Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Port 113 requests?

From: Florian Weimer <Florian.Weimer () RUS Uni-Stuttgart DE>
Date: 07 Dec 2001 18:45:35 +0100
"Slighter, Tim" <tslighter () itc nrcs usda gov> writes:


From: Chris Wilkes [mailto:cwilkes () ladro com]



In my firewall I've setup this rule to handle these requests:
     -p tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable

In short, nothing to be concerned about.



you really should try and specify that the rule "drops" instead of reject so
that the potential intruder is not provided with any information about their
attempted connection.


This is completely misguided advice.  Following it results in
substantially increased delays when delivering SMTP mail to those
hosts which perform identd lookups before accepting mail.

-- 
Florian Weimer                    Florian.Weimer () RUS Uni-Stuttgart DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: