Security Incidents mailing list archives
Re: Port 113 requests?
From: Valdis.Kletnieks () vt edu
Date: Thu, 06 Dec 2001 16:31:34 -0500
On Thu, 06 Dec 2001 13:51:33 MST, "Slighter, Tim" <tslighter () itc nrcs usda gov> said:
you really should try and specify that the rule "drops" instead of reject so that the potential intruder is not provided with any information about their attempted connection.
On the other hand, you have to contrast "potential intruder" with "normal operations". The intruders are (by and large) few and far between compared to the "normal operations" for some things. I don't even want to *think* about how many inbound packets our Listserv gets per day on port 113 from Sendmails that are configured to AUTH-query their inbound connections. If you *reject*, you send an ICMP Port Unreachable, and the other end gives up immediately. If you drop silently, they get to retransmit their SYN packet again a few times first. If it's a packet that a *lot* of things do (like AUTH - there's a large number of Sendmail/Tcp-Wrapper/etc out there that have been set up to do a port 113 lookup back by default), you may want to reject just so they know they can give up and continue on whatever regularly scheduled service was in progress. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Re: Port 113 requests?, (continued)
- Re: Port 113 requests? Crist J . Clark (Dec 07)
- Re: Port 113 requests? Greg A. Woods (Dec 07)
- Re: Port 113 requests? Paul Cardon (Dec 07)
- Re: Port 113 requests? Mike Meredith (Dec 07)
- RE: Port 113 requests? Tony Gale (Dec 07)
- Re: Port 113 requests? Florian Weimer (Dec 07)
- Re: Port 113 requests? Alexander Bochmann (Dec 07)
- Re: Port 113 requests? Patrick Patterson (Dec 07)
- Re: Port 113 requests? Paul Gear (Dec 07)
- Thread "Port 113 requests?" Mario van Velzen (Dec 07)
- Re: Port 113 requests? Valdis . Kletnieks (Dec 09)
- Re: Port 113 requests? Crist J . Clark (Dec 07)
- RE: Port 113 requests? Chris Keladis (Dec 07)
- RE: Port 113 requests? Jose Nazario (Dec 07)
- RE: Port 113 requests? Steve Stearns (Dec 07)
- RE: Port 113 requests? Jose Nazario (Dec 07)
- RE: Port 113 requests? Brian Cervenka (Dec 07)