[103148] in North American Network Operators' Group
Re: Customer-facing ACLs
daemon@ATHENA.MIT.EDU (Jon Lewis)
Tue Mar 18 23:51:50 2008
Date: Tue, 18 Mar 2008 23:47:41 -0400 (EDT)
From: Jon Lewis <jlewis@lewis.org>
To: Marshall Eubanks <tme@multicasttech.com>
cc: nanog@merit.edu
In-Reply-To: <F17BFFFB-6D88-4C30-9BCD-A6F91C7C1263@multicasttech.com>
Errors-To: owner-nanog@merit.edu
On Tue, 18 Mar 2008, Marshall Eubanks wrote:
>> If it becomes normal for home users to only have 80 and 443, then how can I
>> innovate and design something that needs a new protocol ? What happens to
>> the new voice and video services for example ?
>
> The DOD has already been faced with this (I know of some AFB that have
> instituted this policy).
>
> The solution, of course, is to hire consultants (SIBR if possible) to port
> everything to port 80 !
That's been going on for years. Back when it was common for ISPs to run
squid servers and transparently proxy to them (probably around 2000), I
ran into a customer using some sort of aviation data in real time app
which used port 80 (and wasn't HTTP). I had to special case traffic to
that service's IP to get it not to hit squid. When I asked them why they
were running a non-HTTP protocol on 80/tcp, the answer was "that gets us
through most firewalls."
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
