Re: "Authentication" attempts??

[Chris Ess <azarin () RYOKO MERSEINE NU>]

> Perhaps someone could help me understand this...
>
>       I've been getting this from dozens of machines all accross the
> Internet, aimed at one of my Exchange Server's private (NAT) address, coming
> to port 113.  As far as I know, port 113 is only used for IRC (Internet
> Relay Chat) authentication...no?

Port 113 is used for identd/authentication.

Some IRC servers use it....  But that's not all.

Many servers, especially mail servers, can request ident authentication.

> The source IP's are completely random it seems, source ports are as well
> (3105, 41259, 1931, 4675, 51134...and the list goes on).  Does anyone know
> what this would be?  ...and perhaps WHY the target is my NAT address not the
> public IP?

How does your mail server identify itself to the outside?  Is it by IP or
by hostname?  And does the hostname resolve to the external IP rather than
the internal one?

--CAE  Kujikenaikara!

Sub caelo noctis sto quod stellae mihi spem dant.