[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
lynx-dev [PATCH] Blocking common ports
From: |
Ulf Harnhammar |
Subject: |
lynx-dev [PATCH] Blocking common ports |
Date: |
Wed, 4 Sep 2002 18:57:11 +0200 (CEST) |
Hello,
I have written a patch that makes Lynx block several common
ports. Previously, it only blocked port 19 and 25, and as you can send
mail with the Submission service at port 587, it wasn't very
effective. I've added a check for that and several other common services
that you don't want people to connect to with web clients.
I have patched against 2.8.5dev.8.
// Ulf Harnhammar
address@hidden
http://www.metaur.nu/
--- lynx2-8-5/src/LYGetFile.c.old 2002-09-04 18:43:50.000000000 +0200
+++ lynx2-8-5/src/LYGetFile.c 2002-09-04 18:44:04.000000000 +0200
@@ -141,9 +141,8 @@
CTRACE((tfp,"getfile: getting %s\n\n",doc->address));
/*
- * Protect against denial of service attacks
- * via the port 19 CHARGEN service, and block
- * connections to the port 25 ESMTP service.
+ * Block connections to several common ports below 1024. - Ulf
+ *
* Also reject any likely spoof attempts via
* wrap arounds at 65536. - FM
*/
@@ -158,17 +157,15 @@
cp++;
if (sscanf(cp, "%ld", &value) == 1) {
- if (value == 19 || value == 65555) {
- HTAlert(PORT_NINETEEN_INVALID);
- FREE(temp);
- return(NULLFILE);
- }
- if (value == 25 || value == 65561) {
- HTAlert(PORT_TWENTYFIVE_INVALID);
- FREE(temp);
- return(NULLFILE);
- }
- if (value > 65535 || value < 0) {
+ if (value > 65535 || value < 0 ||
+ value == 7 || value == 9 ||
+ value == 13 || value == 19 ||
+ value == 25 || value == 43 ||
+ value == 53 || value == 69 ||
+ value == 79 || value == 110 ||
+ value == 113 || value == 143 ||
+ value == 161 || value == 389 ||
+ value == 587) {
char *msg = 0;
HTSprintf0(&msg, PORT_INVALID, (unsigned long)value);
HTAlert(msg);
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
- lynx-dev [PATCH] Blocking common ports,
Ulf Harnhammar <=