On Tue, 26 Oct 1999 [EMAIL PROTECTED] wrote:
> What do you mean by safely? So as not to conflict with existing
> applications or ports that are less likely to allow breaches into the
> machine or network?
>
> If it's the former, there is an RFC that list all the well known ports.
RFC1700 had been superceded by a Web site available at:
http://www.iana.org/numbers.html (IANA is mirrored at
http://iana.netnod.se in case the primary is down or you're on that side
of the Atlantic) under "Port Numbers."
> There are LOT of services so perhaps you might want to think about what
> services you might want to use and avoid their ports.
>
> If it's the latter then you should use unprivileged ports(ports over 1024).
Unfortunately, this is no longer true given things like NetBIOS, and
actually it's never been really true give things like X, NFS...
> The bigger question is why would you want to run applications on your
> firewall? This is a VERY BAD IDEA.
That was (hopefully) just miscommunication.
IMNSHO, proxy servers mitigate the risk more than opening ports on a
filter, but tunneling is still possible with a proxy.
> begin 600 winmail.dat
Ick, can you fix this, it makes your messages significantly bigger than
they need be.
Thanks,
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
