At 19:27 24.11.99 +0800, Miguel A.L. Paraz wrote:
>I was scanning through our list of TCP_DENIED logs, and found a good number
>of URLs using un-Safe ports like 81, 88, and (?) 595. But judging from the
>URL it looked like a good location.
You should complain to those running a web service on an unsafe
port that they should use the standard port 80 instead. Or, if
you are managing a cache with many users, tell your users that
they should complain about the services each of them wants to
access.
>So I'm wondering, is the Safe_ports list still relevant?
Very much so. There is a big potential of abuse.
>What if we replace it with a list of Unsafe ports instead?
That's what was done in Squid 1, but it turned out not to be
safe enough. You would eternally be running after the bad guys,
adding ports for which a possibility of abuse has been discovered
but never getting them all.
-- Tilman Schmidt E-Mail: Tilman.Schmidt@sema.de (office) Sema Group Koeln, Germany tilman@schmidt.bn.uunet.de (private)Received on Wed Nov 24 1999 - 05:13:56 MST
This archive was generated by hypermail pre-2.1.9 : Wed Apr 09 2008 - 11:57:32 MDT