North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Customer-facing ACLs

  • From: Jon Lewis
  • Date: Tue Mar 18 23:52:30 2008

On Tue, 18 Mar 2008, Marshall Eubanks wrote:

If it becomes normal for home users to only have 80 and 443, then how can I innovate and design something that needs a new protocol ? What happens to the new voice and video services for example ?

The DOD has already been faced with this (I know of some AFB that have instituted this policy).

The solution, of course, is to hire consultants (SIBR if possible) to port everything to port 80 !

That's been going on for years. Back when it was common for ISPs to run squid servers and transparently proxy to them (probably around 2000), I ran into a customer using some sort of aviation data in real time app which used port 80 (and wasn't HTTP). I had to special case traffic to that service's IP to get it not to hit squid. When I asked them why they were running a non-HTTP protocol on 80/tcp, the answer was "that gets us through most firewalls."

 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ for PGP public key_________