多个进程监听同一个端口? [英] Multiple processes listening on the same port?

问题描述

我想了解如何在 Windows XP 上启动多个侦听同一 TCP {IP, Port} 对的进程.

I am trying to understand how can it be possible to start multiple processes listening on the same TCP {IP, Port} pair on Windows XP.

例如，我可以启动两个 ncat.exe 程序侦听端口 371.第二个启动没有任何问题并接收传入连接，而第一个则没有.一旦最后启动的进程终止，第一个接收它们.

For example, I can start two ncat.exe programs listening on port 371. The second one is started without any problem and receives incoming connections while the first one does not. Once the process lastly started is terminated, the first one receives them.

netstat -a -n | find "LISTENING"
   TCP    0.0.0.0:371            0.0.0.0:0              LISTENING
   TCP    0.0.0.0:371            0.0.0.0:0              LISTENING

假设这是 Windows (XP) 行为，它怎么可能是安全的 &安全行为?这意味着您可以过载"任何已经在侦听的端口，而不是获得通常的地址已在使用"错误消息，并且只需绕过防火墙，规则只是说允许端口 371 上的任何传入 TCP 连接".

Assuming this a Windows (XP) behaviour, how can it be a safe & secure behaviour? It means one can "overload" any already listening port instead of getting the usual "address already in use" error message, and simply bypass firewalls with rules just saying "any incoming TCP connections on port 371 are allowed".

推荐答案

SO_REUSEADDR 套接字选项在 windows 中的解释不同，即在 Linux 中它允许您重用相同的套接字，除非所有五个元组 (src/dst port/ip和协议完全一样).

SO_REUSEADDR socket option is interpreted differently in windows i.e. in Linux it would allow you to reuse the same socket unless all of the five tuple (src/dst port/ip and protocol are exactly same).

然而，Windows 实际上允许您窃取套接字.我会引用一个更好的书面答案在这里详细说明.

However, windows actually allow you to steal the socket. I would quote a much better written answer here elaborating both.

Windows 只知道 SO_REUSEADDR 选项，没有 SO_REUSEPORT.在 Windows 中的套接字上设置 SO_REUSEADDR 的行为类似于设置BSD 中套接字上的 SO_REUSEPORT 和 SO_REUSEADDR，只有一个例外:具有 SO_REUSEADDR 的套接字始终可以绑定到完全相同的源地址和端口作为已经绑定的套接字，即使另一个套接字绑定时没有设置此选项.这种行为是有点危险，因为它允许*应用程序窃取"另一个应用程序的连接端口.不用说，这可以有重大安全隐患.

Windows only knows the SO_REUSEADDR option, there is no SO_REUSEPORT. Setting SO_REUSEADDR on a socket in Windows behaves like setting SO_REUSEPORT and SO_REUSEADDR on a socket in BSD, with one exception: A socket with SO_REUSEADDR can always bind to exactly the same source address and port as an already bound socket, even if the other socket did not have this option set when it was bound. This behavior is somewhat dangerous because it allows an* application "to steal" the connected port of another application. Needless to say, this can have major security implications.

这篇关于多个进程监听同一个端口?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！