多个进程在同一个端口上侦听? [英] Multiple processes listening on the same port?

问题描述

我试图了解如何启动在Windows XP上侦听同一TCP {IP，Port}对的多个进程.

I am trying to understand how can it be possible to start multiple processes listening on the same TCP {IP, Port} pair on Windows XP.

例如，我可以启动两个在端口371上监听的ncat.exe程序.第二个程序可以毫无问题地启动，并且可以接收传入的连接，而第一个程序则可以.最后启动的进程终止后，第一个进程将收到它们.

For example, I can start two ncat.exe programs listening on port 371. The second one is started without any problem and receives incoming connections while the first one does not. Once the process lastly started is terminated, the first one receives them.

netstat -a -n | find "LISTENING"
   TCP    0.0.0.0:371            0.0.0.0:0              LISTENING
   TCP    0.0.0.0:371            0.0.0.0:0              LISTENING

假设这是Windows(XP)的行为，怎么可能是安全的?安全行为?这意味着人们可以超载"任何已经在侦听的端口，而不是获得通常的地址已在使用中"错误消息，并且只需绕过防火墙，只说允许端口371上的任何TCP连接"就可以绕过防火墙.

Assuming this a Windows (XP) behaviour, how can it be a safe & secure behaviour? It means one can "overload" any already listening port instead of getting the usual "address already in use" error message, and simply bypass firewalls with rules just saying "any incoming TCP connections on port 371 are allowed".

推荐答案

SO_REUSEADDR套接字选项在Windows中的解释不同，即在Linux中，除非所有五个元组(src/dst port/ip和协议完全相同).

SO_REUSEADDR socket option is interpreted differently in windows i.e. in Linux it would allow you to reuse the same socket unless all of the five tuple (src/dst port/ip and protocol are exactly same).

但是，Windows实际上允许您窃取套接字.在这里，我会引用一个更好的书面答案.

However, windows actually allow you to steal the socket. I would quote a much better written answer here elaborating both.

Windows仅知道SO_REUSEADDR选项，没有SO_REUSEPORT. 在Windows中的套接字上设置SO_REUSEADDR的行为类似于设置 BSD中套接字上的SO_REUSEPORT和SO_REUSEADDR，但有一个例外: 具有SO_REUSEADDR的套接字可以始终绑定到完全相同的源 地址和端口作为已绑定的套接字，即使另一个套接字也是如此 绑定时未设置此选项.此行为是 有点危险，因为它允许*应用程序窃取" 另一个应用程序的连接端口.不用说，这可以有 主要的安全隐患.

Windows only knows the SO_REUSEADDR option, there is no SO_REUSEPORT. Setting SO_REUSEADDR on a socket in Windows behaves like setting SO_REUSEPORT and SO_REUSEADDR on a socket in BSD, with one exception: A socket with SO_REUSEADDR can always bind to exactly the same source address and port as an already bound socket, even if the other socket did not have this option set when it was bound. This behavior is somewhat dangerous because it allows an* application "to steal" the connected port of another application. Needless to say, this can have major security implications.

这篇关于多个进程在同一个端口上侦听?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！