> >Are there any constraints or guidelines for port assignments? If so,
> >I'd appreciate a nifty URL beyond the easily available list of
> >well-known ports.
> The typical is "Run the services at their intended ports. Keep the
> service software hardened against attacks."
Well, I guess I'm really asking for the why. Yes, the big obvious
threat is not keeping up with the security updates? But the one that
actually scares me is someone who finds a hole and just exploits it on
You can configure Apache not to log certain things. So should I
perhaps try to configure it to pitch the logs of the known (and
therefore harmless) attacks into the bit bucket? Or maybe someone has
those configuration settings conveniently at hand? Basically, I don't
see any reason to keep logs on such trash.
Right now the probes seem to come about once per hour. If that's
typical for any random IP address, then there must be a WHOLE lot of
that traffic in the network. So why don't they isolate it and
eliminate the perpetrators?
> Are you planning to provide a public service on that server - or are
> you just setting up a server as your private playground? If you're
> setting up a private playground, don't make it visible outside your
> network. If you're setting up a public service, keep it at the regular
> port 80.
> If it's a public service, make sure you keep up to date with security
> advisories and patches.
Interesting problem... I'd like it to be public, but if the open port
is 80, it seems like the log files are going to be constantly filled
with garbage. I really hate to watch so much stupidity at work.
Quote:> DNS does not map ports.
> If you use anything else but 80, you'll need to always include that
> into the URL. And once there's a visible link somewhere to your site,
> your site is public. It may attract less probes when set to some non-
> obvious port, but the ones it'll attract are typically more forceful
> (as they're not bound to some specific port, they can be assumed to
> be more "intelligent" in other aspects, too). So, anyway you'll need
> to make sure your system is hardened.
Well, I worded it badly, but by specifying the port you override the
DNS default of port 80 for HTTP, and that suits my purposes and seems
to work with every browser I've tested. I'm not sure how it works in
terms of providing visible links to the site. For example, would a
search engine be able to deal with a Web server at some port besides
Trying to reword it, but difficult. Besides being stupid and
malicious, the script kiddies are lazy. What I really want is an
absolute block against the *, lazy imbeciles, but something subtly
suspicious to scare off the intelligent hackers. Nothing to make them
think it's a juicy target, but rather something to give them the
willies, to make them think it's just a poison honey pot.
Quote:> Also, I've seen reports of some ISPs (and companies) having their proxy
> configured to only allow connetions to some well-known HTTP service
> ports (80, 8080). Of course, it's possible to configure the browser
> not to use a proxy, but may be a nuisance if the provider also forces
> the use of proxy by prohibiting all non-proxy outgoing traffi to these
When I studied the well-known port list in detail, I found that 591,
8008, and 8080 are listed as alternates for port 80. But there are
about 30 other ports listed with various relationships to HTTP...
Weird list. Lots of them were associated with organizations or
companies. I think I want the HTTP port that is used by the CIA or
FBI. That should make 'em nervous.