[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: R41 in draft-ietf-v6ops-cpe-simple-security-07
I thought that the discussion in today's meeting led to the conclusion
that R41 would be removed. Did I hear wrong?
Barbara
> -----Original Message-----
> From: owner-v6ops@ops.ietf.org [mailto:owner-v6ops@ops.ietf.org] On
> Behalf Of Iljitsch van Beijnum
> Sent: Tuesday, July 28, 2009 1:38 PM
> To: Mohacsi Janos
> Cc: Yaron Sheffer; james woodyatt; IPv6 Operations
> Subject: Re: R41 in draft-ietf-v6ops-cpe-simple-security-07
>
> On 28 jul 2009, at 19:22, Mohacsi Janos wrote:
>
> >> Would it help to require a < 1024 port? On Unix-derived system you
> >> have to be root to be able to send those, so random applications
> >> wouldn't be able to do this without some serious tricking of the
> >> user.
>
> > I don't think so. Most of the Windows users using their systems as
> > an Administrator. Administrator can do anything....
>
> Does that mean an application can bind to a low port without the
> system throwing up some kind of yes/no choice? (Not that that's
> perfect, but it's something.)
>
> > Anyway the bots are preferring some exotic port numbers or
> > portnumber that is usually not firewalled: 80 and 443.
>
> If a bot wants to receive incoming traffic on those ports it would
> have to signal the CPE that it wants to be de-firewalled for those
> ports.
>
> (Not that malware spreads by listening on those ports, listening on
> ports is _so_ 2003.)
*****
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. GA622