今天看了些资料,了解了下 Socket 的安全问题,特别是端口复用方面。
首先,网站空间,微软从2003后就开始增强服务器操作系统的安全性
比如,在03之前的操作系统中,只要第一个 Socket 不设置 SO_EXCLUSIVEADDRUSE,那么第二个 Socket 做 Bind 使用 SO_REUSEADDR 都会成功。
First bind callSecond bind call
DefaultSO_REUSEADDRSO_EXCLUSIVEADDRUSE
WildcardSpecificWildcardSpecificWildcardSpecific
DefaultWildcard INUSE INUSE Success Success INUSE INUSE
Specific INUSE INUSE Success Success INUSE INUSE
SO_REUSEADDRWildcard INUSE INUSE Success Success INUSE INUSE
Specific INUSE INUSE Success Success INUSE INUSE
SO_EXCLUSIVEADDRUSEWildcard INUSE INUSE ACCESS ACCESS INUSE INUSE
Specific INUSE INUSE ACCESS ACCESS INUSE INUSE
而03之后,包括03,却是如下结果:
First bind callSecond bind call
DefaultSO_REUSEADDRSO_EXCLUSIVEADDRUSE
WildcardSpecificWildcardSpecificWildcardSpecific
DefaultWildcard INUSE Success ACCESS Success INUSE Success
Specific Success INUSE Success Success INUSE INUSE
SO_REUSEADDRWildcard INUSE Success Success ACCESS INUSE Success
Specific Success INUSE Success Success INUSE INUSE
SO_EXCLUSIVEADDRUSEWildcard INUSE ACCESS ACCESS ACCESS INUSE ACCESS
Specific Success INUSE Success ACCESS INUSE INUSE
对于不同账号创建的进程,又是如下的结果:
First bind callSecond bind call
DefaultSO_REUSEADDRSO_EXCLUSIVEADDRUSE
WildcardSpecificWildcardSpecificWildcardSpecific
DefaultWildcard INUSE ACCESS ACCESS ACCESS INUSE ACCESS
Specific Success INUSE Success ACCESS INUSE INUSE
SO_REUSEADDRWildcard INUSE ACCESS Success Success INUSE ACCESS
Specific Success INUSE Success Success INUSE INUSE
SO_EXCLUSIVEADDRUSEWildcard INUSE ACCESS ACCESS ACCESS INUSE ACCESS
Specific Success INUSE Success ACCESS INUSE INUSE
,美国服务器,香港服务器租用