RE: Ports used by home-grown applications

["Paul D. Robertson" <proberts () clark net>]

On Tue, 26 Oct 1999 GibsonB () gruntal com wrote:

> What do you mean by safely?  So as not to conflict with existing
> applications or ports that are less likely to allow breaches into the
> machine or network?
>
> If it's the former, there is an RFC that list all the well known ports.

RFC1700 had been superceded by a Web site available at:

http://www.iana.org/numbers.html (IANA is mirrored at 
http://iana.netnod.se in case the primary is down or you're on that side 
of the Atlantic) under "Port Numbers."

> There are LOT of services so perhaps you might want to think about what
> services you might want to use and avoid their ports.  
>
> If it's the latter then you should use unprivileged ports(ports over 1024).

Unfortunately, this is no longer true given things like NetBIOS, and 
actually it's never been really true give things like X, NFS...  

> The bigger question is why would you want to run applications on your
> firewall?  This is a VERY BAD IDEA.  

That was (hopefully) just miscommunication.

IMNSHO, proxy servers mitigate the risk more than opening ports on a 
filter, but tunneling is still possible with a proxy.  

> begin 600 winmail.dat

Ick, can you fix this, it makes your messages significantly bigger than 
they need be.

Thanks,

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280