From owner-freebsd-stable Thu Jul 27 9: 9:25 2000 Delivered-To: freebsd-stable@freebsd.org Received: from mx.nkm.lt (mx.nkm.lt [193.219.211.9]) by hub.freebsd.org (Postfix) with SMTP id E010937B52F for ; Thu, 27 Jul 2000 09:09:20 -0700 (PDT) (envelope-from midom@dammit.lt) Received: (qmail 19345 invoked by uid 1073); 27 Jul 2000 16:09:17 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 27 Jul 2000 16:09:17 -0000 Date: Thu, 27 Jul 2000 18:09:17 +0200 (CEST) From: Domas Mituzas X-Sender: midom@mx.nkm.lt To: npd@el.com.br Cc: freebsd-stable@freebsd.org Subject: Re: Auth service sequencial probe. In-Reply-To: <39804D5D.B6634FB0@el.com.br> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, > ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1 > ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1 > [ that keeps for a while ...] > > Any ideas? > this can be new sort of portscanning, as auth service may be used for finding out ports, that are open, and also users, that opened the sockets. On another hand, denying auth service is really a bad habit, a lot of services, including IRC, TCP, SSH etc check identd for user information. If you deny, but not reject it, connection attempts will last for even 30 to 60 seconds (depending on ident timeouts). Therefore, you should refuse, but not deny auth requests, as they're part of normal network operation. Domas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message