Private port numbers?
Iljitsch van Beijnum
iljitsch at muada.com
Wed Aug 13 18:15:28 UTC 2003
Be damned if you filter, be damned if you don't. Nice choice.
I think it's time that we set aside a range of port numbers for private
use. That makes all those services that have no business escaping out
in the open extremely easy to filter, while at the same time not
impacting any legitimate users.
Services could even be assigned two port numbers: a public one and a
private one. So I could use port 80 to access the web, but port 32768 +
80 (or whatever) to manage my ADSL modem over HTTP. Applications would
just need a few lines of code to try either the public or the private
port first (depending on the type of application and possibly some
heuristics) and try the other port when there is a destination port
unreachable or administratively prohibited message.
(Note that what I mean here has nothing to do with what IANA calls
"private" ports.)
More information about the NANOG
mailing list