North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Slow and Fast IP addresses on http ?
- From: Steven M. Bellovin
- Date: Tue Jun 17 13:33:06 2003
In message <firstname.lastname@example.org>, Paul Vixie writes:
>email@example.com ("Steven M. Bellovin") writes:
>> It might also be port 113 -- some sites try to query your tcp port 113,
>> and wait for a timeout if the port is firewalled. A better solution
>> than blocking it is to send an immediate RST.
>people who depend on tcp/113 deserve everything stupid that happens to them.
>dropping SYN packets or returning a fixed string are both better than sending
>an immediate RST. (false confidence being valued less than low confidence.)
>i was rather shocked to discover tcp/113 clientness enabled by default in
>postfix and sendmail. but even widespread ignorance does not call for
>widespread coddling such as returning immediate RST's.
I'm not defending the practice, I'm defending myself against the
practitioners. My email, etc., was being delayed because the site I
was sending to was trying to query my non-existent tcp/113 server, and
I was dropping SYNs. Now, I either send an immediate RST or use Erik
Fair's identd, depending on my mood.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)