On 7/28/2005 1:15 AM, Brenda J. Butler wrote: > The thing (eg apache) listening to a well-known port either answers very > fast, or sends a random port back to the client for the longer-duration > transaction and resumes listening on the well-known port. > > If the server spent significant time answering via the well-known port, > then other people trying to access that service would not be able to > connect because it would be busy. While some protocols do this, this is not necessary. SMTP transactions, for example can take exceedingly long times to complete. SSH is also often used for extended sessions. The communication all happens on a well known destination port (ie: 25 or 22). It's really not necessary to use random ports for these types of applications and it doesn't buy you anything. Often, in fact, it makes your life more difficult as firewalls are more difficult to configure. -z