Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Port 113 requests?

From: Todd Suiter <todd () s4r com>
Date: Fri, 7 Dec 2001 10:11:13 -0800 (PST)
Speaking as a reformed Postmaster, when I was doing PM work for qualcomm, one
of the network admins upgraded the firewalls, and 'nope, we didn't change anything, we just upgraded the code'. Well, 
they changed one rule. Instead of rejecting the ident queries, they dropped 'em. Mail pretty much stopped until they
fessed up to what they changed.

On Thu, 6 Dec 2001, Andrew Leonard wrote:


Quoting "Slighter, Tim" <tslighter () itc nrcs usda gov>:


you really should try and specify that the rule "drops" instead of
reject so
that the potential intruder is not provided with any information about
their
attempted connection.


In this case (SMTP AUTH), if you drop instead of reject, you will have to wait
for the remote server to time out its auth connection before it lets you get on
with SMTP.  This can slow mail delivery down substantially.

cheers:
andy
--
Andrew Leonard
Geospiza, Inc.
3939 Leary Way NW
Seattle, WA 98107
(206) 633-4403; (206) 633-4415 (fax)

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: