Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Personally I don't think you are being too paranoid. Anyway, the upshot
of Brent's email is that the following rule:
ipchains -A input -p tcp -s 0/0 -d your.ip.address 113 -j REJECT
will do the trick. Note that in this case you don't need to have identd
running at all. Now if that isn't just the neatest solution...
Cheers, Rob
On Tue, 20 Mar 2001, Deterding, Brent D (UMC-Student) wrote:
> RST is sent back when your FW REJECTS. DROPing a packet sends nothing
> back. A good way to think about this is look at an nmap output.
> Now here is my question. Has anyone heard of a way to have ipchains (or
> another program) send back a "RST" packet when something tries to
> connect to port 113? I read that some windoze firewalls are setup to do
> this. Currently I have ipchains setup to respond to identd/auth(port
> 113) requests from the specific machines that I connect to regularly and
> deny all others. This is better then nothing but my "trusted machines"
> are public unix machines so who knows what might be running on them. Am
> I being too paranoid?
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php
Archives are available at http://mlug.missouri.edu/list-archives/
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact