On Sat, 2011-02-26 at 12:41 -0800, John R Pierce wrote:
On 02/26/11 12:33 PM, Rainer Duffner wrote:
With IPV6, you don't need to run it on a different port. Just bind it to a different IP in the same prefix ;-) So, that port-8080 stuff will be gone pretty soon. In a year or two. Cough-cough.
when I first saw the spec for IPv6 I mistakenly thought they'd done away with ports entirely, and that you'd just use an IP range for a server for different services... but that would be a mess for DNS, having to use a different hostname for ssh rather than http etc, a physical host would likely use a subdomain in that scheme (ssh.myhost.mydomain.com vs http.myhost.mydomain.com etc etc)
When using a non-standard port on IP4, the hacker is not being pointed directly at a specific door with a live application behind it. Additionally if HTTP is operating on the same IP address, the hacker might think that is the only application at the address. With a unique IP6 address a hacker can be sure something is definitely there.
Creating lots of dummy IP6 addresses to confuse hackers is not an ideal solution.