On Wed, 13 Aug 2003, Crist Clark wrote: > > Iljitsch van Beijnum wrote: > > > > Be damned if you filter, be damned if you don't. Nice choice. > > > > I think it's time that we set aside a range of port numbers for private > > use. That makes all those services that have no business escaping out > > in the open extremely easy to filter, while at the same time not > > impacting any legitimate users. > > Cool. So if you use private ports, you'll be totally protected from the > Internet nasties (and the Internet protected from your broken or malicious > traffic) in the same way RFC1918 addressing does the exact same thing now > at the network layer.
Erm? Unless your nasty uses TCP (requiring two-way) you still get the same potential to spread worms etc as you do on 1918 currently > I'm sure everyone will filter private ports just as effectively as RFC1918 > and martian addresses are filtered at borders now. Whoa people filter these things, news to me! Steve > > Can't wait to read the draft and RFC. Rock on. >
