North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: ISPs as content-police or method-police
John Kristoff wrote: > The problem is that 137-139 are just numbers. The fact that a typically > insecure application runs over port 137/139 as opposed to say, 25609, > makes no difference. If the logic follows, then block port 21, 111 and > maybe even port 80. I'm sure we can find over zealous security experts > making claims that those services are inherently insecure as well. > Someone will come up with a way of doing file sharing over another port > number, over another protocol, over a conforming application (e.g. HTTP) > and probably using encryption so you can't tell what it is. If users are smart enough to switch the port and encrypt their traffic, then obviously there's nothing to worry about. The original suggestion was to protect users that probably don't even realize they have shares open to the world.