[ale] Port Database

Michael H. Warfield mhw at wittsend.com
Wed Nov 10 15:20:33 EST 1999


On Wed, Nov 10, 1999 at 01:18:15PM -0500, Randy Janinda wrote:
> Greeting Everyone,

> I have finally created the "PortScan" database and it is available for
	public "consumption". Let me give you a quick background. Everyday
	I read emails from users, programmers, and admin types who want
	to know, "What is on port XYZ?" or "Why is 192.168.1.1 scanning my
	port Q?". I Asnswered this by creating a central repository to
	answer these questions. The database cureently houses the RFC1700
	information and I will be adding new information daily such as
	trojans, port/service vulnerabilities and any other useful
	information. This project is NOT complete. If you find soemthing
	that is not in the database or a listing that is wrong, please
	let me know and I will fix it as soon as possible. With that said,
	you can find this resource at:

> http://www.tqlabs.com

	Not to be picky here, but I'm going to be picky here...  :-)

	I think this is a good thing that you are doing, but...

	1) Please wrap your lines.  It makes it easier to read even with
a word wrapping mail reader like what I use (Mutt).

	2) RFC 1700 is seriously out of date.  Go to IANA (Internet Assigned
Numbers Authority, <http://www.iana.org>) for the latest assigned ports
and stuff.  From their home page, just follow "Protocol Numbers and
Assigned Services", drop down to "P", and follow "Port Numbers".

	3) You have a number of ports listed with RFC 1700 as the source
of the information but they are not in RFC 1700.

	Examples:
		993	IANA says imaps		Not listed in RFC 1700
		995	IANA says pop3s		Not listed in RFC 1700
		563	IANA says nntps		RFC 1700 says unassigned

	I could go on and on and on with this...

	Just to note a pattern here...  RFC 1700 only contains one assignment
related to SSL and that's port 443 https.

	4) RFCs do not get modified once they are published.  They may
get superceeded, but they don't change.  For that reason, the RFCs ended
up being a less than ideal mechanism for highly dynamic documents such
as assigned numbers.  RFC 1700 will never be current, because it will
never be updated, and it looks unlikely that it will be replaced.

	RFC 1700 dates from October 1994 and shouldn't be noted as the
reference for any assignments made in the last 5 years.  There has not
been an "ASSIGNED NUMBERS" RFC released in the last 5 years most likely
because it would be out of date by the time it was published.

	It begins to look like what you have attributed to RFC 1700 truely
should be attributed to the IANA "port-numbers" document, which is the
authoritative source now.

> Regards,
> Randy Janinda

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!






More information about the Ale mailing list