On Fri, 1 Oct 2004 06:41:34 -0400, Greg Wooledge wrote:
>Rod.. Whitworth ([EMAIL PROTECTED]) wrote:
>> On Tue, 28 Sep 2004 22:03:55 -0400, Greg Wooledge wrote:
>> >Personally, I prefer not to reveal the usernames behind the client
>> >connections I'm making, so I use nullidentd.
>> What's better a
Rod.. Whitworth ([EMAIL PROTECTED]) wrote:
> On Tue, 28 Sep 2004 22:03:55 -0400, Greg Wooledge wrote:
> >Personally, I prefer not to reveal the usernames behind the client
> >connections I'm making, so I use nullidentd.
> What's better about that than making the flags -Hole on the inetd
> settings
On Tue, 28 Sep 2004 14:08:03 +0200, Daniel Hartmeier
<[EMAIL PROTECTED]> wrote:
> On Tue, Sep 28, 2004 at 04:46:40PM +0530, Siju George wrote:
>
> > But if I can get port 113 also in adaptive stealth mode like Zonealarm
> > did then it would be better isn't it?
>
> Not really. It can give a false
[EMAIL PROTECTED] wrote:
http://www.clock.org/~fair/opinion/identd.html
Thanks for giving a link that nicely illustrates my point about people
not understanding what ident does:
"The upshot of these assumptions is that when your system contacts the
identd server of a remote system, you can trust
On Tue, 28 Sep 2004 22:03:55 -0400, Greg Wooledge wrote:
>Personally, I prefer not to reveal the usernames behind the client
>connections I'm making, so I use nullidentd. It's very simplistic; it
>just returns a constant string for all ident requests. (It doesn't
>appear to be in ports; I simply
Greg Wooledge wrote:
Personally, I prefer not to reveal the usernames behind the client
connections I'm making, so I use nullidentd. It's very simplistic; it
just returns a constant string for all ident requests. (It doesn't
appear to be in ports; I simply grabbed the source code from
packages.de
Lars Hansson wrote:
OpenBSD does this by default in inetd.conf.
Correction, it doesnt.
---
Lars Hansson
Volker Kindermann ([EMAIL PROTECTED]) wrote:
> I'm running emailservers for years now and never ran an identd. And my
> clients don't have an identd running either. I don't think that you need this
> for smtp nowadays.
It's never been mandatory for SMTP. Some IRC servers do require it,
though.
Siju George wrote:
Hi Lars! Thanks a lot for the reply! Will manpage for identd tell me
how to return "random" usernames? Or coulld you please give me a link
where I can learn that?
man identd, options -h and -H in particular.
OpenBSD does this by default in inetd.conf.
---
Lars Hansson
On Tuesday, Sep 28, 2004, at 16:34 US/Pacific, Daniel Hartmeier wrote:
On Tue, Sep 28, 2004 at 04:23:43PM -0700, Trevor Talbot wrote:
It is. It's a mitigating mechanism for many types of
worms/bots/whatever, since they aren't capable of poking holes in
their computer owner's broadband NAT device
On Tue, 2004-09-28 at 16:23:43 -0700, Trevor Talbot proclaimed...
> It is. It's a mitigating mechanism for many types of
> worms/bots/whatever, since they aren't capable of poking holes in their
> computer owner's broadband NAT device.
Yea, sure. I've seen *many* bots with identd running happi
On Tue, Sep 28, 2004 at 04:23:43PM -0700, Trevor Talbot wrote:
> It is. It's a mitigating mechanism for many types of
> worms/bots/whatever, since they aren't capable of poking holes in their
> computer owner's broadband NAT device.
That's what UPnP is for, isn't it?
SCNR,
Daniel
On Tuesday, Sep 28, 2004, at 09:47 US/Pacific, [EMAIL PROTECTED]
wrote:
Kevin writes:
Many IRC servers will drop sessions if they cannot talk to an ident
service on the originating end. If you don't want your users to be
on IRC; this could be considered as a benefit of blocking TCP/113 ;)
Dou
On 28 Sep 2004 10:50:02 -0700, [EMAIL PROTECTED] wrote:
> You don't
>need it, nothing now depends on it,
Not quite correct. Certain smtp, ftp and irc servers come to mind.
--
SB: Wait, you mean the costumes themselves give you super powers?
