Vista - Rejecting ident (port 113) requests

04-30-2008

Is it possible to set a firewall rule so that ident requests from a trusted linux server are rejected rather than dropped? Dropping
the packets causes various server apps (e.g., telnet, pop3) on the linux server to go into a timeout cycle because they're waiting
for a reply that never comes.

I can see how to open a port, or an application, but I don't see how to control the response taken when there's no app listening and
what I want to do is reject a packet.

- Mark

05-05-2008

If you open a hole in the firewall for TCP port 113 your computer will send
an ICMP Port Unreachable response instead of just silently dropping it. Of
course, that is assuming you don't have anything listening on TCP 113.

The only way to control what the response is would be to write a daemon that
listens on that port and sends an appropriate response. Until there is
anything listening the responses are handled either by the firewall or by the
TCP/IP stack. In the latter case, the response is going to be defined by the
RFCs.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20

"Mark Olbert" wrote:

Quote:

> Is it possible to set a firewall rule so that ident requests from a trusted linux server are rejected rather than dropped? Dropping
> the packets causes various server apps (e.g., telnet, pop3) on the linux server to go into a timeout cycle because they're waiting
> for a reply that never comes.
>
> I can see how to open a port, or an application, but I don't see how to control the response taken when there's no app listening and
> what I want to do is reject a packet.
>
> - Mark
>

04-30-2008	#1 (permalink)
Mark Olbert n/a posts	Rejecting ident (port 113) requests Is it possible to set a firewall rule so that ident requests from a trusted linux server are rejected rather than dropped? Dropping the packets causes various server apps (e.g., telnet, pop3) on the linux server to go into a timeout cycle because they're waiting for a reply that never comes. I can see how to open a port, or an application, but I don't see how to control the response taken when there's no app listening and what I want to do is reject a packet. - Mark
My System Specs

05-05-2008	#2 (permalink)
Jesper n/a posts	RE: Rejecting ident (port 113) requests If you open a hole in the firewall for TCP port 113 your computer will send an ICMP Port Unreachable response instead of just silently dropping it. Of course, that is assuming you don't have anything listening on TCP 113. The only way to control what the response is would be to write a daemon that listens on that port and sends an appropriate response. Until there is anything listening the responses are handled either by the firewall or by the TCP/IP stack. In the latter case, the response is going to be defined by the RFCs. --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047...otectyourwi-20 "Mark Olbert" wrote: Quote: > Is it possible to set a firewall rule so that ident requests from a trusted linux server are rejected rather than dropped? Dropping > the packets causes various server apps (e.g., telnet, pop3) on the linux server to go into a timeout cycle because they're waiting > for a reply that never comes. > > I can see how to open a port, or an application, but I don't see how to control the response taken when there's no app listening and > what I want to do is reject a packet. > > - Mark >
My System Specs

Similar Threads
Thread	Forum
Rejecting a sender	Vista mail
Keeps rejecting addresses	Vista mail
My server keeps rejecting my login!!!!	Vista mail
WLM rejecting messages for policy reasons	Live Mail
windows mail rejecting password	Vista mail