From
ip(4)
Code:
IP_PORTRANGE may be used to set the port range used for selecting a local
port number on a socket with an unspecified (zero) port number. It has
the following possible values:
IP_PORTRANGE_DEFAULT use the default range of values, normally
IPPORT_HIFIRSTAUTO through IPPORT_HILASTAUTO. This
is adjustable through the sysctl setting:
net.inet.ip.portrange.first and
net.inet.ip.portrange.last.
IP_PORTRANGE_HIGH use a high range of values, normally
IPPORT_HIFIRSTAUTO and IPPORT_HILASTAUTO. This is
adjustable through the sysctl setting:
net.inet.ip.portrange.hifirst and
net.inet.ip.portrange.hilast.
IP_PORTRANGE_LOW use a low range of ports, which are normally
restricted to privileged processes on UNIX systems.
The range is normally from IPPORT_RESERVED - 1 down
to IPPORT_RESERVEDSTART in descending order. This
is adjustable through the sysctl setting:
net.inet.ip.portrange.lowfirst and
net.inet.ip.portrange.lowlast.
The range of privileged ports which only may be opened by root-owned pro-
cesses may be modified by the net.inet.ip.portrange.reservedlow and
net.inet.ip.portrange.reservedhigh sysctl settings. The values default
to the traditional range, 0 through IPPORT_RESERVED - 1 (0 through 1023),
respectively. Note that these settings do not affect and are not
accounted for in the use or calculation of the other
net.inet.ip.portrange values above. Changing these values departs from
UNIX tradition and has security consequences that the administrator
should carefully evaluate before modifying these settings.
Ports are allocated at random within the specified port range in order to
increase the difficulty of random spoofing attacks. In scenarios such as
benchmarking, this behavior may be undesirable. In these cases,
net.inet.ip.portrange.randomized can be used to toggle randomization off.
If more than net.inet.ip.portrange.randomcps ports have been allocated in
the last second, then return to sequential port allocation. Return to
random allocation only once the current port allocation rate drops below
net.inet.ip.portrange.randomcps for at least
net.inet.ip.portrange.randomtime seconds. The default values for
net.inet.ip.portrange.randomcps and net.inet.ip.portrange.randomtime are
10 port allocations per second and 45 seconds correspondingly.