[59183] in North American Network Operators' Group
Re: Slow and Fast IP addresses on http ?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Jun 17 12:57:10 2003
To: drueegg@emea.att.com, nanog@nanog.org
Date: Tue, 17 Jun 2003 12:39:15 -0400
From: "Steven M. Bellovin" <smb@research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
In message <20030616210129.GM751@reifa-wave.karrenberg.net>, Daniel Karrenberg
writes:
>
>tcp-wrapper.
>
>Check DNS of the client address affected, forward and reverse.
>
It might also be port 113 -- some sites try to query your tcp port 113,
and wait for a timeout if the port is firewalled. A better solution
than blocking it is to send an immediate RST.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
