Port 113 and Bind
Brad Knowles
brad.knowles at skynet.be
Tue May 22 17:12:48 UTC 2001
At 3:41 PM +0000 5/22/01, EL CiD wrote:
> So, according to the above, it gotto stay open right? Some people say
> it can be closed without affecting your DNS, Mail, Web servers, while
> others says it got to be open.
Certain types of connections may be slower (because the server at
the other end is waiting to get an IDENT reply or for the IDENT query
to timeout, before allowing the connection to go through), but it is
not strictly required.
Indeed, since servers can be trivially easily programmed to lie
in their IDENT responses (and there may be buffer overflow risks in
the bogus IDENT responses), it has always been my suggestion to
simply turn off all IDENT services, and to make sure that everything
on all machines are configured to make no attempt to use IDENT.
BTW, please don't use "NOSPAM" type addresses. This mailing list
is gatewayed to a newsgroup, and all address snarfing programs I know
of are intelligent enough to strip that stuff anyway.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list