From firewalls-gc  Fri Jan 31 13:42:44 1997
From: mcwilkin () twcable ! com
Date: Fri, 31 Jan 1997 13:42:44 +0000
To: firewalls-gc
Subject: Ident revisited
X-MARC-Message: https://marc.info/?l=firewalls-gc&m=87619440909996

Hi all-

I have a question re: ident. We have a strange problem. We drop
all ident requests inbound silently at the firewall.

First, we are running Solstice Firewall-1 2.1 on a Sparc 10 with
Solaris 2.5

There is a site our users need to access but they can't. After we
watched the packets we saw ident come in and we block it. But,
instead of timing out and allowing us access, it closed our conn-
ection!

So,  I figured that they might have it configured to require some
sort of response.

Here is where I get lost.

I tried it from our internal name server and it timed out... But in-
stead of sending FIN to close the connection it let us in.

This is the only internal machine that can access that site. So, if
we are dropping ident on the floor and(if) they require it... Why
does this one work and all the others don't.

This internal machine doesn't even run ident or service port 113
but that doesn;t matter since ident doesn;t even reach it!

I really don't think they are requiring a response. 

It almost seems like the firewall is doing this.  I didn't configure
the firewall so I am not familiar with it...

But, if someone can give me a place to look or something to try
it would be appreciated.

Also, since we have an internal/external DNS setup we have a *
PTR on our external name server for reverse lookups.

Mike
Michael C. Wilkinson
Time Warner Cable-IS
mcwilkin@twcable.com