Re: solution time for www/smtp hole

mkgray@athena.mit.edu
From: mkgray@athena.mit.edu
Message-id: <9308130042.AA21960@neptune.MIT.EDU>
To: marca@ncsa.uiuc.edu (Marc Andreessen)
Cc: www-talk@nxoc01.cern.ch
Subject: Re: solution time for www/smtp hole 
In-reply-to: Your message of Thu, 12 Aug 93 19:13:39 -0500.
             <9308130013.AA21498@wintermute.ncsa.uiuc.edu> 
Date: Thu, 12 Aug 93 20:42:50 EDT
Status: RO
Limiting HTTP connections to only a few ports will cause problems for a number
of servers.  There are HTTP servers running on a wide range of ports including
many on ports 8000, 8001, and 8002, and many on other unpredictable ports
(2784, 800, 9666, etc).  In particular this would influence sites like 
info.cern.ch which has servers running on ports 80, 2784, 8001, 8002 and 
8004, where they can't simply move to the 'standard' port because they are 
already using it.

If one really must limit what ports someone connects to (I don't think think
it should be limited) then it would probably be better to have a list of
'dangerous/insecure ports' like 25 that it won't connect to.

					Matthew