[EMAIL PROTECTED] wrote:
On Tue, Apr 27, 2004 at 12:38:26AM -0800, Drexx Laggui wrote:
You mean disabling telnet connections to your mail server's TCP/25? Not by Sendmail alone. The firewall made by Stonesoft disables TCP/25 connections after a specified time of non-activity --a simple way of guessing that connections to the mail server are made manually, because the required SMTP activity per unit of time, is not there.
This is dangerous. This might prevent receiving mail from sites that have a high latency relative to the server that's doing it. Non-activity does not always mean an inactive connection, it could also mean high latency.
It's not dangerous per se. It'll be just quite inconvenient for the sys admin to fix if he/she is not aware of this firewall feature and that the mail servers are experience very high latency traffic.
Reminds me of the false positives generated by firewalls regarding web proxy servers... as the web proxy server can have a tremendous lot of SYN-ACKs in its queue with a long wait time, a default-configured firewall can be mistaken in judging that the web proxy server is under DoS attack and thus send out alerts and even block traffic to/from it. But in reality it's just another working day for the web proxy.
Now, if a firewall allows buffer-overflow attacks against a mail server and/or web servers, then that's dangerous.
Drexx Laggui Asia-Pacific Region #Computer Crime Analyst
-- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
