Re: solution time for www/smtp hole

Charles Henrich <>
From: Charles Henrich <>
Message-id: <>
Subject: Re: solution time for www/smtp hole
Date: Fri, 13 Aug 1993 13:22:25 -0400 (EDT)
In-reply-to: <> from "William C Fenner" at Aug 13, 93 12:21:53 pm
X-Mailer: ELM [version 2.4 PL21]
Content-Type: text
Content-Length: 999       
Status: RO
> I don't think that exclusion is the way to go.  If we're going to exclude
> any services listed in the Assigned Numbers RFC (rfc1340 right now) that
> look like they might be dangerous, we'd better exclude 71-74 (Remote Job
> Service), 82 (XFER Utility), etc.  Most of the "funky" ports that are
> currently in use are already officially assigned to something else, and
> when you connect to port 82 on you can't be sure whether
> you're getting the XFER utility or the httpd that someone stuck on some
> random port.

The purpose is to stop attacks on systems.  All the ports you've named are not
widely used for their intended purpose, and as such dont present a problem
(IMHO).  Exclusion is the better answer, why break the world when you do not
need to?  Justification for religous reasons just isnt enough (IMHO).


    Charles Henrich     Michigan State University