[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev [PATCH] Blocking common ports
|
From: |
pg |
|
Subject: |
Re: lynx-dev [PATCH] Blocking common ports |
|
Date: |
Wed, 4 Sep 2002 11:18:19 -0600 (MDT) |
In a recent note, Ulf Harnhammar said:
> Date: Wed, 4 Sep 2002 18:57:11 +0200 (CEST)
>
> I have written a patch that makes Lynx block several common
> ports. Previously, it only blocked port 19 and 25, and as you can send
> mail with the Submission service at port 587, it wasn't very
> effective. I've added a check for that and several other common services
> that you don't want people to connect to with web clients.
>
I dislike this practice. Protection should be the responsibility
of the server, not the client. You don't know what the server may
attempt to serve on what port. For example, at one time, the
National Instute of Standards and Technology had on one of its pages:
<A HREF="http://india.colorado.edu:13/";> See the correct time. </A>
Simple, clever, effective, and harmless (I assume that they had the
permission of colorado.edu; in fact, I suspect india was NIST's
domain, borrowed from U. of C.)
But too many browsers (and the proxy I use) started to do what you propose,
and NIST needed to run an additional time daemon on a different port.
> + if (value > 65535 || value < 0 ||
> + value == 13 || value == 19 ||
I'm opposed.
-- gil
--
StorageTek
INFORMATION made POWERFUL
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden