IPP> Re: Implications of introducing new scheme and port

IPP> Re: Implications of introducing new scheme and port

Carl-Uno Manros manros at cp10.es.xerox.com
Tue Jun 9 16:10:08 EDT 1998


At 12:48 PM 6/9/98 PDT, Keith Moore wrote:
>> so then would the advice that we give
>> to proxy admins to filter/allow IPP to 
>> watch for URLs on port XXX ?
>
>In my example, XXX is the reserved IPP port.  So if the admins want to
>block outgoing IPP traffic, they tell their routers or firewalls to 
>not transmit requests to anything on port XXX.
>
>Of course, anyone with an HTTP server on port XXX will be unreachable
>from behind such a firewall, and the filter won't block access to IPP 
>servers on other ports.  But that's an inherent limitation of firewalls - 
>they can't really filter out all unwanted traffic, they can only filter
>out most of it. 
>
>As long as IPP is run on a separate port, I'm pretty ambivalent 
>about PRINT vs. POST.
>
>Keith
>


Keith,


I assume in this discussion that port XXX is the DEFAULT port for IPP,
but as in other schemes, you can override it by specifying an explicit 
port number in the URL, including port 80.


Is this understanding correct, and if so does it open a way for people
to still go around the new IPP port number definition? The administrator
could always set up the IPP Printer to ignore anything that does not 
come in over port XXX.


If we go down the IPP port lane, I think we need to specify that new 
IPP Printers should come out of the box pre-configured to the IPP 
default port. The biggest problem security admins have is that people
just take new equipment out of the box, plug them in, and if it
works, never try to reconfigure them.


Carl-Uno
Carl-Uno Manros
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros at cp10.es.xerox.com



More information about the Ipp mailing list