[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

What to return for AUTH tcp/113 requests?



>>>>> "M" == moseley  <moseley@hank.org> writes:

    M> I belive it's not good to just drop the auth (ident) requests
    M> -- IIRC it makes mail clients delay.

Correct.

    M> So the question is how should they be rejected?

    M>    reject-with icmp-port-unreachable or reject-with tcp-reset

Tcp reset.  For two reasons: (1) some idiots ban ICMP outright at
firewalls.  (2) common practice (icmp port unreachable for UDP, TCP
reset for tcp)

[...]
    M> BTW -- is there a utility to manually send an auth request?
    M> That would help with testing the rules.

Telnet or netcat + tcpdump if you wish.

cheers,

BM



Reply to: