Date: Fri, 02 Apr 2010 18:37:38 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Jon Radel <jon@radel.com> Cc: freebsd-questions@freebsd.org Subject: Re: Sendmail Five Second Greeting Delay Message-ID: <4BB62B62.3090702@infracaninophile.co.uk> In-Reply-To: <4BB5FB51.60207@radel.com> References: <201004011751.27767.npapke@acm.org> <4BB58AC2.50009@infracaninophile.co.uk> <p2y2daa8b4e1004020533u16d3c5a5hc48eb7ec4ceea7b8@mail.gmail.com> <4BB5FB51.60207@radel.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/04/2010 15:12:33, Jon Radel wrote:
> This is why there's a school of thought that even if your default for
> firewall configuration is to quietly drop unwanted packets, IDENT is a
> protocol that you should actively reject. It makes things move along
> more quickly.
That, and the fact that the ident protocol is utterly pointless -- it's
trivially easy for a server to lie about the owner of the other end of a
TCP connection. In fact, doing that is a standard part of the
functionality of identd implementations. Just a waste of packets.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAku2K2IACgkQ8Mjk52CukIyriQCfWZc/AzYIS/38IVFScCG6jkYb
tTMAoItnWUk1g2ClDTR/CWMk47lTdj1B
=WYGc
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BB62B62.3090702>