Hacker News new | comments | show | ask | jobs | submit login

  Q: How does a Windows machine react if ports above 1080 are blocked by a router? 
  A: A regular user can surf for roughly 2min after booting, then has to reboot.

I wondered about that too.

Here's my guess (would welcome confirmation or a more accurate explanation, not least because I'm far from an expert on how TCP/IP works and know even less about Windows):

1) The router blocking outgoing connections coming from ports on that machine. That is, each time you make an outgoing connection, there's a port on your machine associated with that connection.

2) The ports associated with outgoing connections start at 1024. (Unix-specific? Traditionally only root could use ports lower than that.)

3) Each subsequent connection gets a higher port. Presumably they wrap around eventually.

4) So, after not too many outgoing connections, you've hit 1080, and you need to reboot to reset the count.

Traditionally only root could use ports lower than [1024]

As an aside, this is one of the more daft aspects of Unix. There's no reason whatsoever that http should need bits to run. The reasons cited for services such as ftp, smtp, imap, etc aren't very compelling, either. This restriction, ostensibly in the name of security, has in fact been a cause of a number of security problems.

In the silliness scale, it's up there with exposing numeric user IDs. (You can't do arithmetic with them for anything useful.)

I don't think you'd be very happy if the imap server crashed, a random user restarted it running as them, and then logged all the passwords entered...

No, I wouldn't. But so what? Putting trust in a service just because it's running on a low-numbered port is ridiculous.

If we want trustable services, there are ways to do that, although with mixed track records to be sure.

To try to create trustable services by assigning a range of ports to the superuser is clumsy in the extreme, and has all sorts of bad side effects.

Okay, outgoing ports makes sense. I didn't realize that was the meaning. And with persistent connections I was thinking down the wrong path.

I think this is saying that Windows starts assigning ephermal ports at 1025 and a common rate of web browsing uses 55 ports after about 2 minutes, at which point ports above 1080 start to be assigned and are blocked.

It probably starts with low numbered ports for new connections and by 2 minutes has reached 1080

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact