Subject:
|
Re: tcplog: auth connection attempt from lugnet.com
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Mon, 14 Dec 1998 20:47:09 GMT
|
Reply-To:
|
mattdm@/avoidspam/mattdm.org
|
Viewed:
|
790 times
|
| |
|
|
Todd Lehman <lehman@javanet.com> wrote:
> ardjan.besse@telekabel.at (Ardjan Besse) writes:
> > I've got a firewall under Linux for a while now, and every time I us my
> > (Agent on NT) news-client, I get a message on my Firewall that says:
> > "tcplog: auth connection attempt from lugnet.com"
> I don't know what an "autho connection attempt is" but maybe NT doesn't like
> reverse domain lookups?
Not "autho"; but "auth". I didn't know nntp did that... huh. Anyway:
Ardjan, you should set up your firewall to reject those requests rather than
denying them. It's trying to check with the identd daemon, which is
"supposed" to verify your identity. I put that in quotes because no one
supposes anything of identd anymore -- if you don't trust the remote user,
how can you trust what their machine says? Which is why it's called "ident"
these days instead of "auth": it's not secure, so don't use it to authorize
anything. Anyway, some services -- notably IRC and SMTP -- look for this.
Either run an identd server (yours can spit out bogus data if you want --
there's several for Linux that do) or set your firewall to 'reject', which
causes it to tell the connecting host that it can't get through, which is
better than 'deny', because with deny, the remote host doesn't know what's
going on and will wait for a timeoout.
(Most services happily go on without getting an ident response; they just
wanna check it if it's there. It's pretty stupid really.)
--
Matthew Miller ---> mattdm@mattdm.org
Quotes 'R' Us ---> http://quotes-r-us.org/
|
|
1 Message in This Thread:
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
