[59186] in North American Network Operators' Group
Re: Slow and Fast IP addresses on http ?
daemon@ATHENA.MIT.EDU (Nathan J. Mehl)
Tue Jun 17 13:29:09 2003
Date: Tue, 17 Jun 2003 13:28:35 -0400
From: "Nathan J. Mehl" <memory-nanog@blank.org>
To: nanog@merit.edu
Mail-Followup-To: nanog@merit.edu
In-Reply-To: <g3u1aovd6e.fsf@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
In the immortal words of Paul Vixie (vixie@vix.com):
>
> > It might also be port 113 -- some sites try to query your tcp port 113,
> > and wait for a timeout if the port is firewalled. A better solution
> > than blocking it is to send an immediate RST.
>
> people who depend on tcp/113 deserve everything stupid that happens to them.
> dropping SYN packets or returning a fixed string are both better than sending
> an immediate RST. (false confidence being valued less than low confidence.)
> i was rather shocked to discover tcp/113 clientness enabled by default in
> postfix and sendmail. but even widespread ignorance does not call for
> widespread coddling such as returning immediate RST's.
What Paul said. Ident delenda est.
ftp://blank.org/pub/misc/identd.pl <-- suitable for use under inetd
and tcpserver, if all else fails.
-n
------------------------------------------------------------<memory@blank.org>
"Must I pray in Hebrew?" No, and wipe that look of terror off your face.
Fluency in Hebrew, of course, is vital to the proper understanding of Israeli
truck driver insults. (--David Bader, "How to Be an Extremely Reform Jew")
<http://blank.org/memory/>----------------------------------------------------
