I think Eliot meant RFC 5785 /.well-known/ locations, rather than well known ports
Yoav > On 24 Nov 2015, at 6:37 PM, Kathleen Moriarty > <kathleen.moriarty.i...@gmail.com> wrote: > > I agree with Eliot, I don't think a scan is needed to make a decision > here. Having managed several networks that would not have allowed you > access from some random scanner, I don't think you'll get all the data > you are looking for. In a well managed network, the IDS/IPS should > detect that it is a scan and block all future probes once you hit a > small number of ports/IPs. So you may get a small sample with > everything else failing within an address block. Granted, not all > networks are managed well and you may get a good amount of data. > > If this connection was expected to a few servers, then a network > manager might just allow those only on the assigned port. > > Without any hat on, I agree that a port + 443 as an alternate is a good plan. > > Kathleen > > On Tue, Nov 24, 2015 at 8:11 AM, Randy Bush <ra...@psg.com> wrote: >>> Isn't this precisely what .well-known was meant to address? >> >> fun small research project. what percentage of well-known ports can >> you connect to from the outside to a machine inside cisco? hell, to >> what percentage of well-known ports outside cisco can you reach from >> inside? >> >> well-known does not correlate well with open to access by IT security >> departments. >> >> randy >> >> _______________________________________________ >> Acme mailing list >> Acme@ietf.org >> https://www.ietf.org/mailman/listinfo/acme > > > > -- > > Best regards, > Kathleen > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme