...on Mon, Oct 15, 2001 at 03:08:39PM -0600, Ryan Russell wrote: > > 1) Sometimes the honey pot will send an IDENT request to the remote > > system. At least one of the 'worms' in circulation recently will > > immediately drop the port 80 connection when the IDENT probe is sent > I used to have this problem with firewalled mail servers. If one of the > mail servers was configured to do ident lookups, and there was a firewall > that just dropped ident attempts (no RST), then the mail servers would sit > around for 2-5 minutes until the ident TCP connect timed out. Only then > would the mail connection deliver any data. This could be related, and Don't think so; this is default behaviour with sendmail, at least. Sendmail has a configurable timeout for ident lookups, and will wait for an answer until the timeout expires. Default from sendmail distribution is 30 seconds, but possible some vendors use a higher value. Don't know about other MTAs. Alex. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Oct 22 2001 - 10:19:26 PDT