[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Ident revisited
From:       mcwilkin () twcable ! com
Date:       1997-01-31 13:42:44
[Download RAW message or body]

Hi all-

I have a question re: ident. We have a strange problem. We drop
all ident requests inbound silently at the firewall.

First, we are running Solstice Firewall-1 2.1 on a Sparc 10 with
Solaris 2.5

There is a site our users need to access but they can't. After we
watched the packets we saw ident come in and we block it. But,
instead of timing out and allowing us access, it closed our conn-
ection!

So,  I figured that they might have it configured to require some
sort of response.

Here is where I get lost.

I tried it from our internal name server and it timed out... But in-
stead of sending FIN to close the connection it let us in.

This is the only internal machine that can access that site. So, if
we are dropping ident on the floor and(if) they require it... Why
does this one work and all the others don't.

This internal machine doesn't even run ident or service port 113
but that doesn;t matter since ident doesn;t even reach it!

I really don't think they are requiring a response. 

It almost seems like the firewall is doing this.  I didn't configure
the firewall so I am not familiar with it...

But, if someone can give me a place to look or something to try
it would be appreciated.

Also, since we have an internal/external DNS setup we have a *
PTR on our external name server for reverse lookups.

Mike
Michael C. Wilkinson
Time Warner Cable-IS
mcwilkin@twcable.com

[prev in list] [next in list] [prev in thread] [next in thread]