Security Basics mailing list archives

Re: Port question

From: Patrick J Kobly <patrick () kobly com>
Date: Thu, 25 Jun 2009 09:33:47 -0600

The protocol that is typically listening on 113 is identd.  It is
defined in RFC1413

http://tools.ietf.org/html/rfc1413

It allows a particular node to assert the local username of the user
that owns a particular connection.  While this may have been moderately
useful some time ago, it is of dubious (or no) value now.

I haven't seen POP servers use ident in a while, but regularly see IRC
servers do so - and in that case the problem is exactly as David describes.

PK

David Gillett wrote:

  Closing port 113 is a good trade-off between security and
performance.

  For historical reasons, generally when a client connects to
an email server via POP to download their email, the server
attempts to connect back to them on port 113.  I believe this 
service was intended for the case where the user is one of 
several sharing a multi-user machine, but I'm not certain about 
that.
  The thing is that >98% of modern client machines will ignore 
this connection attempt.  The email server will wait for anywhere
between 30 seconds and 5 minutes for an answer, and then will 
continue the download session and deliver the requested email.

  ShieldsUp is complaining because it got an RST ("reset") packet
back from that port; the firewall, instead of silently dropping 
the SYN packet for that port, has explicitly rejected the 
connection.  The bad side of this is that the firewall has, by
doing this, revealed its presence; the good side is that the
email server will stop waiting at that point and so the user's
email will download promptly instead of waiting for that connection
to time out first.

  This configuration is sufficiently common that I would not take
that "failed" score seriously.

David Gillett

-----Original Message-----
From: Ken Pryor [mailto:kdpryor () gmail com] 
Sent: Wednesday, June 24, 2009 8:39 AM
To: security-basics () securityfocus com
Subject: Port question

Hello all, I just joined the list and this is my first post 
to it.  I am a networking noob and am not sure if this is 
something I should worry about or not.  I just set up a 
Smoothwall Express firewall and later ran a Shields Up scan 
at grc. com  It showed all ports as stealth except one, port 
113, which it showed as closed.  Shields Up gave my system a 
"failed" score based on that one port showing as closed.  My 
question is, is this anything I need to worry about and, if 
so, how might I fix it?
Thanks to all who offer their knowledge and help to those of 
us just getting started.
Ken Pryor

--------------------------------------------------------------
----------
Securing Apache Web Server with thawte Digital Certificate In 
this guide we examine the importance of Apache-SSL and who 
needs an SSL certificate.  We look at how SSL works, how it 
benefits your company and how your customers can tell if a 
site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache 
web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management 
of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;
e13b6be442f727d1
--------------------------------------------------------------
----------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



-- 

 

Patrick Kobly, CISSP

 

T: 403-274-9033

C: 403-463-6141

F: 866-786-9459

56 388 Sandarac Dr NW
Calgary, Alberta
T3K 4E3
http://www.kobly.com

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Port question Ken Pryor (Jun 24)
- RE: Port question David Gillett (Jun 25)
  - Re: Port question Patrick J Kobly (Jun 29)
- Re: Port question Ansgar Wiechers (Jun 25)
  - Re: Port question Marco Shaw (Jun 29)
    - Re: Port question Ansgar Wiechers (Jun 29)
  - RE: Port question Murda Mcloud (Jun 29)
    - Re: Port question Ansgar Wiechers (Jun 29)
- Re: Port question Meenal Mukadam (Jun 25)
  - Re: Port question Charlie Clark (Jun 29)
- Re: Port question Marco Shaw (Jun 25)
- RE: Port question Murda Mcloud (Jun 25)
  - Re: Port question Ken Pryor (Jun 25)

(Thread continues...)