[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] identd



On Wed, Oct 30, 2002 at 09:40:00PM +0000, fin wrote:
> Could someone tell me how to switch off identd in 8.1?
> I tested my firewall at www.grc.com and all of my ports are in stealth mode 
> except identd, which is closed but still visible. As it is a potential source 
> of information and only used for irc, which I don't need, I'd like to get rid 
> of it.
> 
> I found several articles on the web concerning this problem, but they are all 
> for earlier versions and suggest shutting the service in etc/rc.config or 
> etc/services, none of which exist in 8.1. I can't find anything in the new 
> etc/sysconfig. How can I shut identd down?

You say that identd by default is "closed by still visible" - which
probably means it is not enabled, but you get a TCP RST when trying to
connect to it. This means the ident port has a netfilter rule that
says REJECT all incoming connections; every other port is configured
as DROP by default.

This is intentional. Otherwise you will get long long delays when
trying to connect to a service that will first do an IDENT lookup
before processing your connection. Most IRC servers do that, and some
FTP servers as well.

Olaf
-- 
Olaf Kirch     |  Anyone who has had to work with X.509 has probably
okir@xxxxxxx   |  experienced what can best be described as
---------------+  ISO water torture. -- Peter Gutmann

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here