Yes, thanks, Yoav. Apologies to Randy and Kathleen for my terseness. Eliot
On 11/24/15 5:46 PM, Yoav Nir wrote: > I think Eliot meant RFC 5785 /.well-known/ locations, rather than well known > ports > > Yoav > >> On 24 Nov 2015, at 6:37 PM, Kathleen Moriarty >> <[email protected]> wrote: >> >> I agree with Eliot, I don't think a scan is needed to make a decision >> here. Having managed several networks that would not have allowed you >> access from some random scanner, I don't think you'll get all the data >> you are looking for. In a well managed network, the IDS/IPS should >> detect that it is a scan and block all future probes once you hit a >> small number of ports/IPs. So you may get a small sample with >> everything else failing within an address block. Granted, not all >> networks are managed well and you may get a good amount of data. >> >> If this connection was expected to a few servers, then a network >> manager might just allow those only on the assigned port. >> >> Without any hat on, I agree that a port + 443 as an alternate is a good plan. >> >> Kathleen >> >> On Tue, Nov 24, 2015 at 8:11 AM, Randy Bush <[email protected]> wrote: >>>> Isn't this precisely what .well-known was meant to address? >>> fun small research project. what percentage of well-known ports can >>> you connect to from the outside to a machine inside cisco? hell, to >>> what percentage of well-known ports outside cisco can you reach from >>> inside? >>> >>> well-known does not correlate well with open to access by IT security >>> departments. >>> >>> randy >>> >>> _______________________________________________ >>> Acme mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/acme >> >> >> -- >> >> Best regards, >> Kathleen >> >> _______________________________________________ >> Acme mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/acme >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
