RE: Port 113 requests?
From: Tony Gale (gale@syntax.dstl.gov.uk)Date: 12/07/01
- Previous message: Mike Meredith: "Re: Port 113 requests?"
- In reply to: Slighter, Tim: "RE: Port 113 requests?"
- Next in thread: Florian Weimer: "Re: Port 113 requests?"
- Next in thread: Chris Keladis: "RE: Port 113 requests?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Tony Gale <gale@syntax.dstl.gov.uk> To: "Slighter, Tim" <tslighter@itc.nrcs.usda.gov> Date: 07 Dec 2001 09:45:09 +0000
Normally I'd agree, but auth (113) is a special case due to how it is
used. As previously stated certain mail systems will try an auth
connection. Also, certain eBanking systems will do the same. Simply
dropping these connection will result in these services not working
correctly. So, you should either send a RST or ICMP unreachable.
-tony
On Thu, 2001-12-06 at 20:51, Slighter, Tim wrote:
> you really should try and specify that the rule "drops" instead of reject so
> that the potential intruder is not provided with any information about their
> attempted connection.
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Mike Meredith: "Re: Port 113 requests?"
- In reply to: Slighter, Tim: "RE: Port 113 requests?"
- Next in thread: Florian Weimer: "Re: Port 113 requests?"
- Next in thread: Chris Keladis: "RE: Port 113 requests?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
