[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [sitefinder-tech-discuss Home]
Subject: RE: [sitefinder-tech-discuss] followup from 15oct secsac
> -----Original Message----- > From: bmanning@karoshi.com [mailto:bmanning@karoshi.com] > Sent: Thursday, October 16, 2003 3:06 PM > To: anewton@verisignlabs.com > Cc: bmanning@karoshi.com; shollenbeck@verisign.com; > sitefinder-tech-discuss@lists.elistx.com > Subject: Re: [sitefinder-tech-discuss] followup from 15oct secsac > > > > > > bmanning@karoshi.com wrote: > > > interesting: the IP address, which is pointed at by > > > the wildcard, has -zero- active services running via > > > the network interface. That way you remove NXDOMAIN > > > but don't take the extra step of actually running a > > > service. One can woner what the response from the > > > various members of the community would be if that was > > > the step taken... > > > > Bill, > > > > I'm not too swift sometimes: are you suggesting that VeriSign run a > > service on all/many of the known ports? > > > > -andy > > not really. i'm suggesting that two ports were selected > and the rest blocked in the event as seen thus far and > there has been little/no discussion about how a new service > would be activated. > some of the outcry from members of the community was that > there was little in the way of broad announcement wrt > the services being offered so I expect that -IF- (for > example) there was an order to unblock port 123 and > run an NTP server on the wildcard machine, that the > community would like something like the 30-60 day comment > period -PRIOR- to such service being activated. > In general, the migration from maintaining critical network > infrastructures to offering general services is fraught > with difficulty. placing services in the core (as described > by Klensin on the 7th) means scaling problems, in part outlined > earlier today in the thread that talked about open SMTP > relays... :) > > w/o such notice, a paranoid might want to periodically > run NMAP against the wildcard "A" to see what changes > had/have occured there. Such behaviour may be anti-social > and could be averted by some judicious communications and > collabaration. > > --bill RFC 2010/BCP 40 is a good example of operational clarity. A new or modified operational document should not be Verisign specific. -M ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.elistx.com/unsubscribe>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [sitefinder-tech-discuss Home]
Powered by eList eXpress LLC