bashareteam team mailing list archive
-
bashareteam team
-
Mailing list archive
-
Message #00158
[Bug 480233] [NEW] Make the incoming port changeable
Public bug reported:
Originally reported by sziszi in Bug #479692, as question 2:
Bug or Feature?
If I setted the outgoing port to x and the incoming port automatically setted to x+1. If someone know my opened outgoing port(I don't have got any UPnP capable router(Crappy chinese junk) and I can't open UPnP port) the Someone can break into my computer, right? Make the incoming port changeable please.
First answer by Guido:
About security issue, it does no matter. Port and "port+1" are both opened, so if a cracker wants to crack you he can do it in port. The problem isn't to know a opened port, a 5 years old child can know this...
About all webserver use tcp port number 80 :)
To crack someone you need to use a vulnerability in the server program.
Second answer by Guido:
p.s. if you have not opened port on router, you have not opened port+1 too.
Third answer by Guido:
2) security: it is not a security hole. But as feature, I can introduce it in a next release
** Affects: bashare
Importance: Undecided
Status: New
** Tags: request
--
Make the incoming port changeable
https://bugs.launchpad.net/bugs/480233
You received this bug notification because you are a member of BaShare
Team, which is subscribed to BaShare.
Status in BaShare, an easy to use http server with a gui: New
Bug description:
Originally reported by sziszi in Bug #479692, as question 2:
Bug or Feature?
If I setted the outgoing port to x and the incoming port automatically setted to x+1. If someone know my opened outgoing port(I don't have got any UPnP capable router(Crappy chinese junk) and I can't open UPnP port) the Someone can break into my computer, right? Make the incoming port changeable please.
First answer by Guido:
About security issue, it does no matter. Port and "port+1" are both opened, so if a cracker wants to crack you he can do it in port. The problem isn't to know a opened port, a 5 years old child can know this...
About all webserver use tcp port number 80 :)
To crack someone you need to use a vulnerability in the server program.
Second answer by Guido:
p.s. if you have not opened port on router, you have not opened port+1 too.
Third answer by Guido:
2) security: it is not a security hole. But as feature, I can introduce it in a next release
Follow ups
References