Firewall Wizards mailing list archives

Re: NAK dropped SYN-packets to sender?

From: "Frank Heinzius" <frimp () mms de>
Date: Tue, 10 Aug 1999 09:57:38 +0200

Hi Perry,

On 9 Aug 99, at 17:52, Perry E. Metzger wrote:

least send "unreachables" for a few common undesirable services, like
the horrible "ident" protocol, which would otherwise result in delays
for things like mail delivery out of your firewall. (Unfortunately,


I think this is the way. There are indeed some services where you can 
sent icmp unreachables back to the originator:

SMTP   (if misconfigured mailers ignore MX records)
HTTP   (assuming a typo in most cases)
IDENT  (for the reasons you mentioned above)

There are a lot of services where you should just ignore the SYNs and let 
the buddy outside wait-to-death ;-) like:

BACK ORIFICE
NETBUS
FTP
TELNET
SSH
PORTMAPPER
X-Displays

I think there should also be some kind of redirection for some "services" 
like BO or NETBUS. I think I will implement a honeypot somewhere...



Kind Regards / Mit freundlichen Gruessen,

--
Frank M. Heinzius               MMS Communication AG
mailto:frimp () mms de             Eiffestrasse 598
http://www.mms.de               20537 Hamburg, Germany
Phone: +49 40 211105-40         Fax: +49 40 210 32 210
-- spam forbidden --            -- PGP key available --

Current thread:

NAK dropped SYN-packets to sender? Frank Heinzius (Aug 09)
- Re: NAK dropped SYN-packets to sender? Perry E. Metzger (Aug 10)
  - Re: NAK dropped SYN-packets to sender? Frank Heinzius (Aug 10)
- Re: NAK dropped SYN-packets to sender? Matt Curtin (Aug 10)