Home page logo

nanog logo nanog mailing list archives

Re: Private port numbers?
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Thu, 14 Aug 2003 10:31:48 +0100 (BST)

On Wed, 13 Aug 2003, Crist Clark wrote:

Iljitsch van Beijnum wrote:

Be damned if you filter, be damned if you don't. Nice choice.

I think it's time that we set aside a range of port numbers for private
use. That makes all those services that have no business escaping out
in the open extremely easy to filter, while at the same time not
impacting any legitimate users.

Cool. So if you use private ports, you'll be totally protected from the
Internet nasties (and the Internet protected from your broken or malicious
traffic) in the same way RFC1918 addressing does the exact same thing now
at the network layer.

Erm? Unless your nasty uses TCP (requiring two-way) you still get the same 
potential to spread worms etc as you do on 1918 currently

I'm sure everyone will filter private ports just as effectively as RFC1918
and martian addresses are filtered at borders now.

Whoa people filter these things, news to me!


Can't wait to read the draft and RFC. Rock on.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]