8 Mar
2002
8 Mar
'02
16:14
BUT - if you then e.g. try to pop mail from external pophost you'll need a lot more time until new mail arrives you, cauzed by the ignored, and not blocked, ident call of that pop-server :O)
same goes for SMTP (especially if you run an smtp server) i think DROPping by default and REJECTing identd is fine. if you just want to secure your private box/server you could also start dropping incoming packets with SYN flags after a certain limit, which makes a "quick portscan from 1:65535" a bit more difficult --- there is plenty of stuff to do (what about MIRRORing identd? the pop servers will get their own identd response, but is this bad?)