Re: Port 113 requests?

From: Alexander Bochmann (securityfocus-incidents@freinet.de)
Date: 12/07/01


Date: Fri, 7 Dec 2001 11:42:35 +0100
From: Alexander Bochmann <securityfocus-incidents@freinet.de>
To: "Slighter, Tim" <tslighter@itc.nrcs.usda.gov>


...on Thu, Dec 06, 2001 at 01:51:33PM -0700, Slighter, Tim wrote:

> you really should try and specify that the rule "drops" instead of reject so
> that the potential intruder is not provided with any information about their
> attempted connection.

...except that Ryan Russell just explained why this is a
bad idea (at least if you want to send mail from that machine).

Alex.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: Port 113 requests?
    ... > that the potential intruder is not provided with any information about their ... > attempted connection. ... substantially increased delays when delivering SMTP mail to those ... This list is provided by the SecurityFocus ARIS analyzer service. ...
    (Incidents)
  • Re: Port 113 requests?
    ... "Slighter, Tim" wrote: ... > that the potential intruder is not provided with any information about their ... > attempted connection. ... Make sure to change the sendmail configuration to disable ident lookups before ...
    (Incidents)
  • RE: Port 113 requests?
    ... > that the potential intruder is not provided with any information about ... > attempted connection. ... In this case (SMTP AUTH), if you drop instead of reject, you will have to wait ... For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)