RE: [FW1] IDENT Question

Robert MacDonald Wed, 21 Jun 2000 06:19:01 -0700

Nice explaination. A clarification on your last sentence.
The RST is sent back, if the rule is set to REJECT. If the
rule is set to DROP, it will do just that - no notification is
sent back and thus the originating client/server must
wait or timeout before it can continue.

One last note, the referenced link below in the post by
Charles is wriiten by Robert Graham. Here is his site, and
is a wonderful must read site for the inexperienced, as
well as the experienced. Excellent work Mr. Graham.

http://www.robertgraham.com 

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> "Reale, Charles" <[EMAIL PROTECTED]> 6/20/00 5:47:24 PM >>>
>
>From.....http://www.ussrback.com/docs/papers/firewall/firewall-seen.htm 
>
>113 identd auth: This is a protocol that runs on many machines that
>identifies the user of a TCP connection. In standard usage this reveals a
>LOT of information about a machine that hackers can exploit. However, it
>used by a lot of services by loggers, especially POP, IMAP, SMTP, and IRC
>servers. In general, if you have any clients accessing these services
>through a firewall, you will see incoming connection attempts on this port.
>Note that if you block this port, clients will perceive slow connections to
>e-mail servers on the other side of the firewall. Many firewalls support
>sending back a RST on the TCP connection as part of the blocking procedure,
>which will stop these slow connections.  
>
>-----Original Message-----
>From: James Toshack [mailto:[EMAIL PROTECTED]] 
>Sent: Tuesday, June 20, 2000 4:44 PM EST
>To: [EMAIL PROTECTED] 
>Subject: [FW1] IDENT Question
>
>
>
>
>
>Can someone please tell me the importance of the TCP IDENT service port?
>The
>firewall I'm now managing has IDENT traffic blocked....I don't know if this
>is
>by design, or a mistake...our extrenal DNS's are producing hundreds and
>thousands of dropped IDENT packets...and I don't know what allowing our
>DNS's to
>process this IDENT traffic might produce in terms of a security risk.  Is
>allowing this type of traffic considered pretty standard for a DMZ DNS
>Server?



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] IDENT Question

Reply via email to
