On Monday 17 November 2003 7:56 pm, Alistair Tonner wrote:
> If you've several systems that want to connect and do DCC you
> will want to make sure you load the conntrack and nat irc
> handlers from iptables ... they aren't needed for plain connections,
> but are for DCC sends/recieves.
Indeed, however I assumed that anyone interested in the security of having a
firewall wouldn't be using insecure things like DCC. However, your reminder
that there is a conntrack helper for this protocol is a good one.
> As a rule these days a LOT of irc servers want an identd reply ...
> identd is a horrible security problem, but you can use several
> alternatives ... I've a python script that acts as a chrooted identd
> server -- works a charm replying with random numbers ....
You mean they actually require an identd response before allowing a
connection (rather than just making it take a bit longer than usual)?
What's the point in that? It adds nothing to security, adds very little to
logging opportunities, and only interferes with people trying to keep their
networks to themselves.
Ho Hum; it's a strange world on the Internet....
Antony.
--
The idea that Bill Gates appeared like a knight in shining armour
to lead all customers out of a mire of technological chaos
neatly ignores the fact that it was he who, by peddling
second-rate technology, led them into it in the first place.
- Douglas Adams in The Guardian, August 25, 1995
Please reply to the list;
please don't CC me.
