[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev [PATCH] Blocking common ports

From: Ulf H{rnhammar
Subject: Re: lynx-dev [PATCH] Blocking common ports
Date: Wed, 4 Sep 2002 22:51:52 +0200
User-agent: Mutt/1.3.28i

On Wed, Sep 04, 2002 at 11:18:19AM -0600, address@hidden wrote:
> I dislike this practice.  Protection should be the responsibility
> of the server, not the client.

Many Lynx developers seem to disagree, as the program blocks a few ports
already, as well as having options such as realms and restrictions.

> You don't know what the server may
> attempt to serve on what port.

Not in theory, no. In practice, people seem to follow IANA's recommendations
pretty closely. If something answers on port 110 at all, you can be pretty
sure it is a POP3 server.

> For example, at one time, the
> National Instute of Standards and Technology had on one of its pages:
> <A HREF="";> See the correct time. </A>
> Simple, clever, effective, and harmless (I assume that they had the
> permission of; in fact, I suspect india was NIST's
> domain, borrowed from U. of C.)

Lame! By clicking that link, a web client tries to talk HTTP with a server
that doesn't support it. The server will rudely talk before the client has
sent a query, and the answer from the server will be interpreted as an
HTTP header by the client. Any web client that supports this flagrant
misuse of standards is too kind.

> But too many browsers (and the proxy I use) started to do what you propose,
> and NIST needed to run an additional time daemon on a different port.
> > +               if (value > 65535 || value < 0 ||
> > +                   value == 13 || value == 19 ||
> I'm opposed.

I'm willing to discuss what ports should be blocked, but the current
situation where port 25 is blocked but not port 587 that does something
similar is just silly. I don't really understand why Lynx needs to be able
to talk HTTP with DNS servers either (lynx
I think anyone who tries that is up to some kind of mischief.

// Ulf Harnhammar

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]