Mailinglist Archive: opensuse-security (547 mails)

< Previous Next >
Re: [suse-security] Closing Identd service with Ipchains
  • From: "Charles Price" <suselist@xxxxxxxxxxx>
  • Date: Thu, 16 Nov 2000 22:37:06 -0000
  • Message-id: <00b901c05022$b5655100$799c7ed4@xxxxxxxxxx>
Does the newer iptables packet filter offer a RST return function?

Charlie

----- Original Message -----
From: Alexander Reelsen <ar@xxxxxxxx>
To: RoMaN SoFt / LLFB!! <roman@xxxxxxxxxx>
Cc: <suse-security@xxxxxxxx>
Sent: Tuesday, November 14, 2000 4:43 PM
Subject: Re: [suse-security] Closing Identd service with Ipchains


> Hi
>
> On Tue, Nov 14, 2000 at 12:33:06PM +0100, RoMaN SoFt / LLFB!! wrote:
> > I want my (firewalled)-gw responds to an ident (113 port) request
> > with a RST packet, thus simulating the service is closed. I'm using
> > Ipchains with kernel 2.2.17. Is there any way of doing that?
> README for Return-RST, a Linux 2.2 firewall helper tool
> -------------------------------------------------------
>
> Written by Nic Bellamy <nic@xxxxxxxxxxxxx> of
> Bellamy Consulting Limited - http://www.bellamy.co.nz/
>
>
> Return-RST was written to overcome the lack of an ipchains policy that
can
> return a RESET packet when denying a TCP connection. The DENY policy
just
> drops the packet, and the REJECT policy sends back an ICMP message.
Either
> policy will tip an attacker off to the fact they're being filtered.
>
>
> I guess that is what you're searching for. In addition it is using the
> netlink socket and the ability of passing packets over to the userspace,
> so it cannot handle and endless high amount of connections. However, it
> should be sufficient without problems for identd only.
>
>
> MfG/Regards, Alexander
>
> P.S. Apologises if I sent ealier mails with wrong sender, or if it
bounced.
> My mailsystem was misconfigured and I can't blame it on anyone else. If
> you've sent me a mail in the last 14 days, please resend it.
>
> --
> Alexander Reelsen http://joker.rhwd.de
> ref@xxxxxxxxx GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
> ar@xxxxxxxx 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C
> Securing Debian: http://joker.rhwd.de/doc/Securing-Debian-HOWTO
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>


< Previous Next >