Quote:
|
I have one disagreement though. While port 80 will never be blocked, having Gnutella clients all running on that port isn't such a good idea. First because so many are using that port for http. Second, because it would be very hard to differentiate between Gnutella servers and http servers. At least with port 5190, it's easy to tell the difference if the port is used for AIM or gnutella, and there wouldn't be a lot of false positives when scanning for hosts.
|
Perfectly true - but actually that was kind of what I was thinking. ;0) It would look much more like normal trafic to the ISP. As far as false positives go, most Gnutella peers wouldn't have much of a problem. Since a web server wouldn't send the Guntella connect string, the connection would just be dropped (actually probably quicker than if it timed out connecting to a stealthed port or dead IP address). Also downloading in Gnutella basically acts like a webserver anyway. Many of the peers now even return a webpage if you connect with a browser.
Quote:
|
As far as FTP... Passive mode is as functional as non-passive mode, so I wouldn't suspect ISPs would be opposed to blocking anything unused above 1023.
|
No problem behind a company firewall, but too many Internet doo-dads have built-in FTP for one thing or another that defaults to active (thought I'll admit I don't understand why passive isn't a universal yet). ISP's would be reluctant to block it becuase they'd probably get complaints that people's Budwizer frog news ticker and bass report wasn't working.
Actually, on second thought, we should be thanking our lucky stars for active FTP, pain that it is, just because it makes it harder for an ISP to justify banning all incoming connections. In fact, it would probably be a good idea for programmers to make as many pointless, gimmicky, apps with AOL-appeal as possible use incoming connections! ;-)
Quote:
|
One minor correction, the range includes 1024 as well.
|
Right, I messed up there!