Date: Fri, 25 May 2001 12:20:06 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: "tjk@tksoft.com" <tjk@tksoft.com>, memphis_ms@gmx.net (Raoul Schroeder), David Taylor <davidt@yadt.co.uk> Cc: freebsd-security@FreeBSD.ORG (FreeBSD Security) Subject: Re: 'nother IPFW question Message-ID: <200105251920.f4PJK6L42034@earth.backplane.com> References: <3B0EA2AE.5B00EB2@gmx.net> <200105251828.f4PIS1Y41320@earth.backplane.com> <20010525194056.A19706@gattaca.yadt.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Whup! Not pop. Auth. It's probably sendmail. In anycase, not anything that generally needs to be worried about. I usually do not run identd, but I usually do allow the service through the firewall so the server not running it can respond with a TCP reset. Otherwise remote sendmails using auth will stall trying to send email to you for ~30 seconds. Alternatively the firewall can be programmed to return an ICMP error itself, but I try to avoid having the firewall do actual work to make it more resistent to DOS attacks. -Matt :> :only learning about securing my box, and it is hard to find all the info :> :I need. :> : :> :Thank you so much, :> : :> :Raoul :>=20 :> Sounds like one of your users simply ran a pop based mail program. :>=20 : :Wrong port, I think :) : :POP is 110. : :113 is auth. : :Sounds like someone on a remote server connected to some port on your box, :which tried to perform an ident lookup... : :As for what is 'sending on port 1119', ports which are used on the local end :of outgoing connections are essentially random, and are allocated by the :kernel when you try to create an outgoing connection. : :--=20 :David Taylor :davidt@yadt.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105251920.f4PJK6L42034>