[ale] Moving httpd to different port (was AT&T Broadband blocking inbound http?)

Rick Huebner fehuebner at mediaone.net
Fri Aug 10 13:32:47 EDT 2001


I have a couple of questions.  Do most corporate firewalls allow traffic
through the firewall on port 81?

Is it possible to change a DNS entry for, say, www.rhuebner.com to point to
X.X.X.X:81 ???  I'm thinking no because DNS only resolves the name, the
client chooses the port.  Also, it may be possible to get some sort of a
redirect to work like yahoo is doing for me.

---
Rick Huebner
rickh at bigfoot.com
http://ditchdoctor.dyndns.org
OR because of the morons running IIS and MediaOne blocking port 80
http://ditchdoctor.dyndns.org:15001


-----Original Message-----
From: owner-ale at ale.org [mailto:owner-ale at ale.org]On Behalf Of Michael
To: ale at ale.org
Perigard
Sent: Friday, August 10, 2001 11:54 AM
To: ALE
Subject: RE: [ale] Moving httpd to different port (was AT&T Broadband
blocking inbound http?)



OK. So Im not crazy :) The reason I ask is, I cant just *move* the httpd
service without telling every user that Im running on a different port
now. *phew* And here I thought someone changed the way things worked again
without telling me.

And the way I see it, any ISP blocking port 80 only accomplishes one
thing, keeps it from spreading. Their routers are still being hit with all
the requests, and the infected machines are still infected. In their
defense, however, they are doing their part in keeping it from spreading.
Its also well within their rights per their TOS. (I think Im biased having
worked for various ISPs over the years. Its not a walk in the park making
everyone happy, you spend alot of time letting things slide, only to
piss those same people off when your service is abused and youre forced to
lock it down.)

What ever happened to the idea of a written exam to get into the internet.
Failing the exam automagically signs you up for a lifetime membership to
AOL. I mean, remember the good ol' days when your dialup account included
a shell on your ISPs server? The government shouldnt be spending all this
money on an infrastructure defense program without spending money on
educating the people. Its the ignorant users that have allowed this to
spread and survive (or should I say thrive?), correct? The idea of dumping
money into a police force to fight a drug problem without spending money
on educating youth about drugs - comes to mind.

Not to try and take the blame off of M$, but their product isn't to blame.
We dont lynch the ISC when an exploit in BIND is found. (I know thats a
stretch, but hear me out.) Sure their products have bugs, but we've
already mentioned how they were quick to respond with patches, and even
admit when those patches arent working. The blame should be put on the
people who purchased their fancy 'appliance' and hooked it up to their
fancy fast internet connection without realising the amount of time and
effort it takes to have a computer on the internet 24/7. You don't buy a
house without walking around it first, figuring out if all your doors and
windows have locks, and learning how to use them. The internet is a
community, and the more people that enter the community ignorant and
apathetic, the more worms and virii are going to thrive, and we have noone
to blame except for the community itself for not educating its new users.
The software vendors (for creating a product that installs and runs IIS
when you, say, install minesweeper), the hardware vendors (hey,
its people like Dell and Compaq who advertise how easy it is to 'plug and
play' your new computer into your fast ethernet connection with no
knowledge of what youre actually doing), the new users themselves, and
those of us that know better are all to blame.
</repetitive-rant>

Sorry. Everyone else got theirs out, i guess the 3500 hits my machine has
taken in the week or so have been getting to me :P

OH. Yes, this post actually had a purpose. *EVERYONE* is to do their part
and submit their code red logs to dshield.org. If anyone ever figures out
what we can do with them (other than make pretty little graphs and
charts), theyll get their logs from dshield. And believe it or not, those
charts and graphs give the higher-ups (say maybe at AT&T) numbers to base
their decisions on.

-Michael Perigard

PS, to stay on topic, @home hasn't blocked port 80. Yet. (The original
post mentioned AT&T @home. Did they mean AT&T Roadrunner? Ive lost track
of who owns who anymore.)

On Fri, 10 Aug 2001, Stephen VanDyke wrote:

> you are correct :)
>
> It's kinda why everyone is up in arms about AT&T blocking port 80.
>
> -Stephen
> >
> > I'm going to claim ignorance, but I thought I understood how web
browsers
> > and requests work. If I enter http://www.yahoo.com, doesnt my browser
> > automagically try to connect to port 80? Just as if I use
> > ftp://ftp.yahoo.com, I should be trying to connect to port 21. Now if
> > that's correct (which it must not be, otherwise it wouldnt be so simple
> > to just 'move' your httpd service to another port), what happens when I
> > try http://www.yahoo.com and the http service is running on port 81? My
> > browser will find no webpage at www.yahoo.com unless i specify
> > http://www.yahoo.com:81, correct?
> >
> >
> > -Michael Perigard
> >
> >
> > On Fri, 10 Aug 2001, KeithH wrote:
> >
> > > And then restart your http server for the change to take effect.
> > >
> > > Stephen VanDyke wrote:
> > >
> > > look in your httpd.conf file for:
> > >
> > > Listen 80
> > > add or change it to:
> > > Listen 81
> > >
> > > Stephen VanDyke
> > >
> > > Hi,
> > >
> > > Color my foggy-brained, but can someone outline the steps to "move"
the
> > > httpd port from port 80 to port 81 (in order to get around the port 80
> > > block by ATT Broadband)?  I'm using Redhat 6.2 (I think).
> > >
> > > TIA.

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
body.

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list