Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Port 113 requests?

From: Tony Gale <gale () syntax dstl gov uk>
Date: 07 Dec 2001 09:45:09 +0000

Normally I'd agree, but auth (113) is a special case due to how it is
used. As previously stated certain mail systems will try an auth
connection. Also, certain eBanking systems will do the same. Simply
dropping these connection will result in these services not working
correctly. So, you should either send a RST or ICMP unreachable.

-tony


On Thu, 2001-12-06 at 20:51, Slighter, Tim wrote:

you really should try and specify that the rule "drops" instead of reject so
that the potential intruder is not provided with any information about their
attempted connection.





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: