[Gllug] netstat -pan --inet
Bruce Richardson
itsbruce at uklinux.net
Mon Feb 11 12:08:17 UTC 2002
On Mon, Feb 11, 2002 at 11:47:46AM +0000, will wrote:
> Try setting up an iptables/chains rule to reject rather than drop port
> 113 TCP. This is IDENT/Auth. Some applications attempt to connect to
> you using it and they seem to hang around for ages waiting for a
> response when they won't get one. Rejecting it will speed some things
> up a bit, I assume by letting the application know it is not going to
> get a response and it can get on with what it was doing.
>
> Someone correct me if I am wrong.
No, you're quite right. If you reject a connection that's it. If you
deny (drop under iptables) a connection then the other end usually keeps
at it until they timeout, which can mean that someone portscanning you
chews up the connection for a while.
Deny/drop is for when you want to be completely invisible.
--
Bruce
What would Edward Woodward do?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 261 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20020211/6e05d57c/attachment.pgp>
More information about the GLLUG
mailing list