OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] identd/AUTH for SMTP Mail connections
From: Les Catterall (catteraubigpond.com)
Date: Mon Oct 02 2000 - 23:17:28 CDT

Steven Thompson wrote:
>
> Hi I have a lot of mail servers trying to connect to my identd port (113)
> when sending mail to me.
>
> <Quote>
> The problem comes about because the firewall silently drops the SYN packet.
> The e-mail server is expecting an immediate SYN-ACK (identd supported) or
> RST (identd not supported), but when the firewall drops the packet it keeps
> trying until the connection times out.
> http://www.robertgraham.com/pubs/firewall-seen.html#slow-email
> <Quote>
>
> How do you reconfigure the firewall to RST all those connections the
> incomming smtp requests on the identd port (113)
> using "pchains".
>
> Thanks in advance
>
> Steven
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribesuse.com
> For additional commands, e-mail: suse-security-helpsuse.com

Hi,

Maybe you could try to reject the connection requests rather than
denying them:

        ipchains -A input -i $EXTERNAL_INTERFACE -p TCP \
                -s $ANYWHERE -d $MY_IPADDRS 113 -j REJECT

        ".. you need to reject the connection request to avoid waiting
        for the TCP connection timeout. This is the only case when an
        incoming packet is rejected rather than denied ...."

        Robert Ziegler, "Linux Firewalls", New Riders 2000.

Cheers - Les Catterall

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com