We had to reject Ident packets because it caused mail servers to 'hang'
while talking to our stonebeat virtual interface. Sendmail uses Ident to
see if the host on the other end is alive before it starts to communicate
with it.
John.
-----Original Message-----
From: James Edwards [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 21, 2000 7:32 AM
To: 'James Toshack'; [EMAIL PROTECTED]
Subject: RE: [FW1] IDENT Question
I went thru this same issue when I put my firewall in. I finally decided to
block it and see who screams. That was about a year ago and I see a lot of
blocked ident traffic, almost all going to my mail server.
Guess what, not one single complaint.
Jim Edwards
-----Original Message-----
From: James Toshack [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 20, 2000 3:44 PM
To: [EMAIL PROTECTED]
Subject: [FW1] IDENT Question
Can someone please tell me the importance of the TCP IDENT service port?
The
firewall I'm now managing has IDENT traffic blocked....I don't know if this
is
by design, or a mistake...our extrenal DNS's are producing hundreds and
thousands of dropped IDENT packets...and I don't know what allowing our
DNS's to
process this IDENT traffic might produce in terms of a security risk. Is
allowing this type of traffic considered pretty standard for a DMZ DNS
Server?
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
