[60511] in North American Network Operators' Group
Private port numbers?
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Wed Aug 13 14:16:33 2003
Date: Wed, 13 Aug 2003 20:15:28 +0200
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Be damned if you filter, be damned if you don't. Nice choice.
I think it's time that we set aside a range of port numbers for private
use. That makes all those services that have no business escaping out
in the open extremely easy to filter, while at the same time not
impacting any legitimate users.
Services could even be assigned two port numbers: a public one and a
private one. So I could use port 80 to access the web, but port 32768 +
80 (or whatever) to manage my ADSL modem over HTTP. Applications would
just need a few lines of code to try either the public or the private
port first (depending on the type of application and possibly some
heuristics) and try the other port when there is a destination port
unreachable or administratively prohibited message.
(Note that what I mean here has nothing to do with what IANA calls
"private" ports.)
