On Fri, Oct 26, 2007 at 09:30:11 -0600, "Ashley M. Kirchner" <ashley@xxxxxxxxxx> wrote: > Bruno Wolff III wrote: > >Dropping packets from the ident port can potentially cause problems. > >Sometimes > >servers will check back there to get a user id (this goes back to when > >people > >mostly shared computers, it is pretty pointless today) and if you drop > >packets > >things may stall until the connection times out rather than giving up > >immediately after being told ident isn't available. > > > One of the first things that I always shut off, since the days of > RH5, was the ident daemon and later on the port itself. I don't care to > use it, I've never had problems not running it and I don't see any > reason why I should either. I don't think this would be a problem > either, but then maybe you'll prove me wrong. The problem isn't not running it; the problem is just dropping packets sent to it. If the packets are dropped the other end will wait for a timeout (something on the order of 2 minutes) before giving up on the connection (and in some cases it may retry this process several times). If the application (e.g. email, irc) doesn't let you use it until after it has given up on getting ident information, this can be really annoying. So there is a reason one might want to sent a reject to connection attempts on the ident port, rather than just dropping packets. This can result in an application giving up on ident in much less time, than if the packets were just getting dropped.
