Auth service and Firewall

Auth service and Firewall

Post by Malwar » Mon, 18 Oct 1999 04:00:00



Hi Mark,


> What is the appropriate action to take when a firewall receives an
> authority (port 113) request? Right now I have my firewall accepting
> them, but I seem to recall reading someplace that you should REJECT
> them.

Accepting them is ok usally. Problems arrise if you are masquerading
clients behind the firewall. You then will need an identd which does
forward requests for masqueraded connections. If not sometimes
connections of clients will be rufesed because they seems to be spoofed.

If you decide you don't want to offer this service it's best to REJECT
the packets rather than to DENY them. Because later does cause the
client (actually the server you or a client behind your firewall did
contact) to wait for an timeout.

Malware

 
 
 

1. Firewall Service/Winsock Redirector Service alternatives on Linux?

Hey all,

Been searching ages for this and can't seem to find anything so I
suspect the answer is no but thought I might as well check since most
of what I found wasn't relevant.

I'm looking to replicate the 'Firewall service' in (MS) ISA server or
'Winsock Redirector service' found in Wingate. As you may know, these
are quite similar. Basically, they are proxies which have clients
(Firewall client/Wingate Internet client) which replace the winsock
DLLs on client computers and transparently redirect traffic as
necessary. What I'm looking for should either have it's own client for
Windows XP or if it uses one of the existing ones it might also work
although there might be legal issues.

I know of course about IP Masquerading (NAT) and socks proxies and
intend to use them. But I prefer the winsock redirector as my primary
method of access. I currently use Wingate and do sometimes use ENS
(NAT) and socks. I'm planning to move to Linux for my router (sharing
a modem connection with 3 computers) but although Qbik has been saying
they're going to deliver a Linux version of Wingate for ages, they
haven't yet.

If you're wondering what I like about the Winsock redirector is that
it's transparent and it works great for incoming and outgoing most of
the time. Of course, it does sometimes have problems. But that's
simply handled by telling WGIC to give the app local access only so it
uses ENS (NAT). Or alternatively, I can use socks. Either way, I
usually don't have to worry about port forwarding no matter what P2P
app I'm using. I use all sorts of stuff, games, many diff P2P apps etc
at various times so it can be a hassle if I have to rely on the app
supporting socks or set up port forwarding for each one when they need
(or prefer) incoming. And of course, NAT, while great for most apps
which don't need incoming, does have a few problems with somethings
sometimes so it's good to have the winsock redirector, at least as a
backup.

If there really is nothing I might have to just bite it but do hope
there is some Linux alternative.

Thanks all

2. Does Linux (x86) support ECC memory?

3. Client for 'identd' (auth service) Access???

4. installing on P90 + 1G HD

5. disabling auth service

6. port forwarding for kernel 2.2.9

7. www inetd[52]: auth/tcp server failing (looping), service terminated

8. P6 server available?

9. setup qmail's smtpd service auth?

10. Auth Service port 113?

11. Solaris 8 and iPlanet 5 DS ...Will it work successfully as Naming/Auth service

12. Matrox Mystique ands X.

13. Auth Service