- From: Ned Freed <NED@innosoft.com>
- Date: Thu, 05 Jan 1995 12:39:54 -0700 (PDT)
- To: Larry Masinter <masinter@parc.xerox.com>
- Cc: uri@bunyip.com
> > ... and a list of standard ports to shun should probably be added. > I don't think anyone was able to generate one, although I remember it > being discussed. What ports do YOU think should be shunned? Hmm. Well, on inspection there really aren't that many. I don't think any port that could prove useful should be banned. For example, I suppose that use of the echo port in a URL could provide a useful test service. This leaves the following ports that are clearly either useless or potentially harmful: discard 9/tcp Discard chargen 19/tcp Character Generator smtp 25/tcp Simple Mail Transfer domain 53/tcp Domain Name Server kerberos 88/tcp Kerberos snmp 161/tcp SNMP Discard produces no information and hence isn't useful even for testing. Chargen produces an endless stream of data, and hence can be quite dangerous. SMTP could be used with an implementation of the TURN command, I suppose, but this is problematic and the potential for abuse is too high. Domain, Kerberos, and SNMP are also not useful sources of URL information and the potential for abuse is too high. > How can a URL cause someone to fill the spool area? Conside a TELNET URL pointing at port 19 that sends nothing. This port produces an endless stream of data. Many clients put the data they receive into a temporary file in the spool area. If you use the charget port on the local machine the data arrives very quickly, and if the client isn't robust it falls over once the disk is full and leaves the temporary file there. Ned
Received on Thursday, 5 January 1995 15:52:09 UTC