Firewall Wizards mailing list archives
Re: NAK dropped SYN-packets to sender?
From: "Frank Heinzius" <frimp () mms de>
Date: Tue, 10 Aug 1999 09:57:38 +0200
Hi Perry, On 9 Aug 99, at 17:52, Perry E. Metzger wrote:
least send "unreachables" for a few common undesirable services, like the horrible "ident" protocol, which would otherwise result in delays for things like mail delivery out of your firewall. (Unfortunately,
I think this is the way. There are indeed some services where you can sent icmp unreachables back to the originator: SMTP (if misconfigured mailers ignore MX records) HTTP (assuming a typo in most cases) IDENT (for the reasons you mentioned above) There are a lot of services where you should just ignore the SYNs and let the buddy outside wait-to-death ;-) like: BACK ORIFICE NETBUS FTP TELNET SSH PORTMAPPER X-Displays I think there should also be some kind of redirection for some "services" like BO or NETBUS. I think I will implement a honeypot somewhere... Kind Regards / Mit freundlichen Gruessen, -- Frank M. Heinzius MMS Communication AG mailto:frimp () mms de Eiffestrasse 598 http://www.mms.de 20537 Hamburg, Germany Phone: +49 40 211105-40 Fax: +49 40 210 32 210 -- spam forbidden -- -- PGP key available --
Current thread:
- NAK dropped SYN-packets to sender? Frank Heinzius (Aug 09)
- Re: NAK dropped SYN-packets to sender? Perry E. Metzger (Aug 10)
- Re: NAK dropped SYN-packets to sender? Frank Heinzius (Aug 10)
- Re: NAK dropped SYN-packets to sender? Matt Curtin (Aug 10)
- Re: NAK dropped SYN-packets to sender? Perry E. Metzger (Aug 10)