Re: your mail
On Thu, Mar 16, 2000 at 03:01:40PM +0000, Mark Brown wrote:
> On Thu, Mar 16, 2000 at 03:45:50PM +0100, Ivan Ivanovic wrote:
>
> > On my Slink placed on Inernet often appears auth port connection attempts
> > from various sites... What (common) application needs this port?
>
> The auth port provides a facility for a remote machine to identify who's
> on your end of a TCP connection. Many servers collect and log this
> information to help provide an audit trail.
Yup. OTOH the relevant RFCs don't stipulate that the data presented has to be
*valid* so it's up to "your local admin" to choose between closing it off or
blocking it...
In any event letting on a valid username for "who owns this socket/connection"
increases security risks, albeit not necessarily by much.
Things like MTAs (sendmail et al) tend to do an identd check back on you to
see who you claim to be when sending mail; similarly the TCP wrappers (tcpd)
also do an identd check back if you use a filter with 'user@' in it.
For most (home) purposes it's best to make it REJECT instead of DENY, if you
choose to block it, so that e.g. remote FTP sites don't have to wait for a
timeout before letting you in.
~Tim
--
| Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++
| w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-
| The sun is melting over the hills, | http://piglet.is.dreaming.org/
| All our roads are waiting / To be revealed | piglet@glutinous.custard.org
Reply to: