Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [suse-security] Stealthing Port 113
From: Christopher Mahmood (ckmsuse.com)
Date: Thu Aug 14 2003 - 13:43:43 CDT
* Philip B Cook (philipbcookntlworld.com) [030814 11:23]:
> I have checked using www.grc.com which ports I have open to the outside
> world and find that all ports up to 1056 are in stealth mode EXCEPT port 113
> (IDENT) which is reported as closed. So my machine can be detected on this
> port although it will not respond.
The SuSEfirewall has a rule that explicitly rejects tcp/113.
Otherwise, you'll get delays sending mail.
> I have seen suggestions that it is possible to ROUTE any incoming traffic on
> port 113 to a fictitious IP address on my local net, resulting in full
That's probably a bad idea but you could allow the connections and
reroute them with rinetd.
> Any suggestions on how to prevent port 113 being visible.
It's not visible, it's just being denyed. Unless you are actually
running an identd daemon of course.
> Also.. is there a way to get new settings from SUSFirewall2.conf to be
> loaded without having to reboot.
$ /usr/sbin/rcSuSEfirewall2 reload
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here