Rejecting ident (port 113) requests

  • Thread starter Thread starter Mark Olbert
  • Start date Start date
M

Mark Olbert

Is it possible to set a firewall rule so that ident requests from a trusted linux server are rejected rather than dropped? Dropping
the packets causes various server apps (e.g., telnet, pop3) on the linux server to go into a timeout cycle because they're waiting
for a reply that never comes.

I can see how to open a port, or an application, but I don't see how to control the response taken when there's no app listening and
what I want to do is reject a packet.

- Mark
 
If you open a hole in the firewall for TCP port 113 your computer will send
an ICMP Port Unreachable response instead of just silently dropping it. Of
course, that is assuming you don't have anything listening on TCP 113.

The only way to control what the response is would be to write a daemon that
listens on that port and sends an appropriate response. Until there is
anything listening the responses are handled either by the firewall or by the
TCP/IP stack. In the latter case, the response is going to be defined by the
RFCs.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047010155...rotectyourwi-20


"Mark Olbert" wrote:

> Is it possible to set a firewall rule so that ident requests from a trusted linux server are rejected rather than dropped? Dropping
> the packets causes various server apps (e.g., telnet, pop3) on the linux server to go into a timeout cycle because they're waiting
> for a reply that never comes.
>
> I can see how to open a port, or an application, but I don't see how to control the response taken when there's no app listening and
> what I want to do is reject a packet.
>
> - Mark
>
 
Back
Top