From owner-freebsd-security  Thu Jun 10 19:23:12 1999
Delivered-To: freebsd-security@freebsd.org
Received: from cantor.boolean.net (cantor.boolean.net [209.133.111.73])
	by hub.freebsd.org (Postfix) with ESMTP id 4E57914DEF
	for <freebsd-security@FreeBSD.ORG>; Thu, 10 Jun 1999 19:23:10 -0700 (PDT)
	(envelope-from Kurt@OpenLDAP.Org)
Received: from gypsy (localhost [127.0.0.1])
	by cantor.boolean.net (8.9.2/8.9.1) with SMTP id CAA17459;
	Fri, 11 Jun 1999 02:22:22 GMT
	(envelope-from Kurt@OpenLDAP.Org)
Message-Id: <3.0.5.32.19990610191916.0096a6f0@localhost>
X-Sender: guru@localhost
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Thu, 10 Jun 1999 19:19:16 -0700
To: Bill Swingle <unfurl@dub.net>
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>
Subject: Re: ports and applications
Cc: Nick Rogness <nick@rapidnet.com>,
	Gregory Carvalho <GregoryC@stcinc.com>,
	"freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
In-Reply-To: <19990610170151.D843@dub.net>
References: <Pine.BSF.4.05.9906101501260.33002-100000@rapidnet.com>
 <375F7453.77C0F526@stcinc.com>
 <Pine.BSF.4.05.9906101501260.33002-100000@rapidnet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 05:01 PM 6/10/99 -0700, Bill Swingle wrote:
>On Thu, Jun 10, 1999 at 03:07:39PM -0600, Nick Rogness wrote:
>> On Thu, 10 Jun 1999, Gregory Carvalho wrote:
>> 
>> > Using ipfw I am allowing port 80 through the wall (could you imagine if
>> > I denied the good people of Gotham their web fix). Suppose I deny
>> > telnet, but some external server has its telnet server configured for
>> > port 80. Is there a method to prevent the telnet session from operating?
>> 
>> 	Why would anyone run telnet on port 80?
>> 
>> 	Is this an incoming or outgoing telnet session?  I'm assuming
>> 	outoing telnet sessions. The only thing I can think of is running
>> 	the machines through a proxy server.
>
>Once, while working for a rather fascist employer that denied outgoing
>connections on ports 22/23 I set up telnet, then later sshd, on port 80
>on my home machine. They employers couldnt do without their web access
>it seems :) I think this is what the original writer is trying to avoid.

We're actually running a public CVS server on port 443 (https)
so that users behind firewalls can get at our source.  It's
hard to proxy https, which makes it much better tunneling
port than 80 (http).

Kurt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message