On Sat, 2011-02-26 at 12:41 -0800, John R Pierce wrote: > On 02/26/11 12:33 PM, Rainer Duffner wrote: > > With IPV6, you don't need to run it on a different port. > > Just bind it to a different IP in the same prefix ;-) > > So, that port-8080 stuff will be gone pretty soon. > > In a year or two. > > Cough-cough. > > when I first saw the spec for IPv6 I mistakenly thought they'd done away > with ports entirely, and that you'd just use an IP range for a server > for different services... but that would be a mess for DNS, having to > use a different hostname for ssh rather than http etc, a physical host > would likely use a subdomain in that scheme (ssh.myhost.mydomain.com vs > http.myhost.mydomain.com etc etc) When using a non-standard port on IP4, the hacker is not being pointed directly at a specific door with a live application behind it. Additionally if HTTP is operating on the same IP address, the hacker might think that is the only application at the address. With a unique IP6 address a hacker can be sure something is definitely there. Creating lots of dummy IP6 addresses to confuse hackers is not an ideal solution. -- With best regards, Paul. England, EU.