[51903] in North American Network Operators' Group
Re: How do you stop outgoing spam?
daemon@ATHENA.MIT.EDU (Rafi Sadowsky)
Tue Sep 10 06:26:52 2002
Date: Tue, 10 Sep 2002 13:26:15 +0300 (IDT)
From: Rafi Sadowsky <rafi-nanog@meron.openu.ac.il>
Reply-To: <nanog@merit.edu>
To: Petri Helenius <pete@he.iki.fi>
Cc: Eliot Lear <lear@cisco.com>, Paul Vixie <vixie@vix.com>,
<nanog@merit.edu>
In-Reply-To: <3D7D98F5.203E96DF@he.iki.fi>
Errors-To: owner-nanog-outgoing@merit.edu
## On 2002-09-10 10:02 +0300 Petri Helenius typed:
PH> >
PH> If somebody is ignorant enough to implement IP over HTTP, why should
PH> they be accommodated? There are numerous reasons why there are other
PH> port numbers to TCP than 80 and other protocol numbers to IP than 6.
Why do you think they're ignorant ?
Isn't TCP over HTTP is normally used to attempt bypassing of firewalls ?
IMHO Firewall/Security admins are ignorant
if they don't take this into account
AFAIK you can tunnel IP over(at least):
1) HTTP(not just use port 80 for non HTTP traffic)
2) ICMP ...
3) DNS queries(needs an external "custom" cooperating DNS)
--
Rafi
