|
osdir.com mailing list archive |
|
Subject: RE: windows built in "ident"... - msg#00456List: security.firewalls.m0n0wallof IRC servers) And if we can add a "REJECT" you don't even have to fully allow ident anyway. (Leave out your IRC app as a possibly hackable component) -----Original Message----- From: Mitch (WebCob) [mailto:mitch@xxxxxxxxxx] Sent: Tuesday, December 30, 2003 2:43 AM To: m0n0wall@xxxxxxxxxxxxx Subject: [m0n0wall] windows built in "ident"... this may not be in here yet... maybe it's not easy... but if someone could point me in the right direction that would be a start... Other firewalls support passing requests made by certain applications... zone alarm or black ice for example - and the parts they have integrated with linksys routers... can detect a bogus HTTP request generated by a program OTHER THAN Internet Explorer (like by a virus or a messenger program trying to circumvent the firewall) and shut them down... They are able to detect the NAME of the application initiating the request... I'm thinking this is parallel to identd, but seems to be built into windows... Does anyone know what it's called or where the protocol is defined? Could be an interesting addition... I'd like to poke around in this area, but can't find where to start. Thanks. Thread at a glance:
Previous Message by Date: click to view message previewRE: Possible to reject ident with tcp-reset ?I was looking for this myself. IMO, it looks like instead of just "Block" and "Accept" maybe present "Block" needs to be renamed "Drop" and a new entry should be added, (to hold true to certain unix-world o/s apps) named "Reject." Thanks, Brandon -----Original Message----- From: Mark N. [mailto:mark@xxxxxxxxxxxx] Sent: Tuesday, December 30, 2003 3:10 AM To: m0n0wall@xxxxxxxxxxxxx Subject: [m0n0wall] Possible to reject ident with tcp-reset ? Hi, Is there some way to reject ident requests (with tcp-reset?), so ident requests doesn't have to timeout ? -- Mark Nellemann <mark@xxxxxxxxxxxx> PGP key ID: 0x46961513 - Jabber ID: mark@xxxxxxx Next Message by Date: click to view message previewR: Net45xx image without watchdog> It obviously is enough to kill watchdogd (although I'll > probably remove support for it from the kernel as well) > unless your hardware is somehow broken and the watchdog > cannot be disabled once it has been enabled (works fine for > me though), and as I said, the next release will have > watchdogd removed. Period. > > - Manuel Hi Manuel, I do not agree with you since when I kill the watchdog process the net4511 reboot automatically in a few seconds. It can be broken ... but what watchdogd does is simply to reset an hardware counter, and then when the deamon is not present the counter is not reset and ... Reboot; as happens to me. The port description of watchdogd say exactly what I have asserted, but maybe I'm wrong in something, but look: ------------ from FreeBSD Watchdog port ----------- Watchdog daemon for the AMD Elan sc520 system-on-chip. The watchdogd deamon runs in the background and will reset the hardware watchdog timer of the elan-mmcr/soekris every 16 seconds. If this timer is not reset within 32 seconds thereafter the hardware will reboot. ------------ end ---------------------------------- Let me know what do you think about. - Fabrizio Previous Message by Thread: click to view message previewwindows built in "ident"...this may not be in here yet... maybe it's not easy... but if someone could point me in the right direction that would be a start... Other firewalls support passing requests made by certain applications... zone alarm or black ice for example - and the parts they have integrated with linksys routers... can detect a bogus HTTP request generated by a program OTHER THAN Internet Explorer (like by a virus or a messenger program trying to circumvent the firewall) and shut them down... They are able to detect the NAME of the application initiating the request... I'm thinking this is parallel to identd, but seems to be built into windows... Does anyone know what it's called or where the protocol is defined? Could be an interesting addition... I'd like to poke around in this area, but can't find where to start. Thanks. Next Message by Thread: click to view message previewRe: windows built in "ident"...I use a PERL application that mimics an IDENTd daemon. I then forward all identd requests to that unix server. All my internal clients then can access IRC and other identd based auth systems with no problems. And I don't risk much as the perl script simply replies with what I put in a text file as the ident info, and not a compramizable component on a windows box. Brandon Holland wrote: You can allow IDENT based on certain IP's (say if you use a select group of IRC servers) And if we can add a "REJECT" you don't even have to fully allow ident anyway. (Leave out your IRC app as a possibly hackable component) -----Original Message----- From: Mitch (WebCob) [mailto:mitch@xxxxxxxxxx] Sent: Tuesday, December 30, 2003 2:43 AM To: m0n0wall@xxxxxxxxxxxxx Subject: [m0n0wall] windows built in "ident"... this may not be in here yet... maybe it's not easy... but if someone could point me in the right direction that would be a start... Other firewalls support passing requests made by certain applications... zone alarm or black ice for example - and the parts they have integrated with linksys routers... can detect a bogus HTTP request generated by a program OTHER THAN Internet Explorer (like by a virus or a messenger program trying to circumvent the firewall) and shut them down... They are able to detect the NAME of the application initiating the request... I'm thinking this is parallel to identd, but seems to be built into windows... Does anyone know what it's called or where the protocol is defined? Could be an interesting addition... I'd like to poke around in this area, but can't find where to start. Thanks. --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall-unsubscribe@xxxxxxxxxxxxx For additional commands, e-mail: m0n0wall-help@xxxxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall-unsubscribe@xxxxxxxxxxxxx For additional commands, e-mail: m0n0wall-help@xxxxxxxxxxxxx Loading Comments...
|
|
