Re: solution time for www/smtp hole

mkgray@athena.mit.edu
Thu, 12 Aug 93 20:42:50 EDT


Limiting HTTP connections to only a few ports will cause problems for a number
of servers. There are HTTP servers running on a wide range of ports including
many on ports 8000, 8001, and 8002, and many on other unpredictable ports
(2784, 800, 9666, etc). In particular this would influence sites like
info.cern.ch which has servers running on ports 80, 2784, 8001, 8002 and
8004, where they can't simply move to the 'standard' port because they are
already using it.

If one really must limit what ports someone connects to (I don't think think
it should be limited) then it would probably be better to have a list of
'dangerous/insecure ports' like 25 that it won't connect to.

Matthew