[Dshield] paper about port blocking

Jonathan Rickman jonathan at xcorps.net
Wed Sep 3 21:02:34 GMT 2003


On Wednesday 03 September 2003 16:40, Rick Leske wrote:
> I'm all for it.. block all the ports for consumer class except those
> necessary for 99.999999% of the population.. ie: 80, 20-21, 25, 53, 110,
> 443, etc..

I'm assuming you are referring to outbound connections, because 99.999999% 
of the population most certainly do not run their own DNS servers. Now, on 
to your missing ports that could be used in either direction... 

I'm guessing that 99.999999% of the population does not use SSH either. So, 
are you saying it should be banned? Therein lies the problem. Who gets to 
decide? You? You've already rendered my service useless, as I use SSH to 
access my systems remotely...both ways. Dear God, some of my SSH installs 
listen on non-standard ports! I should be banished!!! I often use 
bittorrent to exchange files with colleagues, such as large packet 
captures, ISOs, forensic images, etc.  (IOW, not copyrighted materials) You 
seem to have excluded that service as well. Somehow I'm not comfortable 
with my wise new overlord of Internet acceptability. A Ben Franklin quote 
comes to mind that has been used repeatedly in these troubled times. I will 
not bother repeating it, but it does have some relevance here. If you want 
to give up your freedom for a little bit of security, be my guest. I can 
take care of myself just fine, thank you very much.

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net





More information about the list mailing list