Re: Port 113 security
From: Brian Hatch (focus-linux@ifokr.org)
Date: 03/06/03
- Previous message: Glynn Clements: "Re: Port 113 security"
- In reply to: Chris Santerre: "Port 113 security"
- Next in thread: Peter H. Lemieux: "Re: Port 113 security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 6 Mar 2003 14:56:48 -0800 From: Brian Hatch <focus-linux@ifokr.org> To: Chris Santerre <csanterre@MerchantsOverseas.com>
> Currently I block port 113 (ident) on the firewall. I block everything and
> pick and choose what to let in. Never got around to letting this in :)
> Anyway, I have about 6-7 in.identd processes running all the time from
> failed ident attempts. Nothing big really. System is working great. Logs get
> filled a little much with DENY messages.
If you don't want to allow others to contact your IDENT port,
then kill any in.identd processes (they're not needed) and
block the inbound accesses with REJECT instead of DENY/DROP.
If a remote server does an IDENT check (say a remote Sendmail
server) then you want it to get a 'connection failed' notice
right away, otherwise it will wait until the timeout occurs,
and this ties down their system and slows down your ability to
get the mail out the door.
> So does evryone generally let these thru? Any exploits? is there a way to
> get rid of those in.identd processes if I leave it blocked?
Any way to get rid of them? Sure - kill them and turn them off in
your /etc/rcX.d directories. (chkconfig on Red Hat, etc.)
Or just kill them and uninstall identd entirely.
-- Brian Hatch There you have the Systems and source of your Security Engineer popularity http://www.ifokr.org/bri/ -- your absense. Every message PGP signed
- application/pgp-signature attachment: stored
- Previous message: Glynn Clements: "Re: Port 113 security"
- In reply to: Chris Santerre: "Port 113 security"
- Next in thread: Peter H. Lemieux: "Re: Port 113 security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
