Re: ipchains rules: REJECT vs. DENY
hi ya
> >Moral of that story is to make sure that you either run an ident
> >server, or set it to REJECT.
>
> Well, I wouldn´t (and don´t) run identd, since I have no intention of
> revealing the name of the user running a particular service (in
if one runs identd... any incoming email address to "fake@yourdomain.com"
will get returned/bounced back to the sender as no such user...
( you see a log in maillog etc that they tried to send soemthing )
if you dont run identd... you receive and store that email addressed
to fake.... and bounced locally to root/postmaster as non-deliverable
locally ??
have fun linuxing
alvin
http://www.Linux-Sec.net
**
** http://www.Linux10.org .... Linux 10th Anniversary Picnic ...
**
> general this will be either your login-name or root), but there are
> some interesting other options:
>
> - accept connections to services like ident (or finger or..) but just
> return random garbage. One option for this is via inetd:
> - ident stream tcp nowait nobody /bin/dd dd if=/dev/urandom bs=64 \
> count=1
> - or, for ident specifically, use fakeidentd (see freshmeat.net,
> excellent software).
>
> Of course, you would want to log such connections via the
> kernel-firewall, just so you´ll now what´s going on.
>
> cheers,
> &rw
> --
> -- Renting airplanes is like renting sex: It's difficult to arrange
> -- on short notice on Saturday, the fun things always cost more, and
> -- someone's always looking at their watch. - Paul Tomblin, asr
> ----
>
>
>
Reply to: