RE: [dvd-discuss] Hang the RIAA in their own noose.

[Scott A Crosby <crosby(at)qwes.math.cmu.edu>]

On Wed, 17 Oct 2001, Richard Hartman wrote:

>
> Then you should configure your server to use a non-standard
> port.  There are thousands of numbers available, pick one
> other than 80.  By using the standard port number, you are

For the web, maybe, but there are many other protocols which are not
portable between ports, netbios (windows sharing), DNS, finger, SMTP, very
likely POP3, etc...

Furthermore, port 80 is a port that is more likely to be let through
firewalls, had I run HTTP on another port, 1088, the firewall may forbid
accessing it completely.

> essentially stating "this is for general access".  By picking
> any other number, someone could certainly find it by port
> scanning but you'd have a better case against them for electronic
> trespass.

You cannot claim that certain ports are 'public' and other ports are not.
It is my intent that it is trespass to access certain data on my
machine, regardless of what port is used, or through what means that
access was taken (cracking or misconfiguration). In many cases, I may have
little or no choice as to what port it is run on.

> >
> > A computer does not know intent. All it knows is your
> > configuration file.
>
> Which should reflect your intent.
>

Yes, unless a configuration.

>
> A reasonable person would expect a web server on port 80 was
> set up w/ intent to grant access, but a web server on any other
> port was intended to be private.
>

Any system that is listening on any port is configured to grant access to
another host. (Whether or not that that access was intended.)

Whether or not that access is intended to be public or private cannot be
determined based on the port number.

Scott