Date: Thu, 15 Mar 2001 14:58:00 -0800 (PST) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: nate@yogotech.com (Nate Williams) Cc: des@ofug.org (Dag-Erling Smorgrav), adam@algroup.co.uk (Adam Laurie), ronan@melim.com.br (Ronan Lucio), security@FreeBSD.ORG Subject: Re: Port 113 Message-ID: <200103152258.OAA51686@gndrsh.dnsmgr.net> In-Reply-To: <15025.15908.270320.373266@nomad.yogotech.com> from Nate Williams at "Mar 15, 2001 03:11:48 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > > My local sendmail doesn't use *my* ident server, but remote sendmail > > > servers use *my* ident server, so using ident locally speeds up mail > > > transfers *to* my host. > > > > No, the problem only arises if you drop TCP 113 SYNs to the floor > > instead of rejecting them (ipfw deny instead of ipfw reset); the > > server times out waiting for you to reply. If you send an RST or an > > ICMP UNREACH back, it'll give up immediately. > > Hmm, I remember a long time ago where it was said (urban legend) that > even sending RST's confused older version of mail servers. There have been several problems over time with ipfw reset and icmp on FreeBSD not doing the right things. I've seen several commits that look like they may be addressing the problem but have not found the time to test to see if they fixed it. I know from first hand experience that using ipfw reset to try and stop ident requests use to do little to nothing more than ipfw deny. IIRC one of the problems I saw was that the icmp reset packet was created with the address of the ipfw box, which caused it to be ignored by the sending host. Don't know if that ever got fixed or not though. > Running the 'fake' ident server hasn't caused any problems AFAIK. :) :) > > > > > Nate > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103152258.OAA51686>