Firewall Wizards mailing list archives
RE: Ports used by home-grown applications
From: "Paul D. Robertson" <proberts () clark net>
Date: Wed, 27 Oct 1999 01:39:26 -0400 (EDT)
On Tue, 26 Oct 1999 GibsonB () gruntal com wrote:
What do you mean by safely? So as not to conflict with existing applications or ports that are less likely to allow breaches into the machine or network? If it's the former, there is an RFC that list all the well known ports.
RFC1700 had been superceded by a Web site available at: http://www.iana.org/numbers.html (IANA is mirrored at http://iana.netnod.se in case the primary is down or you're on that side of the Atlantic) under "Port Numbers."
There are LOT of services so perhaps you might want to think about what services you might want to use and avoid their ports. If it's the latter then you should use unprivileged ports(ports over 1024).
Unfortunately, this is no longer true given things like NetBIOS, and actually it's never been really true give things like X, NFS...
The bigger question is why would you want to run applications on your firewall? This is a VERY BAD IDEA.
That was (hopefully) just miscommunication. IMNSHO, proxy servers mitigate the risk more than opening ports on a filter, but tunneling is still possible with a proxy.
begin 600 winmail.dat
Ick, can you fix this, it makes your messages significantly bigger than they need be. Thanks, Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () clark net which may have no basis whatsoever in fact." PSB#9280
Current thread:
- Ports used by home-grown applications Ivan Fox (Oct 26)
- <Possible follow-ups>
- RE: Ports used by home-grown applications Mullen, Patrick (Oct 26)
- RE: Ports used by home-grown applications GibsonB (Oct 27)
- RE: Ports used by home-grown applications Paul D. Robertson (Oct 27)