[e2e] What if there were no well known numbers?

Christian Huitema huitema at windows.microsoft.com
Wed Aug 2 21:18:47 PDT 2006


> In fact, blocking ports achieves no security to speak of.   But you'd
> be threatening to expose the Emperor's nakedness with this proposal.

Blocking ports is a "black list" approach, i.e. mark something as
dangerous, and then block it. Many edge firewalls follow a "white list"
approach, i.e. mark something as innocuous and then allow it. In that
case, being able to quickly identify the application actually enhances
connectivity.

Of course, I am well aware of the games that can be played, e.g. running
HTTP on some random port number, or running some random application on
port 80...

-- Christian Huitema


More information about the end2end-interest mailing list