From owner-freebsd-security Fri May 25 14:49:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from stimpy.net (adsl-63-193-11-3.dsl.snfc21.pacbell.net [63.193.11.3]) by hub.freebsd.org (Postfix) with ESMTP id 7FC9637B423 for ; Fri, 25 May 2001 14:49:38 -0700 (PDT) (envelope-from jgross@stimpy.net) Received: by stimpy.net (Postfix, from userid 314) id D896B3010A; Fri, 25 May 2001 14:49:37 -0700 (PDT) Date: Fri, 25 May 2001 14:49:37 -0700 From: Joe Gross To: FreeBSD Security Subject: Re: 'nother IPFW question Message-ID: <20010525144937.A60462@felix.stimpy.net> References: <3B0EA2AE.5B00EB2@gmx.net> <200105251828.f4PIS1Y41320@earth.backplane.com> <20010525194056.A19706@gattaca.yadt.co.uk> <200105251920.f4PJK6L42034@earth.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200105251920.f4PJK6L42034@earth.backplane.com>; from dillon@earth.backplane.com on Fri, May 25, 2001 at 12:20:06PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 25, 2001 at 12:20:06PM -0700, Matt Dillon wrote: > > I usually do not run identd, but I usually do allow the service > through the firewall so the server not running it can respond with a > TCP reset. Otherwise remote sendmails using auth will stall trying > to send email to you for ~30 seconds. Alternatively the firewall can > be programmed to return an ICMP error itself, but I try to avoid > having the firewall do actual work to make it more resistent to DOS > attacks. Augh! Why wouldn't you just have the firewall refuse the connection? It's a bad idea to pass anything through your firewall that you don't want on your internal network. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message