nanog mailing list archives

Re: Private port numbers?

From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Thu, 14 Aug 2003 10:31:48 +0100 (BST)


On Wed, 13 Aug 2003, Crist Clark wrote:


Iljitsch van Beijnum wrote:


Be damned if you filter, be damned if you don't. Nice choice.

I think it's time that we set aside a range of port numbers for private
use. That makes all those services that have no business escaping out
in the open extremely easy to filter, while at the same time not
impacting any legitimate users.


Cool. So if you use private ports, you'll be totally protected from the
Internet nasties (and the Internet protected from your broken or malicious
traffic) in the same way RFC1918 addressing does the exact same thing now
at the network layer.


Erm? Unless your nasty uses TCP (requiring two-way) you still get the same 
potential to spread worms etc as you do on 1918 currently

I'm sure everyone will filter private ports just as effectively as RFC1918
and martian addresses are filtered at borders now.


Whoa people filter these things, news to me!

Steve


Can't wait to read the draft and RFC. Rock on.

Current thread:

Re: Private port numbers?, (continued)
- Re: Private port numbers? Crist Clark (Aug 13)
  - Re: Private port numbers? Iljitsch van Beijnum (Aug 13)
    - Re: Private port numbers? Christopher L. Morrow (Aug 13)
  - Re: Private port numbers? Christopher L. Morrow (Aug 13)
    - Re: Private port numbers? David G. Andersen (Aug 13)
    - RE: Private port numbers? Lars Higham (Aug 13)
    - Re: Private port numbers? Crist Clark (Aug 14)
    - Re: Private port numbers? Mans Nilsson (Aug 14)
    - Death of IPv6 Site-Local (was Re: Private port numbers?) Crist Clark (Aug 14)
    - Re: Death of IPv6 Site-Local (was Re: Private port numbers?) Jeremy T. Bouse (Aug 14)
  - Re: Private port numbers? Stephen J. Wilcox (Aug 14)