUPACK threshold is a configurable parameter. Linux uses a threshold of 2 (sysctl: net.ipv4.tcp_reordering).

Q: Name one of the men described as "The Father of the Internet."

Apparently, Leonard Kleinrock is also one of the fathers of the Internet: http://www.cs.ucla.edu/~lk/.

-----


Good grief I'd be hammered. Admittedly, not my area of expertise, but still. Bad for the ego. Which in turn is good for the drinking, so... Bartender, line some shots up...

-----


Hammered? Hell, I'd be barfing halfway through.

-----


Some of these questions I include in my exams for "network technology" classes (at least the easier ones: what's the class D network, what's bootp, ..) - and maybe I can find some more. Thank's for sharing.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: