GNU.Free, TCP and port scanning
I've been diving into the GNU.Free code recently in the evening (it's fun in a perverse way), thought I'd share this gorgeous little tidbit from one of the server classes:
/* SECURITY NOTE: VERY IMPORTANT! */
// constant to store value being used as FREE port number
// For security reasons I recommend this is changed every election
private static final int freePort = 1111;
That's right Jason, switch the port numbers between elections, no-one will ever be able to figure that one out (if only there was some kind of software that could quickly scan a host for open ports, nah!) Who says OSS is free from security by obscurity coding?
0 comments:
Post a Comment