[59185] in North American Network Operators' Group
Re: Slow and Fast IP addresses on http ?
daemon@ATHENA.MIT.EDU (Paul Vixie)
Tue Jun 17 13:15:30 2003
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 17 Jun 2003 17:14:49 +0000
In-Reply-To: <20030617163915.CB64D7B6C@berkshire.research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
smb@research.att.com ("Steven M. Bellovin") writes:
> It might also be port 113 -- some sites try to query your tcp port 113,
> and wait for a timeout if the port is firewalled. A better solution
> than blocking it is to send an immediate RST.
people who depend on tcp/113 deserve everything stupid that happens to them.
dropping SYN packets or returning a fixed string are both better than sending
an immediate RST. (false confidence being valued less than low confidence.)
i was rather shocked to discover tcp/113 clientness enabled by default in
postfix and sendmail. but even widespread ignorance does not call for
widespread coddling such as returning immediate RST's.
--
Paul Vixie
