>> Unrelated but for security purposes, block 113 and 137.
>> Look at /etc/services. (grep 113 /etc/services)
>
>113 is currently blocked, but generates its share of logs. It seems to
>happen when sendmail connects (makes a reverse connection to 113). Why
>is that? To verify the sender? And how do I stop it?
Strictly speaking, the request is to the identd requesting confirmation
of the (mail in this case) user identity or more specifically the
owner of the process running the TCP/IP connection.
However some have deemed this to be a security violation and
now its frowned upon.
Look at man identd
If you are running though a masqueraded system, I think that the owner
of the process would be root (from the masquerading machine) as
the internal user if Windoze based may not have a name at all.
I may be wrong here but I can't see how an internal machine/user
name could be validated. (not relevant with sendmail ON the Linux box)
Also check how you have identd daemon setup in the inetd.conf
Various options can be added to identd in inetd.conf to tell the identd
to give a valid but irrelevant answer. Again see man identd for options.
This may be a better option than blocking 113 BUT others will disagree.
To disable the logs for 113, take out the -l.
But that takes away all the fun!!
Regards,
Bruce.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
