The indent service is used by some servers to verify that the source IP
address in a packet is a real IP address in use on the Internet, and not
a spoofing attempt.
If you create a rule which REJECTs ident, then the source of the indent
packet should correctly conclude that you are actively blocking this
service,
give up on its identification attempt, and procede with its processing of
the network connection. If you choose to DROP, you may disconnect some
servies, such as SMTP.
I see indent packets coming back from the ISP's mail server that I use to
send this email to the list.
--- Jerald Josephs
----- Original Message -----
From: "James Toshack" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 20, 2000 1:43 PM
Subject: [FW1] IDENT Question
>
>
>
> Can someone please tell me the importance of the TCP IDENT service port?
The
> firewall I'm now managing has IDENT traffic blocked....I don't know if
this is
> by design, or a mistake...our extrenal DNS's are producing hundreds and
> thousands of dropped IDENT packets...and I don't know what allowing our
DNS's to
> process this IDENT traffic might produce in terms of a security risk. Is
> allowing this type of traffic considered pretty standard for a DMZ DNS
Server?
>
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
