Date: Mon, 5 Jul 1999 09:43:26 -0300 From: "Joao Carlos" <jcarlos@bahianet.com.br> To: "N.N.M" <madrapour@hotmail.com> Cc: <freebsd-security@freebsd.org> Subject: Re: IDENTD Message-ID: <000b01bec6e3$fac76540$fa58dfc8@bahianet.com.br> References: <19990705113029.28794.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Thanks for information. you're welcome > > 1) Could you tell me please if I can block this sort of connection (ident) > without causing any problem or inconvenience for the services like mail or > so? Look, unless you have a big reason to block, i think if you run sendmail or popper in your machie, you shouldn't block. the services won't stop working, but sendmail and popper likes to check who is using the services. You can block, if you want, incoming requests for port 113, but i really think you should let outgoing connections to be completed. IRC uses identd every time the client connects, but don't worry, if you block everybody will continue connecting without problems. That's my own opinion. > > 2) Can it be consequnced: it is basically better to block the all > conncetions we want, by using "reject" instead of "deny"? Based on what you > said (and I read about), using "reject" decreases the further re-attemting > conncetions, so it will decrease the unusable and unwanted traffic as well. > Is it right? Yes it is. The basic difference some people like to use DENY is that the otehr machine does not know what is happening... i mean... if you use reject, The person is trying to connect you know you are rejecting that connection... but if you use deny, onl;y you know that...for example... if you REJECT an ICMP packet, the person will know you're rejecting, but if you DENY, that person will only see timed out messages. Please, if i'm wrong in anything , somebody tells me that. Joao Carlos jcarlos@bahianet.com.br To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000b01bec6e3$fac76540$fa58dfc8>