iptables: drop or reject?
Bruno Wolff III
bruno at wolff.to
Sun Oct 28 16:52:41 UTC 2007
On Sun, Oct 28, 2007 at 17:27:01 +0900,
John Summerfield <debian at herakles.homelinux.org> wrote:
>
> Anyone who thinks identd provides any security at all wrt computers they
> don't control is ignorant or stupid.
>
> It's trivial to find (or even, at a pinch write/modify one) a fake
> identd that will say anything one chooses; anyone implementing security
> assuming otherwise is trusting the untrustworthy.
>
> Besides that, DOS boxes don't normally have one.
I wasn't advocating running ident, but rather not shooting one's self in the
foot by dropping (as opposed to rejecting) ident packets if you do use services
that try to do ident lookups. This is not the same as advocating actually
running an ident server.
More information about the fedora-list
mailing list