# [EMAIL PROTECTED] / 2003-11-28 12:58:33 -0500:
> On 11/28/03 06:11 PM, Christian Laursen sat at the `puter and typed:
> > Louis LeBlanc <[EMAIL PROTECTED]> writes:
> >
> > > I was introduced to a fantastic web site, http://www.grc.com/ which
> > > has some impressive information about security and a number of other
> > > things. Steve Gibsons 'Shields Up' web service will scan your system
> > > and tell you where your vulnerabilities lie, and explain the ports in
> > > pretty good detail.
> >
> > http://www.grcsucks.com/
>
> Hmm. Interesting site. I'm sure I'll find some interesting stuff
> there too, but it looks like the person running the site has no
> greater pupose in life than character assassination. Not that he's
> altogether wrong. I'd have to read more and decide myself what I
> really think. I'm no security expert - I'm only going on what I *do*
> know (or think I know), so I'd just as soon not get into a flame war
> over who the idiot really is - I haven't much defense for myself in
> the security arena :).
>
> Still, if anyone *does* know the facts, I'd like to know what the case
> really is with the IDENT port and adaptive stealth.
don't get carried away by the nonsense at grc.com. the
marketroid-speak term "adaptive stealth" can be normally described
as stateful filtering (and dropping the packets instead of rejecting
them), and it means that (in case of TCP), the target machine throws
away packets that:
* don't have the SYN bit set (and the ACK bit unset)
* are not part of an established "conversation"
you can completely "stealth" a machine if it runs no publically
available servers. the problem with ident is similar to FTP: the
first connection goes from you out, the other party then tries to
connect to you (as far as the stack is concerned, this is a
completely unrelated connection).
but, the question is: what is your problem? why do you need to have
identd(8) running? will anything you need break without it? if not,
the correct solution to your problem is IMO to *reject* connection
attempts to your port 113.
--
If you cc me or remove the list(s) completely I'll most likely ignore
your message. see http://www.eyrie.org./~eagle/faqs/questions.html
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
