That's IT! It's not qpopper that's generating these IDENT requests. It's not even inetd. It's the TCPWrappers!
I verified this by having one of my clients FTP to the same server (that's the only other line open on my inetd.conf). Once again, IDENT requests were detected in the client's firewall. I changed the inetd config line so that tcp wrappers weren't being used for FTP, had him try again, and no IDENT requests were made. The unfortunate part about all this, though, is that I'm still not sure how to disable this "feature." In my preliminary research, it appears that I may have to recompile tcpd. Either way, this is obviously not a qpopper problem. Thanks for all your help! -- Jon Fullmer on 2/15/03 1:57 PM, Daniel Senie at [EMAIL PROTECTED] wrote: > At 02:08 PM 2/15/2003, Jon Fullmer wrote: >> That certainly could be. I'm using inetd 1.2. I didn't see any mention of >> IDENT in the inetd documentation or manpages. There's nothing in the >> /etc/inetd.conf file. I realize this isn't the "inetd" mailing list, but >> does anyone know how one would disable this in inetd? > > Possibly inetd, or you're using tcp wrappers and it's doing it. > > I'd start with the man pages and related for both. > > xinetd does do ident if you don't instruct it otherwise. > > I also have found it useful to apply a filter (iptables/ipchains/etc.) into > my servers so that any attempt to send a packet to an ident port results in > (a) a report so I can track down and kill the thing and (b) a reject (ICMP) > message to the sender. That squelches any program which tries to use ident, > and allows me to find and fix it. >
