pop3 & imap radical slowdown
Posted:
Mon Aug 19, 2002 4:18 pmby truhla
this happens only if grsec_stealth_rst flag is set...
but, the other machine i am running linux + grsec on, this happens not.
is this a programming issue, or ?
Posted:
Tue Aug 20, 2002 4:34 amby torne
Do you mean an IMAP/POP server running on your machine, or that you're connecting to IMAP/POP servers from your machine? If the latter, the first thing to check is whether the server is trying to query your identd. If you don't have an identd server running and you're running in stealth mode, it will take anything up to a minute or two to log in to a service which checks for it (some servers, IRC..etc) because your machine is ignoring the connections on port 113.
If that's not the problem, then you'll have to wait for someone else to come along with a suggestion, but that was why my machine took several minutes to log in to IRC. I fixed it by changing my firewall rules to explicitly reject connections to the ports that the server was querying with a TCP RST (the server in question was doing open proxy checks as well as identd).
Torne
Posted:
Wed Aug 21, 2002 9:17 amby spender
Also, update your version of grsecurity. the stealth networking options were converted to a netfilter module months ago.
-Brad