Security Incidents mailing list archives
Re: Port 113 requests?
From: Paul Cardon <"paul{no spam}"@moquijo.com>
Date: Thu, 06 Dec 2001 23:25:28 -0500
Slighter, Tim wrote:
you really should try and specify that the rule "drops" instead of reject so that the potential intruder is not provided with any information about their attempted connection.
tcp 113 (auth) is a common exception because of performance issues with legitimate traffic. Suppose you have a mail relay that sends out a large volume of SMTP e-mail on behalf of users in your organization. If you drop all of the auth requests coming back to your mail relay from servers to which you are delivering outbound mail, each of those connections must wait for the auth attempt to timeout before the mail can be delivered. If you send a reject, the auth fails immediately and the SMTP connection will complete in a timely fashion.
True, it is a workaround for what is in my opinion a completely useless protocol. The right fix is to go and rebuild all those versions of sendmail that have it enabled by default. Unfortunately, if you don't use a reject policy and you do send large volumes of outbound e-mail you may find that the mail relay is taking a significant performance hit.
-paul ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Port 113 requests?, (continued)
- Re: Port 113 requests? Helmut Springer (Dec 07)
- Re: Port 113 requests? Valdis . Kletnieks (Dec 07)
- Re: Port 113 requests? Ryan Russell (Dec 07)
- RE: Port 113 requests? Slighter, Tim (Dec 06)
- RE: Port 113 requests? Ryan McDonnell (Dec 07)
- RE: Port 113 requests? Andrew Leonard (Dec 07)
- RE: Port 113 requests? Todd Suiter (Dec 07)
- Re: Port 113 requests? Helmut Springer (Dec 07)
- Re: Port 113 requests? Crist J . Clark (Dec 07)
- Re: Port 113 requests? Greg A. Woods (Dec 07)
- Re: Port 113 requests? Paul Cardon (Dec 07)
- Re: Port 113 requests? Mike Meredith (Dec 07)
- RE: Port 113 requests? Tony Gale (Dec 07)
- Re: Port 113 requests? Florian Weimer (Dec 07)
- Re: Port 113 requests? Alexander Bochmann (Dec 07)
- Re: Port 113 requests? Patrick Patterson (Dec 07)
- Re: Port 113 requests? Paul Gear (Dec 07)
- Thread "Port 113 requests?" Mario van Velzen (Dec 07)
- Re: Port 113 requests? Valdis . Kletnieks (Dec 09)
- RE: Port 113 requests? Chris Keladis (Dec 07)
- RE: Port 113 requests? Jose Nazario (Dec 07)
(Thread continues...)