Security Basics mailing list archives
Re: Port question
From: Patrick J Kobly <patrick () kobly com>
Date: Thu, 25 Jun 2009 09:33:47 -0600
The protocol that is typically listening on 113 is identd. It is defined in RFC1413 http://tools.ietf.org/html/rfc1413 It allows a particular node to assert the local username of the user that owns a particular connection. While this may have been moderately useful some time ago, it is of dubious (or no) value now. I haven't seen POP servers use ident in a while, but regularly see IRC servers do so - and in that case the problem is exactly as David describes. PK David Gillett wrote:
Closing port 113 is a good trade-off between security and performance. For historical reasons, generally when a client connects to an email server via POP to download their email, the server attempts to connect back to them on port 113. I believe this service was intended for the case where the user is one of several sharing a multi-user machine, but I'm not certain about that. The thing is that >98% of modern client machines will ignore this connection attempt. The email server will wait for anywhere between 30 seconds and 5 minutes for an answer, and then will continue the download session and deliver the requested email. ShieldsUp is complaining because it got an RST ("reset") packet back from that port; the firewall, instead of silently dropping the SYN packet for that port, has explicitly rejected the connection. The bad side of this is that the firewall has, by doing this, revealed its presence; the good side is that the email server will stop waiting at that point and so the user's email will download promptly instead of waiting for that connection to time out first. This configuration is sufficiently common that I would not take that "failed" score seriously. David Gillett-----Original Message----- From: Ken Pryor [mailto:kdpryor () gmail com] Sent: Wednesday, June 24, 2009 8:39 AM To: security-basics () securityfocus com Subject: Port question Hello all, I just joined the list and this is my first post to it. I am a networking noob and am not sure if this is something I should worry about or not. I just set up a Smoothwall Express firewall and later ran a Shields Up scan at grc. com It showed all ports as stealth except one, port 113, which it showed as closed. Shields Up gave my system a "failed" score based on that one port showing as closed. My question is, is this anything I need to worry about and, if so, how might I fix it? Thanks to all who offer their knowledge and help to those of us just getting started. Ken Pryor -------------------------------------------------------------- ---------- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946; e13b6be442f727d1 -------------------------------------------------------------- ---------------------------------------------------------------------------------- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
-- Patrick Kobly, CISSP T: 403-274-9033 C: 403-463-6141 F: 866-786-9459 56 388 Sandarac Dr NW Calgary, Alberta T3K 4E3 http://www.kobly.com
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Port question Ken Pryor (Jun 24)
- RE: Port question David Gillett (Jun 25)
- Re: Port question Patrick J Kobly (Jun 29)
- Re: Port question Ansgar Wiechers (Jun 25)
- Re: Port question Marco Shaw (Jun 29)
- Re: Port question Ansgar Wiechers (Jun 29)
- RE: Port question Murda Mcloud (Jun 29)
- Re: Port question Ansgar Wiechers (Jun 29)
- Re: Port question Marco Shaw (Jun 29)
- Re: Port question Meenal Mukadam (Jun 25)
- Re: Port question Charlie Clark (Jun 29)
- Re: Port question Marco Shaw (Jun 25)
- RE: Port question Murda Mcloud (Jun 25)
- Re: Port question Ken Pryor (Jun 25)
(Thread continues...)
- RE: Port question David Gillett (Jun 25)