Re: iptables: my ISP's NNTP server doesn't talk back now

From: BOUWSMA Beery (usenet-pedophile@ipv6.netscum.dyndns.dk)
Date: 06/25/02 

From: BOUWSMA Beery <usenet-pedophile@ipv6.netscum.dyndns.dk>
Date: 25 Jun 2002 09:44:46 +0200

Mojn
%s wrote on %.3s, %lld Sep 1993

> Dan Jacobson wrote:
> >
> > $ telnet news.hinet.net 119
> > Trying 168.95.195.16...
> > Connected to netnews.hinet.net.
> > Escape character is '^]'.
> > help

> There is already a problem here, you should have recieved a
> 200 or 201 message at once. (Though I have seen servers
> accepting the TCP connection quickly and then hanging a long
> time before you get the 200 message.)

Well, not at once, but quickly. First the swerver needs to do a
PTR lookup to decide if it wants to talk to you or not. It took
only a couple seconds for me to get the response
| Trying 168.95.195.16...
| Connected to netnews.hinet.net.
| Escape character is '^]'.
| 502 You have no permission to talk. Goodbye.

(Well, actually it was more than a couple seconds this time, after
I would have hoped that their local DNS swerver would have cached
my IP's PTR record for quick lookups...)

If for some reason, the swerver you talk to isn't able to look up
your PTR quickly, then in many cases you'll see a delay, assuming
of course that your swerver needs or wants to do a lookup of your
IP. This may happen if DNS is hosed somewhere.

But in this case, what I saw soon after my attempt at connection
showed that an ident query was attempted at me (I don't run an
identd swerver myself)...
| Jun 25 09:34:22 dastardly /kernel: Connection attempt to TCP 80.218.19.27:113 from 168.95.195.16:54431 flags:0x2

If you're behind a firewall or otherwise ignoring these requests,
instead of refusing the connection attempt, then the sending end
is going to wait a while until it decides it can't identify you,
which is why our victim seemed to see nothing (probably after
waiting a few minutes, the greeting would appear, but...)

> Kasper Dupont -- der bruger for meget tid på usenet.

Such a thing is simply not possible...

barry bouwsma, netscum

Relevant Pages

  • Re: iptables: my ISPs NNTP server doesnt talk back now
    ... >> Escape character is '^]'. ... PTR lookup to decide if it wants to talk to you or not. ... I would have hoped that their local DNS swerver would have cached ... what I saw soon after my attempt at connection ...
    (comp.os.linux.security)
  • Re: Server Usage Reports - Resolving IP Addresses
    ... the windows 2000 PTR may be created for manually ... Right-click the network connection that you want to configure, ... and then click the DNS tab. ... |> You may check if there are PTR records for those IP addresses in the ...
    (microsoft.public.windows.server.sbs)
  • Re: redefining Net::Telnet "escape" character
    ... > Out of curiousity isn't the escape character used for client side ... > since to drop to a subshell, as that subshell would be your Perl script??? ... login for every connection. ... connection i make in the sequence is why i need to redefine it in my ...
    (perl.beginners)
  • DNS Activity - Strange or Not?
    ... PTR ns.nj.exodus.net. ... dns lookups either). ... thought someone might be trying to relay mail through my mail server, ... my 512k connection has gone down to averaging less than 1k/sec ...
    (comp.os.linux.security)
  • Re: Problem mit "Mail"
    ... Escape character is '^]'. ... 250 HELP ... Connection closed by foreign host. ... 221 mxintern.kundenserver.de closing connection ...
    (de.comp.sys.mac.internet)
Quantcast