* Alisson Sellaro ([EMAIL PROTECTED]) [010830 19:45]:
> Hi again folks
>
> I was checking my firewall logs and have detected lots of TCP/113
> dropped packets. Checking /etc/services I realized it was ident
> traffic. What do you think about such service? Should I let it blocked
> or should I allow it without further security exposure?
>
You're probably seeing most of those ident requests coming from mail and
irc servers your host connects to. I think "best practice" is to DENY
(rather than DROP) incoming traffic on 113. This makes it so that auth
requests are denied quickly, rather than waiting for a TCP timeout.
You really shouldn't need to enable an ident server, but if you find
that you do (e.g. your users insist on connecting to irc servers which
require it) try nullidentd. It comes with a short rant on why ident
sucks, and just returns "foobar" for every ident request.
cheers,
--
Vineet http://www.anti-dmca.org
Unauthorized use of this .sig may constitute violation of US law.
Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M'
PGP signature
