[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why we need ident(d)?

* Osamu Aoki (debian@aokiconsulting.com) spake thusly:
> After reding DENY/REJECT response as below, I have more question.
> Can anyone elaborate more on what happens if ident is REJECTED?

Whoever tries to do ident lookup receives "connection closed"
right away, they don't have to wait for timeout.

> If there is no negative to set ident to REJECT, I want to do it.

If everything is DENYed, it looks like your machine isn't there.
If you have REJECTs, it looks like your machine is there, but is
not running the service in question. A mix of open/REJECTed and
DENYed ports tells a portscanner that you have a firewall.

It's up to you to decide what you want to tell the portscanners:
that your machine isn't there, that it's not running any services,
or that it's firewalled. First option is nice, but you have to DENY
everything (= you can't run any servers). IMO there isn't much 
practical difference between the latter two -- either way 99.999%
of 1337 h4x0r d00dz will go look for an easier target.

E-mail dmaziuk at bmrb dot wisc dot edu (@work) or at crosswinds dot net (@home)
http://www.bmrb.wisc.edu/descript/gpgkey.dmaziuk.ascii -- GnuPG 1.0.4 public key
The wombat is a mixture of chalk and clay used for respiration.       -- MegaHal

Reply to: