/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
[EMAIL PROTECTED] wrote: > I'm using iptables and rc.firewall-2.4-stronger from David Ranch's HOWTO. I > was just curious to know if it's better to install IDENT on my NAT box, or > just forward port 113 to my Windows box and have my IRC client deal with > IDENT? I'm not really sure if it makes a difference either way -- so was > just curious... > > Thanks! some options are: 1) drop incoming identd packets which will probably make the irc server wait for 30 seconds before timing out the identd query but dropping packets also slows down port scans and can prevent scanners from identifying your operating system. if irc refuses to work without identd, then this won't work. 2) reject incoming identd packets which will eliminate the 30 second delay but rejecting allows faster port scans and allows a scanner to identify your operating system. if irc refuses to work without identd, then this won't work. 3) leave the identd port open but don't run an identd server. much the same as 2. 4) leave the identd port open and run a fake identd server. much the same as 2 except that irc will work. 5) leave the identd port open and run a real identd server. same as 4 but also gives scanners the ability to harvest user names. 6) port forward identd requests to a windows machine. you'd probably have to install a fake identd server on the windows (unless irc does do it itself). more complicated (need ipmasqadm). raf _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
