Let's take Gopher as an example. Upon initial connection, Gopher doesn't
identify itself upon with something like "Welcome to gopher at <host.domain>",
and in fact, it says nothing when you connect to it. That makes it kind of
difficult to make a positive identification, but a WWW browser can expect
to _not_ get a message back saying something like:
220 <host.domain> Sendmail 5.64/3.14 ready at <date>
or
200 <host.domain> news server ready - posting ok
Any unexpected messages like these should cause the browser to have second
thoughts about continuing the connection. I haven't looked at every
service, but most seem have been modelled after the command/response
mechanism used in ftp and smtp, and they identify themselves upon initial
connection.
Admittedly, it is a real pain for a browser to validate services, but
it could skip validation if the connection was being made to the port which
is normally associated with the service (e.g. 70 for Gopher).
Comments?
-- -Brian Smithson brian@eitech.com Enterprise Integration Technologies +1 415 617 8009 459 Hamilton Avenue, Palo Alto, CA 94301 USA FAX +1 415 617 8019