RE: Port 113 requests?

From: Tony Gale (gale@syntax.dstl.gov.uk)
Date: 12/07/01


From: Tony Gale <gale@syntax.dstl.gov.uk>
To: "Slighter, Tim" <tslighter@itc.nrcs.usda.gov>
Date: 07 Dec 2001 09:45:09 +0000


Normally I'd agree, but auth (113) is a special case due to how it is
used. As previously stated certain mail systems will try an auth
connection. Also, certain eBanking systems will do the same. Simply
dropping these connection will result in these services not working
correctly. So, you should either send a RST or ICMP unreachable.

-tony

On Thu, 2001-12-06 at 20:51, Slighter, Tim wrote:
> you really should try and specify that the rule "drops" instead of reject so
> that the potential intruder is not provided with any information about their
> attempted connection.
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: Why is command line ftp failing?
    ... >remote server and the ... >connection perpetually fails. ... >504 AUTH GSSAPI unsupported ... Note that you do have the opportunity to login! ...
    (comp.os.linux.networking)
  • Re: Automatic email relay agent?
    ... > Connection closed by foreign host. ... That is exactly what is to be expected: STARTTLS is offered, but no AUTH ... - just because you told Sendmail to only offer LOGIN and PLAIN AUTH ... That must be answered by Sendmail with a authentication success message. ...
    (Fedora)
  • Re: Port 113 requests?
    ... you drop all of the auth requests coming back to your mail relay from ... servers to which you are delivering outbound mail, ... the SMTP connection will complete in a timely fashion. ...
    (Incidents)
  • Re: Migrating from wvdial to ppp
    ... And now you cancel the previous auth? ... Remove both the auth and noauth ... and close connection with: `C-c'. ... I would say killall pppd is cleaner and does not ...
    (comp.protocols.ppp)
  • Re: encrypted file sharing bsd<-->winxp/2k3
    ... > windows-clients having the whole connection (auth and ... > it should be possible to map the share as a nw-drive. ...
    (freebsd-questions)