# [EMAIL PROTECTED] / 2003-11-28 12:58:33 -0500: > On 11/28/03 06:11 PM, Christian Laursen sat at the `puter and typed: > > Louis LeBlanc <[EMAIL PROTECTED]> writes: > > > > > I was introduced to a fantastic web site, http://www.grc.com/ which > > > has some impressive information about security and a number of other > > > things. Steve Gibsons 'Shields Up' web service will scan your system > > > and tell you where your vulnerabilities lie, and explain the ports in > > > pretty good detail. > > > > http://www.grcsucks.com/ > > Hmm. Interesting site. I'm sure I'll find some interesting stuff > there too, but it looks like the person running the site has no > greater pupose in life than character assassination. Not that he's > altogether wrong. I'd have to read more and decide myself what I > really think. I'm no security expert - I'm only going on what I *do* > know (or think I know), so I'd just as soon not get into a flame war > over who the idiot really is - I haven't much defense for myself in > the security arena :). > > Still, if anyone *does* know the facts, I'd like to know what the case > really is with the IDENT port and adaptive stealth.
don't get carried away by the nonsense at grc.com. the marketroid-speak term "adaptive stealth" can be normally described as stateful filtering (and dropping the packets instead of rejecting them), and it means that (in case of TCP), the target machine throws away packets that: * don't have the SYN bit set (and the ACK bit unset) * are not part of an established "conversation" you can completely "stealth" a machine if it runs no publically available servers. the problem with ident is similar to FTP: the first connection goes from you out, the other party then tries to connect to you (as far as the stack is concerned, this is a completely unrelated connection). but, the question is: what is your problem? why do you need to have identd(8) running? will anything you need break without it? if not, the correct solution to your problem is IMO to *reject* connection attempts to your port 113. -- If you cc me or remove the list(s) completely I'll most likely ignore your message. see http://www.eyrie.org./~eagle/faqs/questions.html _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"