[Dshield] paper about port blocking

Johannes Ullrich jullrich at euclidian.com
Wed Sep 3 21:25:44 GMT 2003

> I'm guessing that 99.999999% of the population does not use SSH either. So, 
> are you saying it should be banned? Therein lies the problem. Who gets to 
> decide? 

This is exactly one big point about the paper: It is important to make
port blocking predictable. Any blocked port may hurt some valid
software. Being surprised by a blocked port will lead to hours of
frustrating debugging. In particular if the block is implemented
'silent' (just a 'drop', not a 'reject'). 

I don't think that it is a good idea to block port 22 (actually, I think
it is an outright bad idea). But if I know about it, I can work around
the problem.

Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net

More information about the list mailing list