Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: David Woolley on September 04, 2002, 08:44:17 PM
-
Hi Bill Talcott et all
I'm still looking for pointers to some information about the ident probing that e-smith does.
For example, I must open port 113 on my client router when handshaking an ftp connection into my remote e-smith server or else I must wait for a 20-30 second timeout.
I don't understand why e-smith probes this port. Other sites - like ftp.redhat.com - don't probe my port 113 and I am authenticated immediately.
What information is gained during the probe? Can I / Is it a good idea to disable the probing?
If I can keep port 113 on my client stealthed then I am more secure, right?
Many thanks
David
-
I don't know much about the technical aspects of it, but ident is required by some services (mostly IRC). It's a server-side decision, so even if you disable it for your SME's FTP server, you could still run into it in other places. It's also used for the SME's mail server, which is where I "discovered" the issue.
The SME itself will answer ident requests. See http://www.e-smith.org/bboard//read.php?f=3&i=18519&t=18519 on how to masq the requests to the individual PCs on the LAN... From a completely outside location, do the RedHat FTP and your SME FTP behave differently? Or are you comparing a remote SME connection and a through-the-SME connection to the RH FTP (which the SME might be answering)?
I have seen a few threads here with info on disabling ident, if that's the way you want to go. But at the same time, it seems like you could very easily run into the same thing elsewhere...
-
David Woolley wrote:
> For example, I must open port 113 on my client router when
> handshaking an ftp connection into my remote e-smith server
> or else I must wait for a 20-30 second timeout.
What version are you using? Xinetd used to log ident information for all connects, but you'll find this in the changelog for e-smith-base as shipped with version 5.5:
* Fri Apr 19 2002 Michael Schwern
- [4.9.63-01]
...
- Removed USERID logging from xinetd.conf [markk 3125]
Charlie
-
Bill Talcott wrote:
>
>.. From a completely outside location, do the RedHat FTP
> and your SME FTP behave differently? Or are you comparing a
> remote SME connection and a through-the-SME connection to the
> RH FTP (which the SME might be answering)?
>
> I have seen a few threads here with info on disabling ident,
> if that's the way you want to go. But at the same time, it
> seems like you could very easily run into the same thing
> elsewhere...
Thanks, Bill,
Yes, I was connecting into RedHat FTP and the SME both from across the internet. The SME was 50 miles away.
Whilst tracing the difficulty, I watched the security log of my router drop packets sent by the SME into port 113. No packets were received from RedHat. During this wait, my FTP client reported "Socket connected waiting for login sequence."
Will read your linked document. Thanks
David
-
Charlie Brady wrote:
>
> What version are you using?
DW> 5.1.2 update2
>Xinetd used to log ident
> information for all connects, but you'll find this in the
> changelog for e-smith-base as shipped with version 5.5:
>
> * Fri Apr 19 2002 Michael Schwern
>
> - [4.9.63-01]
> ...
> - Removed USERID logging from xinetd.conf [markk 3125]
>
> Charlie
DW> Are you saying I should consider changing to v5.5?
Many thanks
David
-
David Woolley wrote:
> DW> Are you saying I should consider changing to v5.5?
Yes.
Charlie