Re: Slow and Fast IP addresses on http ?

["Steven M. Bellovin" <smb () research att com>]

In message <g3u1aovd6e.fsf () sa vix com>, Paul Vixie writes:
> smb () research att com ("Steven M. Bellovin") writes:
>
> > It might also be port 113 -- some sites try to query your tcp port 113, 
> > and wait for a timeout if the port is firewalled.  A better solution 
> > than blocking it is to send an immediate RST.
>
> people who depend on tcp/113 deserve everything stupid that happens to them.
> dropping SYN packets or returning a fixed string are both better than sending
> an immediate RST.  (false confidence being valued less than low confidence.)
> i was rather shocked to discover tcp/113 clientness enabled by default in
> postfix and sendmail.  but even widespread ignorance does not call for
> widespread coddling such as returning immediate RST's.

I'm not defending the practice, I'm defending myself against the 
practitioners.  My email, etc., was being delayed because the site I 
was sending to was trying to query my non-existent tcp/113 server, and 
I was dropping SYNs.  Now, I either send an immediate RST or use Erik 
Fair's identd, depending on my mood.

                --Steve Bellovin, http://www.research.att.com/~smb (me)
                http://www.wilyhacker.com (2nd edition of "Firewalls" book)