Security Incidents mailing list archives
RE: Port 113 requests?
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Thu, 6 Dec 2001 13:51:33 -0700
you really should try and specify that the rule "drops" instead of reject so that the potential intruder is not provided with any information about their attempted connection. -----Original Message----- From: Chris Wilkes [mailto:cwilkes () ladro com] Sent: Thursday, December 06, 2001 1:05 PM To: incidents () securityfocus com Subject: Re: Port 113 requests? On Thu, Dec 06, 2001 at 01:51:57PM -0500, Michael Ward wrote:
I have been receiving the following entries at my firewall for since noon US Eastern Time (-5:00) on 12/4/01. They have been coming every 15 minutes since then. I notified the owner of the IP's and he hasn't responded yet. 12/04/2001 11:59:30.336 - TCP connection dropped - Source:mail.domain-i-edited.com, 40454, WAN - Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
Its the SMTP AUTH protocol where a mail server tries to do an authenication check on who is sending it mail. I've turned this off on my mail server as it really doesn't do any good. I think some IRC servers use this feature. In my firewall I've setup this rule to handle these requests: -p tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable In short, nothing to be concerned about. Chris ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Port 113 requests? Michael Ward (Dec 06)
- Re: Port 113 requests? Chris Wilkes (Dec 06)
- Re: Port 113 requests? Ryan Russell (Dec 06)
- Re: Port 113 requests? Helmut Springer (Dec 07)
- Re: Port 113 requests? Valdis . Kletnieks (Dec 07)
- Re: Port 113 requests? Ryan Russell (Dec 07)
- <Possible follow-ups>
- RE: Port 113 requests? Slighter, Tim (Dec 06)
- RE: Port 113 requests? Ryan McDonnell (Dec 07)
- RE: Port 113 requests? Andrew Leonard (Dec 07)
- RE: Port 113 requests? Todd Suiter (Dec 07)
- Re: Port 113 requests? Helmut Springer (Dec 07)
- Re: Port 113 requests? Crist J . Clark (Dec 07)
- Re: Port 113 requests? Greg A. Woods (Dec 07)
- Re: Port 113 requests? Paul Cardon (Dec 07)
- Re: Port 113 requests? Mike Meredith (Dec 07)
- RE: Port 113 requests? Tony Gale (Dec 07)
- Re: Port 113 requests? Florian Weimer (Dec 07)
(Thread continues...)