On Wednesday 03 December 2003 11:27 pm, Michael Gale wrote:
> Hello,
>
> Thanks for the response -- it starting logging all outbound traffic and
> found that the FTP server is sending out ident request to the Cisco router.
> Which is odd because there is NO ident server on the FTP box and the FTP
> config specifies no Ident lookups.
Ident requests are generally caused by the use of tcpwrappers (see your
inetd.conf file to confirm this). You do not need to be running an ident
server for your machine to send out ident requests (those mean that it is
acting as a client, asking for responses from some other server).
> The packet leaves from port X to the Cisco on port 113 but then the Cisco
> returns a ACK RST from port number < 10 to port X.
That is not the way TCP is supposed to work. All responses should be from the
source port which the original request packet went to as destination port.
If you send a packet to port 113, you should get a reply (whether it's a goood
one saying "hello" or a bad one saying "no service here") from port 113.
Antony.
--
Most people have more than the average number of legs.
Please reply to the list;
please don't CC me.
