Home page logo

nanog logo nanog mailing list archives

Re: Slow and Fast IP addresses on http ?
From: "Nathan J. Mehl" <memory-nanog () blank org>
Date: Tue, 17 Jun 2003 13:28:35 -0400

In the immortal words of Paul Vixie (vixie () vix com):

It might also be port 113 -- some sites try to query your tcp port 113, 
and wait for a timeout if the port is firewalled.  A better solution 
than blocking it is to send an immediate RST.

people who depend on tcp/113 deserve everything stupid that happens to them.
dropping SYN packets or returning a fixed string are both better than sending
an immediate RST.  (false confidence being valued less than low confidence.)
i was rather shocked to discover tcp/113 clientness enabled by default in
postfix and sendmail.  but even widespread ignorance does not call for
widespread coddling such as returning immediate RST's.

What Paul said.  Ident delenda est.

ftp://blank.org/pub/misc/identd.pl  <-- suitable for use under inetd
and tcpserver, if all else fails.


------------------------------------------------------------<memory () blank org>
"Must I pray in Hebrew?" No, and wipe that look of terror off your face. 
Fluency in Hebrew, of course, is vital to the proper understanding of Israeli 
truck driver insults.     (--David Bader, "How to Be an Extremely Reform Jew")

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]