[Dshield] paper about port blocking

Johannes Ullrich jullrich at euclidian.com
Wed Sep 3 21:25:44 GMT 2003


> I'm guessing that 99.999999% of the population does not use SSH either. So, 
> are you saying it should be banned? Therein lies the problem. Who gets to 
> decide? 

This is exactly one big point about the paper: It is important to make
port blocking predictable. Any blocked port may hurt some valid
software. Being surprised by a blocked port will lead to hours of
frustrating debugging. In particular if the block is implemented
'silent' (just a 'drop', not a 'reject'). 

I don't think that it is a good idea to block port 22 (actually, I think
it is an outright bad idea). But if I know about it, I can work around
the problem.



-- 
--------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net
--------------------------------------------------------------





More information about the list mailing list