Helmut
You said "nevertheless the usual councel: if you don't need it, block it. if
you
don't know, block it and investigate."
Very true.
And the best way to look at this is to begin by blocking everything and then
look at what you need and allow them.
Regards, Helen.
Helmut Springer <[EMAIL PROTECTED]> on 08/12/99 00:35:26
Please respond to Helmut Springer <[EMAIL PROTECTED]>
To: firewalls list <[EMAIL PROTECTED]>
cc: (bcc: Helen Richardson/UK/IBM)
Subject: Re: port 113
On Tue 1999-12-07 (16:15), Mullen, Patrick wrote:
> That being said, port 113 is useless and should be blocked. Better
> yet, don't even run the daemon at all.
read rfc1413 defining ident.
the daemon is for the profit of the one running it on a multiuser or
maybe routing system (think about NAT). it can give out crypted tokens
instead of cleartext usernames btw.
> Back in the days the auth port was good because the Net was open and
> people were honest. Now, if
if in doubt the other side of a connection never is neither was honest,
rfc1413 also tells you that.
nevertheless the usual councel: if you don't need it, block it. if you
don't know, block it and investigate.
--
MfG/best regards, helmut springer
[EMAIL PROTECTED]
"Freedom's just another word for nothing left to lose"
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
