RE: Port question



Closing port 113 is a good trade-off between security and
performance.

For historical reasons, generally when a client connects to
an email server via POP to download their email, the server
attempts to connect back to them on port 113. I believe this
service was intended for the case where the user is one of
several sharing a multi-user machine, but I'm not certain about
that.
The thing is that >98% of modern client machines will ignore
this connection attempt. The email server will wait for anywhere
between 30 seconds and 5 minutes for an answer, and then will
continue the download session and deliver the requested email.

ShieldsUp is complaining because it got an RST ("reset") packet
back from that port; the firewall, instead of silently dropping
the SYN packet for that port, has explicitly rejected the
connection. The bad side of this is that the firewall has, by
doing this, revealed its presence; the good side is that the
email server will stop waiting at that point and so the user's
email will download promptly instead of waiting for that connection
to time out first.

This configuration is sufficiently common that I would not take
that "failed" score seriously.

David Gillett


-----Original Message-----
From: Ken Pryor [mailto:kdpryor@xxxxxxxxx]
Sent: Wednesday, June 24, 2009 8:39 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Port question

Hello all, I just joined the list and this is my first post
to it.  I am a networking noob and am not sure if this is
something I should worry about or not.  I just set up a
Smoothwall Express firewall and later ran a Shields Up scan
at grc. com  It showed all ports as stealth except one, port
113, which it showed as closed.  Shields Up gave my system a
"failed" score based on that one port showing as closed.  My
question is, is this anything I need to worry about and, if
so, how might I fix it?
Thanks to all who offer their knowledge and help to those of
us just getting started.
Ken Pryor

--------------------------------------------------------------
----------
Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who
needs an SSL certificate. We look at how SSL works, how it
benefits your company and how your customers can tell if a
site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache
web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management
of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;
e13b6be442f727d1
--------------------------------------------------------------
----------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: Port question
    ... an email server via POP to download their email, ... attempts to connect back to them on port 113. ... The email server will wait for anywhere ... install and use a thawte Digital Certificate on your Apache ...
    (Security-Basics)
  • RE: port scanner query
    ... Subject: port scanner query ... You can also login to Metasploit configure the DB and then run nmap. ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • RE: RDP over the internet
    ... that port 3389 has seen a dramatic increase in attacks. ... This can be solved by installing a valid certificate on the server and workstations, then configuring TS to require mandatory authentication. ... "Don't leave port 3389 open on the Internet at all, ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • sonicwall problem with port forwarding
    ... I'm trying to forward port 800 from the net to a local ip in my network. ... server looking on port 800 and the sonicwall seems to be set up properly. ... can connect fine to the kero email server locally. ...
    (comp.security.firewalls)
  • Re: Firewall question
    ... >>So that means when we send an email out, our email server will use port ... I don't suppose that your mail server is ...
    (comp.security.firewalls)