"Slighter, Tim" <tslighterat_private> writes: > From: Chris Wilkes [mailto:cwilkesat_private] >> In my firewall I've setup this rule to handle these requests: >> -p tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable >> >> In short, nothing to be concerned about. > you really should try and specify that the rule "drops" instead of reject so > that the potential intruder is not provided with any information about their > attempted connection. This is completely misguided advice. Following it results in substantially increased delays when delivering SMTP mail to those hosts which perform identd lookups before accepting mail. -- Florian Weimer Florian.Weimerat_private-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Dec 07 2001 - 13:42:15 PST