North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISPs as content-police or method-police

  • From: joshua stein
  • Date: Mon Nov 20 15:06:28 2000

John Kristoff wrote:
> The problem is that 137-139 are just numbers.  The fact that a typically
> insecure application runs over port 137/139 as opposed to say, 25609,
> makes no difference.  If the logic follows, then block port 21, 111 and
> maybe even port 80.  I'm sure we can find over zealous security experts
> making claims that those services are inherently insecure as well. 
> Someone will come up with a way of doing file sharing over another port
> number, over another protocol, over a conforming application (e.g. HTTP)
> and probably using encryption so you can't tell what it is.

If users are smart enough to switch the port and encrypt their traffic,
then obviously there's nothing to worry about.  The original suggestion
was to protect users that probably don't even realize they have shares
open to the world.