Re: ISPs as content-police or method-police

• From: joshua stein
• Date: Mon Nov 20 15:06:28 2000

John Kristoff wrote:
> The problem is that 137-139 are just numbers.  The fact that a typically
> insecure application runs over port 137/139 as opposed to say, 25609,
> makes no difference.  If the logic follows, then block port 21, 111 and
> maybe even port 80.  I'm sure we can find over zealous security experts
> making claims that those services are inherently insecure as well. 
> Someone will come up with a way of doing file sharing over another port
> number, over another protocol, over a conforming application (e.g. HTTP)
> and probably using encryption so you can't tell what it is.

If users are smart enough to switch the port and encrypt their traffic,
then obviously there's nothing to worry about.  The original suggestion
was to protect users that probably don't even realize they have shares
open to the world.

• References:
  • ISPs as content-police or method-police Ehud Gavron
  • RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer
  • Re: Operational impact of filtering SMB/NETBIOS traffic? Adam Rothschild
  • Re: ISPs as content-police or method-police Ben Browning
  • Re: ISPs as content-police or method-police John Kristoff

• Prev by Date: Re: ISPs as content-police or method-police
• Next by Date: RE: ISPs as content-police or method-police
• Date Index
• Thread Index
• Author Index
• Historical