On 8 Jul 2004, Colin Paul Adams wrote: > >>>>> "Rodolfo" == Rodolfo J Paiz <rpaiz@xxxxxxxxxxxxxx> writes: > > Rodolfo> At 12:41 PM 7/8/2004, Colin Paul Adams wrote: > >> You ARE joking aren't you? That's 60,000 ports! It would take > >> me a year to type all that lot in! Isn't there a way to limit > >> which ports it uses? > > Rodolfo> Hopefully you're aware that you can type 5000:65000 in > Rodolfo> the iptables rule and it will treat it as a range. If > Rodolfo> not, consider it good news... you just changed a year > Rodolfo> into 3.7 seconds. > > Thanks - but that still looks to be a huge security hole - according > to lsof, it's only listening on one or two ports. port numbers above 5000 are traditionally dynamically assigned. the applicaion is only listening on a few well defined ports for (h.323) call setup. When you make or recive a call aditional ports will be dynically assigned depending on the resources the session needs. > -- -------------------------------------------------------------------------- Joel Jaeggli Unix Consulting joelja@xxxxxxxxxxxxxxxxxxxx GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
