[ ident lookups causing tcpd to be slow ]
There's no satisfactory answer to this problem at present, I think.
umm, reading the manual?
man 5 hosts_access [on Debian Linux at least]
CLIENT USERNAME LOOKUP
When the client host supports the RFC 931 protocol or one
of its
On Friday 14 June 2002 8:15 am, David Luyer wrote:
[ ident lookups causing tcpd to be slow ]
There's no satisfactory answer to this problem at present, I think.
So it's a compile option on tcpd. Recompile with it disabled.
Yes, but that would need to be done by everyone out on the
On Friday 14 June 2002 8:15 am, David Luyer wrote:
[ ident lookups causing tcpd to be slow ]
There's no satisfactory answer to this problem at
present, I think.
So it's a compile option on tcpd. Recompile with it disabled.
Yes, but that would need to be done by everyone out
Easy solution:
deny (connection reset) rather than drop the connections
I meant reject. From the man page:
REJECT
This is used to send back an error packet in response to
the matched packet: otherwise it is equivalent to DROP so
it is a terminating TARGET,
On Friday 14 June 2002 9:25 am, David Luyer wrote:
Easy solution:
deny (connection reset) rather than drop the connections
I meant reject. From the man page:
Why connection reset? For idiots at the other end who firewall all
ICMP.
Same problem. Leaves me with a port on my
fre, 2002-06-14 kl. 11:16 skrev Antony Stone:
Yes, that's the hole in my firewall I referred to. By sending back RST to
packets coming in on TCP port 113, I'm telling people there's a firewall
there. All other ports send back nothing, and I don't want this one to
stand out as being
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Antony Stone
Sent: Friday, June 14, 2002 5:19 AM
To: [EMAIL PROTECTED]
Subject: Re: TCP delay, solved
On Friday 14 June 2002 9:25 am, David Luyer wrote:
Easy solution:
deny (connection reset
to try it on a real live firewall sometime soon
-Joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Joe Patterson
Sent: Friday, June 14, 2002 4:30 PM
To: Antony Stone; [EMAIL PROTECTED]
Subject: RE: TCP delay, solved
How about this as a possible
Antony Stone [EMAIL PROTECTED] wrote:
On Wednesday 12 June 2002 5:33 pm, Nathan Cassano wrote:
Well you learn something new every day. Today I learned inetd does ident
checks on it's clients.
Yes, it's called tcpwrappers, and has been pretty standard on systems for I'd
say about four
On Thursday 13 June 2002 10:59 am, Juri Haberland wrote:
This is annoying, is there a way you can turn
this off inside inetd?
Yes, it's the bit on each line of /etc/inetd.conf which says
/usr/sbin/tcpd - it does an ident lookup and logs the access to syslog
before handing the
Well you learn something new every day. Today I learned inetd does ident
checks on it's clients. This is annoying, is there a way you can turn
this off inside inetd?
So I added a rule to return the port-unreachable error and everything
now works hunky dory. Thanks everyone for your help.
11 matches
Mail list logo