Re: [leaf-user] Thanks for the pointers on testing security. One more question . . .

Wed, 22 Dec 2004 08:12:06 -0800 

At 11:40 PM 12/21/2004 -0800, Terry Erickson wrote:

Interestingly enough, I found that my port 113 appeared to be "closed"
while all other ports I tested (up to 1056) using the "Shields Up"
program seemed invisible.

I added a rule in /etc/shorewall/rules
DROP   net    fw        tcp     113
then the port showed up as "stealthed". Ahh,

----Why did I have to do that?  ---

While looking for the answer to that question I learned a little about
port 113.
auth or  ident if I'm not mistaken is what it's called and it's
vestigial. I sort of recall reading about why it is "closed" on some
routers. . . . Apparently some servers, like some mail servers, upon
receiving a request on the mail port send a "auth" or "ident" request on
the auth port and will wait until it's replied to or rejected, or times
out before fulfilling the original request.

[old stuff deleted]

Yes, this is it, exactly, and SMTP is the service involved.

If you DROP the traffic, these servers will wait 3 minutes to time out before proceeding with the transaction.

Even if you REJECT the traffic, they will sometimes wait 3 minutes. (I forget the details, though I once knew them ... this goes back to the days before LEAF, when we worked with the actual LRP site, so isn't in the archive ... but it has something to do with whether the REJECT involves an icmp or a udp notification.)

If you ACCEPT the traffic, but do not run in auth (identd) server on the port, then a "Connection refused" message is sent promptly and there is (usually) no delay.

I don't know if this is a "ventigal" issue or not ... there may still be legacy setups around that do this test, or, for all I know, completely modern ones. If you start to see problems with mail, suspect this.




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to