Re: Port 113 requests?
From: Florian Weimer (Florian.Weimer@RUS.Uni-Stuttgart.DE)Date: 12/07/01
- Previous message: Todd Suiter: "RE: Port 113 requests?"
- In reply to: Slighter, Tim: "RE: Port 113 requests?"
- Next in thread: Alexander Bochmann: "Re: Port 113 requests?"
- Next in thread: Chris Keladis: "RE: Port 113 requests?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: INCIDENTS@securityfocus.com From: Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE> Date: 07 Dec 2001 18:45:35 +0100
"Slighter, Tim" <tslighter@itc.nrcs.usda.gov> writes:
> From: Chris Wilkes [mailto:cwilkes@ladro.com]
>> In my firewall I've setup this rule to handle these requests:
>> -p tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
>>
>> In short, nothing to be concerned about.
> you really should try and specify that the rule "drops" instead of reject so
> that the potential intruder is not provided with any information about their
> attempted connection.
This is completely misguided advice. Following it results in
substantially increased delays when delivering SMTP mail to those
hosts which perform identd lookups before accepting mail.
-- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Todd Suiter: "RE: Port 113 requests?"
- In reply to: Slighter, Tim: "RE: Port 113 requests?"
- Next in thread: Alexander Bochmann: "Re: Port 113 requests?"
- Next in thread: Chris Keladis: "RE: Port 113 requests?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
