Re: [sitefinder-tech-discuss] followup from 15oct secsac

[bmanning@karoshi.com]

> 
> bmanning@karoshi.com wrote:
> > 	interesting:  the IP address, which is pointed at by
> > 	the wildcard, has -zero- active services running via 
> > 	the network interface.  That way you remove NXDOMAIN
> > 	but don't take the extra step of actually running a
> > 	service.  One can woner what the response from the
> > 	various members of the community would be if that was
> > 	the step taken...  
> 
> Bill,
> 
> I'm not too swift sometimes: are you suggesting that VeriSign run a 
> service on all/many of the known ports?
> 
> -andy

	not really.  i'm suggesting that two ports were selected
	and the rest blocked in the event as seen thus far and
	there has been little/no discussion about how a new service
	would be activated.
	some of the outcry from members of the community was that
	there was little in the way of broad announcement wrt 
	the services being offered so I expect that -IF- (for 
	example)  there was an order to unblock port 123 and
	run an NTP server on the wildcard machine, that the 
	community would like something like the 30-60 day comment
	period -PRIOR- to such service being activated.
	In general, the migration from maintaining critical network
	infrastructures to offering general services is fraught
	with difficulty. placing services in the core (as described
	by Klensin on the 7th) means scaling problems, in part outlined
	earlier today in the thread that talked about open SMTP
	relays... :)

	w/o such notice, a paranoid might want to periodically
	run NMAP against the wildcard "A" to see what changes
	had/have occured there.  Such behaviour may be anti-social
	and could be averted by some judicious communications and
	collabaration.

--bill


----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.elistx.com/unsubscribe>