* Alisson Sellaro (firstname.lastname@example.org) [010830 19:45]: > Hi again folks > > I was checking my firewall logs and have detected lots of TCP/113 > dropped packets. Checking /etc/services I realized it was ident > traffic. What do you think about such service? Should I let it blocked > or should I allow it without further security exposure? > You're probably seeing most of those ident requests coming from mail and irc servers your host connects to. I think "best practice" is to DENY (rather than DROP) incoming traffic on 113. This makes it so that auth requests are denied quickly, rather than waiting for a TCP timeout. You really shouldn't need to enable an ident server, but if you find that you do (e.g. your users insist on connecting to irc servers which require it) try nullidentd. It comes with a short rant on why ident sucks, and just returns "foobar" for every ident request. cheers, -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M'
Description: PGP signature