Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Slow and Fast IP addresses on http ?

  • From: Steven M. Bellovin
  • Date: Tue Jun 17 13:33:06 2003

In message <g3u1aovd6e.fsf@sa.vix.com>, Paul Vixie writes:
>
>smb@research.att.com ("Steven M. Bellovin") writes:
>
>> It might also be port 113 -- some sites try to query your tcp port 113, 
>> and wait for a timeout if the port is firewalled.  A better solution 
>> than blocking it is to send an immediate RST.
>
>people who depend on tcp/113 deserve everything stupid that happens to them.
>dropping SYN packets or returning a fixed string are both better than sending
>an immediate RST.  (false confidence being valued less than low confidence.)
>i was rather shocked to discover tcp/113 clientness enabled by default in
>postfix and sendmail.  but even widespread ignorance does not call for
>widespread coddling such as returning immediate RST's.

I'm not defending the practice, I'm defending myself against the 
practitioners.  My email, etc., was being delayed because the site I 
was sending to was trying to query my non-existent tcp/113 server, and 
I was dropping SYNs.  Now, I either send an immediate RST or use Erik 
Fair's identd, depending on my mood.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.