MM: Of course! Why else would we fly around in co
Kevin writes:
Many IRC servers will drop sessions if they cannot talk to an ident
service on the originating end. If you don't want your users to be on
IRC; this could be considered as a benefit of blocking TCP/113 ;)
Doubtful with IRC servers today. Although I'm not privy to the details
of IRC p
Volker Kindermann writes:
I'm running emailservers for years now and never ran an identd. And my clients don't have an identd running either. I don't think that you need this for smtp nowadays.
identd is a protocol intended back in the day when the internet was
a connection between Bolt, Beranek, &
Siju George writes:
Hi Lars! Thanks a lot for the reply! Will manpage for identd tell me
how to return "random" usernames? Or coulld you please give me a link
where I can learn that?
http://www.clock.org/~fair/opinion/identd.html
On Tue, 28 Sep 2004 14:34:54 +0200, Volker Kindermann <[EMAIL PROTECTED]> wrote:
> Hi Siju,
> > The Port 113 was opened because the PF FAQ asked to open it for SMTP
> >
> > "Auth/Ident (TCP port 113): used by some services such as SMTP and IRC.
The "auth" service (aka identd or "tap") was useful b
> People who say identd is a source of "severe information leakage" does
> not understand what ident does. If you feel paranoid, as I do, you can
> always configure it to return "random" usernames.
>
> ---
> Lars Hansson
Hi Lars! Thanks a lot for the reply! Will manpage for identd tell me
how to
> I know that this is in the pf faq but I don't think that you really need it. I don't
> know about IRC but you mentioned only SMTP on your side.
>
> I'm running emailservers for years now and never ran an identd. And my clients don't
> have an identd running either. I don't think that you need
Thankyou Oliver for the reply and Explanation! It was very
informative. I'll also try the S/SAFR thing and see how it works!
God bless you
warm regards
Siju
On Tue, 28 Sep 2004 14:08:03 +0200, Daniel Hartmeier
<[EMAIL PROTECTED]> wrote:
> On Tue, Sep 28, 2004 at 04:46:40PM +0530, Siju George wrote:
> Not really. It can give a false sense of security, because you assume
> the 'adaptive' part can't be tricked by the attacker. See
>
> http://marc.theaim
Siju George wrote:
I was using Zone Alarm before on a Windows200 Firewall. All its ports
were shown as Stealthed but still SMTP server access was possible!
So further digging I got this explanation from the website that
conducted the test.
""Adaptive Stealthing" means that when a TCP SYN packet arr
Hi Siju,
> The Port 113 was opened because the PF FAQ asked to open it for SMTP
>
> "Auth/Ident (TCP port 113): used by some services such as SMTP and IRC.
> ICMP Echo Requests: the ICMP packet type used by ping(8). "
I know that this is in the pf faq but I don't think that you really need it.
on 28/9/04 12:16 pm, Siju George at [EMAIL PROTECTED] wrote:
> Hi Jason!
>
> Thanks for the reply!
>
> But if I can get port 113 also in adaptive stealth mode like Zonealarm
> did then it would be better isn't it?
If you're just trying to hide, then no. Personally I send RSTs on blocked
ports,
Siju,
I am not sure what the heck this "stealth-mode" you are talking
about. Whatever grc.com is selling has taken over your thinking. You
might want to review some literature on TCP/IP and of course read the
man pages for pf.
_Raju
On Tue, 28 Sep 2004 16:46:40 +0530, Siju George <[EMAIL PROTE
On Tue, Sep 28, 2004 at 04:46:40PM +0530, Siju George wrote:
> But if I can get port 113 also in adaptive stealth mode like Zonealarm
> did then it would be better isn't it?
Not really. It can give a false sense of security, because you assume
the 'adaptive' part can't be tricked by the attacker.
Hi Jason!
Thanks for the reply!
But if I can get port 113 also in adaptive stealth mode like Zonealarm
did then it would be better isn't it?
regards
Siju
On Sep 28, 2004, at 2:13 AM, Siju George wrote:
I changed the block-policy from return to drop. Now my ports except
113 are showing up as stealthed while twsting from
http://www.grc.com/x/ne.dll?rh1dkyd2
The Port 113 was opened because the PF FAQ asked to open it for SMTP
"Auth/Ident (TCP port 113)
Thankyou somuch Luke, Gragnak, Clinton Ben, Peter, Volker, Greg,
interval , for all the responses and advice!
I changed the block-policy from return to drop. Now my ports except
113 are showing up as stealthed while twsting from
http://www.grc.com/x/ne.dll?rh1dkyd2
The Port 113 was opened becaus
Ben Therode writes:
Unless I'm mistaken you can also do this via "block in quick" in the block
rules as well.
You are mistaken. The "quick" keyword simply tells pf to stop processing
at the last matching rule.
If you keep in mind that it is redundant to have "quick" in your last
rule in the config
On 27 Sep 2004 09:18:27 -0700, [EMAIL PROTECTED] (Ben Therode) wrote:
>Unless I'm mistaken you can also do this via "block in quick" in the block
>rules as well.
>
No, 1st or last match have nothing to do with with block policy.
greg
--
SB: Wait, you mean the costumes themselves give you su
32 matches
Mail list logo
