On Thu, 2020-02-20 at 21:34 -0800, Samuel Sieb wrote:
Any critical system daemons are 1024 and below. The reason the high ports are left open is for user applications to be able to communicate without users having to figure out the firewall.
Beyond the usual (HTTP, mail, DNS servers, etc), what is the average non-admin user going to set up that listens as a server? Admin-users setting up those traditional services ought to know how to manage firewalls, or they ought not to mess around with those services.
Thanks to the forever moving target closed-source things like ICQ, MSN, Yahoo messenger (some of which have gone by the way of the dodo), there isn't much in the way of Linux-based clients for those kind of things that need to have listening ports.
I can only think of something like bitorrent, which doesn't seem to need you to poke holes in your firewall.