At 12:44 PM -0700 6/24/98, Todd Vierling wrote:
> Ask the firewall admin if the firewall can be set-up to return RST instead
> of "nothing". That response is equivalent to a "Connection refused".
I did, just for information purposes. His response was he WANTS
nothing. First, it slows down an attempt to scan through the firewall
(since everything has to time out instead of returning immediately. And
that's what started this thread... grin), and second, the less
information he gives hackers, the happier he is. And using RST instead
of a blank wall tells them something's there....
> IMHO, "mis-feature" or not, outbound IDENT should be allowed for logging
> purposes.
the general response I've gotten, frankly, is that IDENT is pretty
useless and unreliable, but I ought to run it anyway, just in case
someone finds it useful. That seems silly logic to me. I've never run
an IDENT server on a machine, and this is the first time it's come up
in any discussion, so it sure doesn't seem important. And I've talked
to a number of TCP hacks about it since this came up, and most feel
it's of limited usefulness and easy to spoof, and they think it's a
mis-feature that it's on by default in sendmail.
FWIW.
--
Chuq Von Rospach (Hockey fan? <http://www.plaidworks.com/hockey/>)
Apple Mail List Gnome (mailto:[EMAIL PROTECTED])
Plaidworks Consulting (mailto:[EMAIL PROTECTED])
<http://www.plaidworks.com/> + <http://www.lists.apple.com/>
