RE: Port 113 requests?
From: Slighter, Tim (tslighter@itc.nrcs.usda.gov)Date: 12/06/01
- Previous message: Ryan Russell: "Re: Port 113 requests?"
- Maybe in reply to: Michael Ward: "Port 113 requests?"
- Next in thread: Ryan McDonnell: "RE: Port 113 requests?"
- Reply: Ryan McDonnell: "RE: Port 113 requests?"
- Reply: Andrew Leonard: "RE: Port 113 requests?"
- Reply: Crist J . Clark: "Re: Port 113 requests?"
- Reply: Paul Cardon: "Re: Port 113 requests?"
- Reply: Mike Meredith: "Re: Port 113 requests?"
- Reply: Tony Gale: "RE: Port 113 requests?"
- Reply: Florian Weimer: "Re: Port 113 requests?"
- Reply: Alexander Bochmann: "Re: Port 113 requests?"
- Reply: Patrick Patterson: "Re: Port 113 requests?"
- Reply: Paul Gear: "Re: Port 113 requests?"
- Reply: Valdis.Kletnieks@vt.edu: "Re: Port 113 requests?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Slighter, Tim" <tslighter@itc.nrcs.usda.gov> To: incidents@securityfocus.com Date: Thu, 6 Dec 2001 13:51:33 -0700
you really should try and specify that the rule "drops" instead of reject so
that the potential intruder is not provided with any information about their
attempted connection.
-----Original Message-----
From: Chris Wilkes [mailto:cwilkes@ladro.com]
Sent: Thursday, December 06, 2001 1:05 PM
To: incidents@securityfocus.com
Subject: Re: Port 113 requests?
On Thu, Dec 06, 2001 at 01:51:57PM -0500, Michael Ward wrote:
> I have been receiving the following entries at my firewall for since
> noon US Eastern Time (-5:00) on 12/4/01.
>
> They have been coming every 15 minutes since then. I notified the owner
> of the IP's and he hasn't responded yet.
>
> 12/04/2001 11:59:30.336 - TCP connection dropped -
> Source:mail.domain-i-edited.com, 40454, WAN -
> Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
Its the SMTP AUTH protocol where a mail server tries to do an
authenication check on who is sending it mail. I've turned this off on
my mail server as it really doesn't do any good. I think some IRC
servers use this feature.
In my firewall I've setup this rule to handle these requests:
-p tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
In short, nothing to be concerned about.
Chris
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Ryan Russell: "Re: Port 113 requests?"
- Maybe in reply to: Michael Ward: "Port 113 requests?"
- Next in thread: Ryan McDonnell: "RE: Port 113 requests?"
- Reply: Ryan McDonnell: "RE: Port 113 requests?"
- Reply: Andrew Leonard: "RE: Port 113 requests?"
- Reply: Crist J . Clark: "Re: Port 113 requests?"
- Reply: Paul Cardon: "Re: Port 113 requests?"
- Reply: Mike Meredith: "Re: Port 113 requests?"
- Reply: Tony Gale: "RE: Port 113 requests?"
- Reply: Florian Weimer: "Re: Port 113 requests?"
- Reply: Alexander Bochmann: "Re: Port 113 requests?"
- Reply: Patrick Patterson: "Re: Port 113 requests?"
- Reply: Paul Gear: "Re: Port 113 requests?"
- Reply: Valdis.Kletnieks@vt.edu: "Re: Port 113 requests?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
