Thursday, 1 March 2007

GNU.Free, TCP and port scanning

I've been diving into the GNU.Free code recently in the evening (it's fun in a perverse way), thought I'd share this gorgeous little tidbit from one of the server classes:

/* SECURITY NOTE: VERY IMPORTANT! */
// constant to store value being used as FREE port number
// For security reasons I recommend this is changed every election
private static final int freePort = 1111;

That's right Jason, switch the port numbers between elections, no-one will ever be able to figure that one out (if only there was some kind of software that could quickly scan a host for open ports, nah!) Who says OSS is free from security by obscurity coding?

0 comments: