On Wed, 13 Aug 2003, Crist Clark wrote:
Iljitsch van Beijnum wrote:
Be damned if you filter, be damned if you don't. Nice choice.
I think it's time that we set aside a range of port numbers for private use. That makes all those services that have no business escaping out in the open extremely easy to filter, while at the same time not impacting any legitimate users.
Cool. So if you use private ports, you'll be totally protected from the Internet nasties (and the Internet protected from your broken or malicious traffic) in the same way RFC1918 addressing does the exact same thing now at the network layer.
Erm? Unless your nasty uses TCP (requiring two-way) you still get the same potential to spread worms etc as you do on 1918 currently
I'm sure everyone will filter private ports just as effectively as RFC1918 and martian addresses are filtered at borders now.
Whoa people filter these things, news to me! Steve
Can't wait to read the draft and RFC. Rock on.