Rejecting ident (port 113) requests

M

Mark Olbert

Guest
Is it possible to set a firewall rule so that ident requests from a trusted linux server are rejected rather than dropped? Dropping

the packets causes various server apps (e.g., telnet, pop3) on the linux server to go into a timeout cycle because they're waiting

for a reply that never comes.

I can see how to open a port, or an application, but I don't see how to control the response taken when there's no app listening and

what I want to do is reject a packet.

- Mark

 
J

Jesper

Guest
If you open a hole in the firewall for TCP port 113 your computer will send

an ICMP Port Unreachable response instead of just silently dropping it. Of

course, that is assuming you don't have anything listening on TCP 113.

The only way to control what the response is would be to write a daemon that

listens on that port and sends an appropriate response. Until there is

anything listening the responses are handled either by the firewall or by the

TCP/IP stack. In the latter case, the response is going to be defined by the

RFCs.

---

Your question may already be answered in Windows Vista Security:

http://www.amazon.com/gp/product/047010155...rotectyourwi-20

"Mark Olbert" wrote:

<span style="color:blue">

> Is it possible to set a firewall rule so that ident requests from a trusted linux server are rejected rather than dropped? Dropping

> the packets causes various server apps (e.g., telnet, pop3) on the linux server to go into a timeout cycle because they're waiting

> for a reply that never comes.

>

> I can see how to open a port, or an application, but I don't see how to control the response taken when there's no app listening and

> what I want to do is reject a packet.

>

> - Mark

> </span>

 
You must log in or register to reply here.
Top Bottom