[MLUG] ipchains/firewalls/slow connect/port 113

[Dan Goldstein <EMAIL:PROTECTED>]

HI all
  Well I just spent the morning tracking down why ever since I installed
pmfirewall (uses ipchains) it took 20-30seconds to connect with ftp or
rlogin to delphi.missouri from my linux box. 

The culprit was the identd/auth daemon running on port 113. When ftp or
rlogin connect the daemon on the server end connects back to the client
at port 113 (my linux box) and asks who they are. If the client responds
with a "RST" packet the server just gives up and goes on with the
connection. But if port 113 on the client is set to drop the packet or
reject it the server keeps trying for 20-30 seconds thus giving me the
annoying delay. From a security stand point I can see why port 113
connections should be denied or rejected. (If it connects it apparently
gives out a bunch of info about your box..) A much better explanation of
this can be found at:
http://www.robertgraham.com/pubs/firewall-seen.html

Now here is my question. Has anyone heard of a way to have ipchains (or
another program) send back a "RST" packet when something tries to
connect to port 113? I read that some windoze firewalls are setup to do
this. Currently I have ipchains setup to respond to identd/auth(port
113) requests from the specific machines that I connect to regularly and
deny all others. This is better then nothing but my "trusted machines"
are public unix machines so who knows what might be running on them. Am
I being too paranoid?


  Once again thanks in advance...


-- 
Dan Goldstein
Mechanical and Aerospace Engineering
University of Missouri-Columbia
C2215 Engineering Building East
Columbia, MO 65211

Phone:  (573) 884-2177
FAX:    (573) 884-5090
E-Mail: EMAIL:PROTECTED
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/