Ephemeral Source Port Selection Strategies

Last updated: $Date: 2015/08/06 19:14:37 $
Updates to: jtk@cymru.com

Acknowledgments

Thanks to all those who contribute updates and corrections to this page! If you would like to be acknowledged publicly for your contributions, please indicate so when you contact us and we will list your name here.

Introduction

This page enumerates a variety of default ephemeral port usage and source port selection strategies known to be used by a variety of systems. We rely on community feedback to help us improve the accuracy and completeness of this page. Please send us your updates and corrections.

The table below summarizes the default ephemeral source port selection range and strategy used by modern systems. The strategy column denotes whether the values are derived from a global, system pool of values or a local, typicall flow-specific pool based on some set of the 5-tuple (IP source address, IP destination address, protocol, source port and destination port) socket detail. It also denotes how subsequent values are choosen (e.g. sequential versus random). Following the table we discuss additional details about various implementations that cannot be easily summarized in the table with pointers and references to additional information.

Ephemeral Source Port Strategy Listing
System Port Number Range Selection Strategy
AIX 32768 - 65535 N/A
Android N/A N/A
Apple iOS 7 49152 - 65535 global, sequential (TCP), random (UDP)
Apple OS X 10.9 49152 - 65535 global, sequential (TCP), random (UDP)
BlackBerry OS N/A N/A
BSD/OS 49152 - 65535 N/A
HP-UX 49152 - 65535 N/A
IRIX 1024 - 65535 N/A
Linux 32768 - 61000 local, random
FreeBSD 10.0 10000 - 65535 global, random
Microsoft Server 2003 1024 - 5000 global, sequential
Microsoft Server 2008 49152 - 65535 N/A
Microsoft Windows 7 49152 - 65535 N/A
Microsoft Windows 8 49152-65535 N/A
Microsoft Windows 2000 1024 - 5000 global, sequential
Microsoft Vista 49152 - 65535 N/A
Microsoft Windows XP 1024 - 5000 global, sequential
NetBSD 49152 - 65535 N/A
OpenBSD 1024 - 49151 global, random
QNX N/A N/A
Solaris 32768 - 65535 N/A
Symbian N/A N/A
HP Tru64 UNIX 1024 - 5000 N/A

System-specific Notes

Apple OS X

Mac OS X has leveraged some of the FreeBSD networking stack, so in this regard Mac OS X and FreeBSD are similar. However, FreeBSD changes may not find their way into Mac OS X at the same pace, if at all as is the case with ephemeral source port selection. As of this writing, the current version of OS X implements a slightly different default and older version of ephemeral source port selection strategy from an earlier release of FreeBSD. At a Mac OS X terminal prompt run sysctl -a | grep port to see the current settings (net.inet.ip.portrange.first and net.inet.ip.portrange.last are the default port range settings and the OS X specific option net.inet.udp.randomize_ports option is enabled by default, while the TCP equivalent is disabled).

FreeBSD

As of FreeBSD 10.0 the default ephemeral port range is between 10,000 and 65,535 inclusive, but applications that utilize the socket functions can alter the ephemeral port range by setting the socket option to one of the non-default values. The default value is specified by the macro IP_PORTRANGE_DEFAULT (10000 - 65535) and defined in /usr/include/netinet/in.h. There are also the IP_PORTRANGE_HIGH (49152-65535) and IP_PORTRANGE_LOW (0-1023) macros, but the last one requires root privileges.

Microsoft

In Microsoft Server 2000 and Windows XP the upper range of ephemeral source ports can be configured by setting the MaxUserPort value in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to an integer between 5000 and 65534.

NetBSD

As of NetBSD 6.1.5 the default ephemeral port range is between 49152 and 65535 inclusive, but applications that utilize socket functions can alter the ephemeral range by setting the socket option to one of the non-default values. The default minimum value is specified by the macro IPPORT_ANONMIN, while the maximum is specified by the macro IPPORT_ANONMAX both defined in /src/sys/netinet/in.h.

OpenBSD

As of OpenBSD 5.5 the default ephemeral port range is between 1024 and 49,151 inclusive, but applications that utilize the socket functions can alter the ephemeral port range by setting a socket option to one of the non-default values much like FreeBSD. The default value is specified by the macro IP_PORTRANGE_DEFAULT (1024-49151) and defined in /usr/include/netinet/in.h. There are also the IP_PORTRANGE_HIGH (49152-65535) and IP_PORTRANGE_LOW (0-1023) macros, but the last one requires root privileges.

References

  1. Comments on Selecting Ephemeral Ports, Mark Allman, ACM Computer Communications Review, April 2009
  2. Recommendations for Transport-Prototocol Port Randomization, IETF RFC 6056 / BCP 156, January 2011
  3. IANA Service Name and Transport Protocol Port Number Registry - last accessed 2014-08-04
  4. NcFTP'sThe Ephemeral Port Range page - last accessed 2014-08-04
  5. Improving TCP/IP security through randomization without sacrificing interoperability, Michael James Silbersack, EuroBSDCon 2005
  6. John Kristoff's blog Ops: TCP port 1024 and 3072 traffic post, March 4, 2011
  7. Avoiding TCP/IP Port Exhaustion on Microsoft Server 2003 and Windows XP.
  8. You cannot exclude ports by using the ReservedPorts registry key in Windows Server 2008 or in Windows Server 2008 R2
  9. Microsoft Windows 2000 TCP/IP Implementation Details
  10. The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008

$Id: ephemeralports.html,v 1.16 2015/08/06 19:14:37 jtk Exp $