[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: eliminating bogus port 43 exits



     On Sat, 13 Jun 2009 12:25:13 -0600 Jon <scream@xxxxxxxxxxxxxxxxxx>
wrote:
>Thank you for that thoughtful explanation.
>
>This was probably explained somewhere during the thread, I apologize
>if I missed it...
>
>Could you clarify the definition of "bogus traffic" for me.
>
     Well, the definition I've been using probably isn't terribly rigorous,
at least in the sense that there are quite a few justifiable exceptions to it.
But basically it goes like this.  IANA maintains a list of port numbers that
are reserved for certain services' use.  A lot of software is written to use
the reserved port numbers as the default port numbers for communications
supporting the services for which the numbers are reserved, although some
implementations of the relevant clients and servers allow direction that some
alternative port numbers be used instead, a feature fairly essential for
testing in many situations.  However, when the use of a reserved port number 
is hijacked for some other service than the one for which it is reserved, the
new usage constitutes "bogus traffic" in most cases.
     tor itself provides an example of two exceptions (one each for ORPort and
DirPort) justified by the necessity of evading the attempts by certain parties
to block access to tor's services.  Thus the plea in the tor documentation to
get some tor nodes to use ports 80 and 443 for ORPort and DirPort seems a
justified exception to the general rule.  (I am a bit uncomfortable with the
expectation that using port 80 for ORPort can evade intrusion and/or blocking
by the likes of China's Great Firewall because all the firewall would need to
do to decide whether to block it would be to see whether a connection were
encrypted.  Connections coming into an ORPort are supposed to be encrypted,
but http connections are not.  The same thing in reverse would appear to apply
to looking at port 443 connections because https is supposed to be encrypted,
whereas DirPort connections are not.)
     Note that ports 9001 and 9030, the defaults for ORPort and DirPort, are
not reserved ports, according to IANA's list, so anyone is free to use them
for any other purpose.
     Now, another person on this list has argued that the RFC's should be
ignored and that IANA should be ignored.  I remain unconvinced that doing
either would be a good idea.  Having a set of standard port numbers at which
one may expect to access standard services is valuable, and much of what we
have all come to expect from networking and the Internet would be effectively
hidden from our access if these standards were not followed by most system
and/or network adminstrators.  This concept is not different in principle from
having 802.11[abgn] channels assigned to certain frequency bands where we can
expect to find access points.  If people routinely adjusted software-tunable
transmitters and receivers in wireless interfaces to other parts of the EM
spectrum, most people would soon stop wasting their time trying to connect
to attach points.  Conversely, if ham radio operators routinely adjusted their
equipment to operate in the frequency bands reserved for 802.11[abgn] wireless
networks, there would also be a lot of unhappy computer users.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************