[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] identd
On Wed, Oct 30, 2002 at 09:40:00PM +0000, fin wrote:
> Could someone tell me how to switch off identd in 8.1?
> I tested my firewall at www.grc.com and all of my ports are in stealth mode
> except identd, which is closed but still visible. As it is a potential source
> of information and only used for irc, which I don't need, I'd like to get rid
> of it.
> I found several articles on the web concerning this problem, but they are all
> for earlier versions and suggest shutting the service in etc/rc.config or
> etc/services, none of which exist in 8.1. I can't find anything in the new
> etc/sysconfig. How can I shut identd down?
You say that identd by default is "closed by still visible" - which
probably means it is not enabled, but you get a TCP RST when trying to
connect to it. This means the ident port has a netfilter rule that
says REJECT all incoming connections; every other port is configured
as DROP by default.
This is intentional. Otherwise you will get long long delays when
trying to connect to a service that will first do an IDENT lookup
before processing your connection. Most IRC servers do that, and some
FTP servers as well.
Olaf Kirch | Anyone who has had to work with X.509 has probably
okir@xxxxxxx | experienced what can best be described as
---------------+ ISO water torture. -- Peter Gutmann
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here