[59187] in North American Network Operators' Group
Re: Slow and Fast IP addresses on http ?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Jun 17 13:31:58 2003
To: Paul Vixie <vixie@vix.com>
Cc: nanog@merit.edu
Date: Tue, 17 Jun 2003 13:28:52 -0400
From: "Steven M. Bellovin" <smb@research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
In message <g3u1aovd6e.fsf@sa.vix.com>, Paul Vixie writes:
>
>smb@research.att.com ("Steven M. Bellovin") writes:
>
>> It might also be port 113 -- some sites try to query your tcp port 113,
>> and wait for a timeout if the port is firewalled. A better solution
>> than blocking it is to send an immediate RST.
>
>people who depend on tcp/113 deserve everything stupid that happens to them.
>dropping SYN packets or returning a fixed string are both better than sending
>an immediate RST. (false confidence being valued less than low confidence.)
>i was rather shocked to discover tcp/113 clientness enabled by default in
>postfix and sendmail. but even widespread ignorance does not call for
>widespread coddling such as returning immediate RST's.
I'm not defending the practice, I'm defending myself against the
practitioners. My email, etc., was being delayed because the site I
was sending to was trying to query my non-existent tcp/113 server, and
I was dropping SYNs. Now, I either send an immediate RST or use Erik
Fair's identd, depending on my mood.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
