In message <[EMAIL PROTECTED]>, Paul Vixie writes:
>
>[EMAIL PROTECTED] ("Steven M. Bellovin") writes:
>
>> It might also be port 113 -- some sites try to query your tcp port 113,
>> and wait for a timeout if the port is firewalled. A better solution
>> than blocking it is to send an immediate RST.
>
>people who depend on tcp/113 deserve everything stupid that happens to them.
>dropping SYN packets or returning a fixed string are both better than sending
>an immediate RST. (false confidence being valued less than low confidence.)
>i was rather shocked to discover tcp/113 clientness enabled by default in
>postfix and sendmail. but even widespread ignorance does not call for
>widespread coddling such as returning immediate RST's.
I'm not defending the practice, I'm defending myself against the
practitioners. My email, etc., was being delayed because the site I
was sending to was trying to query my non-existent tcp/113 server, and
I was dropping SYNs. Now, I either send an immediate RST or use Erik
Fair's identd, depending on my mood.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
