Re: Port 113 requests?

From: Florian Weimer (Florian.Weimer@RUS.Uni-Stuttgart.DE)
Date: 12/07/01


To: INCIDENTS@securityfocus.com
From: Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>
Date: 07 Dec 2001 18:45:35 +0100


"Slighter, Tim" <tslighter@itc.nrcs.usda.gov> writes:

> From: Chris Wilkes [mailto:cwilkes@ladro.com]

>> In my firewall I've setup this rule to handle these requests:
>> -p tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
>>
>> In short, nothing to be concerned about.

> you really should try and specify that the rule "drops" instead of reject so
> that the potential intruder is not provided with any information about their
> attempted connection.

This is completely misguided advice. Following it results in
substantially increased delays when delivering SMTP mail to those
hosts which perform identd lookups before accepting mail.

-- 
Florian Weimer 	                  Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: Port 113 requests?
    ... > that the potential intruder is not provided with any information about their ... > attempted connection. ... ...except that Ryan Russell just explained why this is a ... For more information on this free incident handling, management ...
    (Incidents)
  • Re: Port 113 requests?
    ... "Slighter, Tim" wrote: ... > that the potential intruder is not provided with any information about their ... > attempted connection. ... Make sure to change the sendmail configuration to disable ident lookups before ...
    (Incidents)
  • RE: Port 113 requests?
    ... > that the potential intruder is not provided with any information about ... > attempted connection. ... In this case (SMTP AUTH), if you drop instead of reject, you will have to wait ... For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)