Re: Is port 37 safe to let out?

From: Mikhail Zotov (muxaul_at_lenta.ru)
Date: 06/08/05

• Next message: Spyro: "Re: New Security Distro site"
• Previous message: C. P.: "end of linux-nightmares ... approachable"
• In reply to: Menno Duursma: "Re: Is port 37 safe to let out?"
• Next in thread: Menno Duursma: "Re: Is port 37 safe to let out?"
• Reply: Menno Duursma: "Re: Is port 37 safe to let out?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 8 Jun 2005 07:52:13 -0700

Menno Duursma wrote:
> On Mon, 06 Jun 2005 20:54:30 -0700, Mikhail Zotov wrote:
> > Menno Duursma wrote:
> >> On Sun, 05 Jun 2005 21:41:41 -0700, Anthony Ewell wrote:
> Apperently some box behind it your firewall wants to know how the clock is
> set on some outsite host for some reason. And trys to use the RFC868 Time
> Protocol to do so. Better to just sync one or two server boxen to
> pool.ntp.org or something, and have them provide "time" services for LAN
> connected machines.
>
> Who knows: maybe it's actually an attempt of one of your users/machines to
> create/get a tunnel through your firewall.
>
> >> Unless you are on a LAN and have some box setup with ntpd (or a cron
> >> job running "ntpdate") which provides "time" broadcasts
>
> s/broadcasts/services/
>
> Sorry this may well be incorrect (although Google tells there are Time
> implementations which can send/recive broadcasts, i don't see it in the
> RFC.) But i might have been thinking BSD TSP (time synchronization
> protocol) here. Which uses UDP port 525 instead:
> http://www.linuxvalley.it/encyclopedia/ldp/manpage/man8/timed.8.php
>
> My bad.
>
> Thanks for pointing out my error Mikhail.

No, Menno, I didn't point an error. :-)

I just noticed that your brief comments seemingly contradict
to what I read in the ntp docs earlier. Thus I became unsure in
my understanding of the issue and asked you to clarify it. :-)

BTW, your post of running two instances of sshd is published:

http://slackworld.berlios.de/02/tips.html#menno

Thanks!

Mikhail

---

• Next message: Spyro: "Re: New Security Distro site"
• Previous message: C. P.: "end of linux-nightmares ... approachable"
• In reply to: Menno Duursma: "Re: Is port 37 safe to let out?"
• Next in thread: Menno Duursma: "Re: Is port 37 safe to let out?"
• Reply: Menno Duursma: "Re: Is port 37 safe to let out?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [fw-wiz] UNSUBSCRIBE ... (Paul D. Robertson) ... > fixup protocol icmp error ... >> isn't about the security properties of the control, ... errors in the firewall, configuration errors, and it then takes physical ... (Firewall-Wizards) Re: [fw-wiz] Secure Computing Sidewinder? ... We are moving off Sidewinder G2 solely because of the price. ... There are many different approaches to designing a firewall, ... thorough than most other "application proxy" firewalls, ... packet, tear it apart, inspects it, and then depending on the protocol it ... (Firewall-Wizards) Re: Natted IP ... > useful if one trys to tunnel an exploit of one protocol inside a second ... but the router "firewall" will block all unsolicited packets unles they are ... If you send some kind of tunneled packet wrapped inside, ... > run only with JS enabled with Java applets disabled. ... (alt.computer.security) Re: Ports getting hammered? ... >>> If your Watchguard can't stop outbound traffic... ... >>> Would not the Windows XP firewall do exactly the same work? ... >> protocol analysis to see if protocols are being broken only a IDS ... > permitted ports and protocols. ... (comp.security.firewalls) Firewall that blocks NetBEUI etc. ... Personal firewall functionality is mostly oriented toward TCP/IP protocol. ... I have NT4WKS and we have advanced Microsoft network - they have some tool ... I have tried to audit them with netstat or TCPview to see all network ... (comp.security.firewalls)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)