Re: solution time for www/smtp hole

Marc Andreessen (marca@ncsa.uiuc.edu)
Fri, 13 Aug 93 01:27:32 -0500


Marc VanHeyningen writes:
> I think allowing ports of 70+n for small values of n and >1024 (and
> maybe a couple other idioms) handles virtually all these (ugly)
> cases though. As long as the effect of suspicious ports is only a
> minor inconvenience (present the URL, ask for confirmation) there
> isn't any real functionality lost.

If we're going to take this seriously, having the situation where the
browser presents the URL and asks for confirmation is almost
completely useless, since only a very small fraction of the total
users (for Mosaic, anyway) will have any idea what's going on, what's
OK, and what's not. Most of them will simply be puzzled, and some
will be alienated (``why the hell is it spitting this dialog box full
of random garbage in my face?''). We have to remember that the vast
majority of Internet users these days have no idea what significance
port 25 has, etc.

I do not agree that security is more important than functionality, as
if that were true the Internet would literally not exist because of
its manifold native insecurities. If we are going to be concerned
with the security of this particular situation as you suggest, then we
have to go all the way -- we have to literally outlaw certain ports,
etc. We therefore have to seriously address which ports are always
acceptable and which are always not, and be prepared to live with the
hit in functionality that may imply.

With that in mind, suppose we take the approach of only outlawing a
few ports as opposed to restricting the valid range to a given set
(both approaches have been suggested). What ports other than 25
should be outlawed?

Marc