Our experience with port 113, the AUTH port, is that peak performance is
maintained with it allowed through the firewall. This does not mean the
AUTH service has to be running.
Let me explain.
If you block the AUTH port, the client requesting AUTH info from an inside
host will not receive any response and may wait for many minutes before
action is taken. Some telnet daemons make AUTH requests to find out
information on attempted accesses. It may make telneting out of your
network to other machines appear to fail while the AUTH request goes
unanswered. This goes for other inetd processes too.
A solution to this involves letting the port 113 through your firewall.
Then what happens is an AUTH request hits your inside machine and
immediately receives one of two things:
1- an answer from a running AUTH daemon
2- service not available.
Either way, the answer is immediate and may make your connections to
ourside resources faster.
If I made the decisions, I would not have daemons asking questions on the
AUTH port, but verily, that is the way of the world.
John Huggins
On Wed, 8 Dec 1999, Joakim von Braun wrote:
>->> Can anyone explain to me if exist any attack using port 113/tcp ????
>->>
>->> I had seen some packets Deny in my logs, incoming from
>->> various IP address.
>->
>-
>->
>->That being said, port 113 is useless and should be
>->blocked. .....
>-
>->~Patrick
>->
>->-
>-
>-In addition port 113 is used by the chat trojan "Kazimas". It�s not common
>-at all, just another argument to block the port.
>-
>-Joakim
>-
>-
>-
>-Joakim von Braun phone +46-(0)709-56 16 42
>-von Braun Consultants
>-Kristinehovsgatan 14
>-SE-117 29 Stockholm, SWEDEN
>-
>-
>--
>-[To unsubscribe, send mail to [EMAIL PROTECTED] with
>-"unsubscribe firewalls" in the body of the message.]
>-
**************************************
John Huggins
Virginia Net Corporation
P.O. Box 5310
Springfield, VA 22150
703-912-6214
703-912-4831 fax
[EMAIL PROTECTED]
http://www.va.net/
**************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
