Re: solution time for www/smtp hole
mkgray@athena.mit.edu
From: mkgray@athena.mit.edu
Message-id: <9308130042.AA21960@neptune.MIT.EDU>
To: marca@ncsa.uiuc.edu (Marc Andreessen)
Cc: www-talk@nxoc01.cern.ch
Subject: Re: solution time for www/smtp hole
In-reply-to: Your message of Thu, 12 Aug 93 19:13:39 -0500.
<9308130013.AA21498@wintermute.ncsa.uiuc.edu>
Date: Thu, 12 Aug 93 20:42:50 EDT
Status: RO
Limiting HTTP connections to only a few ports will cause problems for a number
of servers. There are HTTP servers running on a wide range of ports including
many on ports 8000, 8001, and 8002, and many on other unpredictable ports
(2784, 800, 9666, etc). In particular this would influence sites like
info.cern.ch which has servers running on ports 80, 2784, 8001, 8002 and
8004, where they can't simply move to the 'standard' port because they are
already using it.
If one really must limit what ports someone connects to (I don't think think
it should be limited) then it would probably be better to have a list of
'dangerous/insecure ports' like 25 that it won't connect to.
Matthew