From.....http://www.ussrback.com/docs/papers/firewall/firewall-seen.htm
113 identd auth: This is a protocol that runs on many machines that
identifies the user of a TCP connection. In standard usage this reveals a
LOT of information about a machine that hackers can exploit. However, it
used by a lot of services by loggers, especially POP, IMAP, SMTP, and IRC
servers. In general, if you have any clients accessing these services
through a firewall, you will see incoming connection attempts on this port.
Note that if you block this port, clients will perceive slow connections to
e-mail servers on the other side of the firewall. Many firewalls support
sending back a RST on the TCP connection as part of the blocking procedure,
which will stop these slow connections.
-----Original Message-----
From: James Toshack [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 20, 2000 4:44 PM EST
To: [EMAIL PROTECTED]
Subject: [FW1] IDENT Question
Can someone please tell me the importance of the TCP IDENT service port?
The
firewall I'm now managing has IDENT traffic blocked....I don't know if this
is
by design, or a mistake...our extrenal DNS's are producing hundreds and
thousands of dropped IDENT packets...and I don't know what allowing our
DNS's to
process this IDENT traffic might produce in terms of a security risk. Is
allowing this type of traffic considered pretty standard for a DMZ DNS
Server?
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
