Re: solution time for www/smtp hole

mhpower@athena.mit.edu
Thu, 12 Aug 93 22:06:33 EDT


>How about we start disallowing Gopher connections to anything other
>than 70 and 71 (some Gopher servers use the latter), ...
> ... Does it cause any
>impact on *current* functionality?

Yes. A number of Gopher servers return documents that are actually
references to other TCP services that can conveniently (and safely) be
accessed by Gopher clients. These are mentioned in RFC1436:

Note: The client should be prepared for the server closing the
connection without sending the Lastline. This allows the
client to use fingerd servers.

In addition to finger (port 79), you should also (at least) allow
other standard TCP services that don't need multi-line input, e.g.,
daytime (13) and whois (43) are certainly in use, and maybe a few
obscure ones like qotd (RFC865, port 17) or systat (RFC866, port 11).

As an example, the Gopher server here returns port-43 items to over
1000 clients every day. This does work ok; please don't disallow it.

Matt