[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [dvd-discuss] Hang the RIAA in their own noose.
- To: "'Scott A Crosby'" <crosby(at)qwes.math.cmu.edu>, Richard Hartman <hartman(at)onetouch.com>
- Subject: RE: [dvd-discuss] Hang the RIAA in their own noose.
- From: Richard Hartman <hartman(at)onetouch.com>
- Date: Thu, 18 Oct 2001 09:22:05 -0700
- Cc: "'dvd-discuss(at)cyber.law.harvard.edu'" <dvd-discuss(at)cyber.law.harvard.edu>
- Reply-To: dvd-discuss(at)cyber.law.harvard.edu
- Sender: owner-dvd-discuss(at)cyber.law.harvard.edu
> -----Original Message-----
> From: Scott A Crosby [mailto:crosby@qwes.math.cmu.edu]
> Sent: Wednesday, October 17, 2001 5:28 PM
> To: Richard Hartman
> Cc: 'dvd-discuss@eon.law.harvard.edu'
> Subject: RE: [dvd-discuss] Hang the RIAA in their own noose.
>
>
> On Wed, 17 Oct 2001, Richard Hartman wrote:
>
> >
> > Then you should configure your server to use a non-standard
> > port. There are thousands of numbers available, pick one
> > other than 80. By using the standard port number, you are
>
> For the web, maybe, but there are many other protocols which are not
> portable between ports, netbios (windows sharing), DNS,
> finger, SMTP, very
> likely POP3, etc...
Some of those protocols have other authorization mechanism,
such as password protection. As for finger & DNS, they too
are intended (just as the web server) for public distribution
of information. If you are running those services on their
assigned ports, don't put any information you don't want
distributed there.
>
> Furthermore, port 80 is a port that is more likely to be let through
> firewalls, had I run HTTP on another port, 1088, the firewall
> may forbid
> accessing it completely.
That is an issue for you and your ISP.
You can also password protect information on the web server
running on port 80 (which would actually be better than attempting
to hide it on a non-standard port anyway...)
>
> > essentially stating "this is for general access". By picking
> > any other number, someone could certainly find it by port
> > scanning but you'd have a better case against them for electronic
> > trespass.
>
> You cannot claim that certain ports are 'public' and other
> ports are not.
I am not. I am claiming that certain ports are "well known". Which
is to say that certain services are assigned certain ports by a central
governing body (IANA, I think). If you are running those services on
those ports, you can _expect_ access by all and sundry. If you want
privacy, you take steps.
> It is my intent that it is trespass to access certain data on my
> machine, regardless of what port is used, or through what means that
> access was taken (cracking or misconfiguration). In many
> cases, I may have
> little or no choice as to what port it is run on.
Again, we can only judge intent by configuration. (Or perhaps by
a posted disclaimer ...) If you are running a standard service
on a standard port, the best presumption of intent is that you
are intending to provide that service.
>
> > >
> > > A computer does not know intent. All it knows is your
> > > configuration file.
> >
> > Which should reflect your intent.
> >
>
> Yes, unless a configuration.
???
>
> >
> > A reasonable person would expect a web server on port 80 was
> > set up w/ intent to grant access, but a web server on any other
> > port was intended to be private.
> >
>
> Any system that is listening on any port is configured to
> grant access to
> another host. (Whether or not that that access was intended.)
Not necessarily. The POP3 service I connect to insists on
an account & password. Access is not granted to just any ol'
"other host".
>
> Whether or not that access is intended to be public or
> private cannot be
> determined based on the port number.
Standards are there for a reason. If you implement something
by the standards, you can expect all accesses permitted by
those same standards.
--
-Richard M. Hartman
hartman@onetouch.com
186,000 mi./sec ... not just a good idea, it's the LAW!