From: Christopher Mahmood (ckmsuse.com)
Date: Thu Aug 14 2003 - 13:43:43 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Philip B Cook (philipbcookntlworld.com) [030814 11:23]:
> I have checked using www.grc.com which ports I have open to the outside
> world and find that all ports up to 1056 are in stealth mode EXCEPT port 113
> (IDENT) which is reported as closed. So my machine can be detected on this
> port although it will not respond.

The SuSEfirewall has a rule that explicitly rejects tcp/113.
Otherwise, you'll get delays sending mail.

> I have seen suggestions that it is possible to ROUTE any incoming traffic on
> port 113 to a fictitious IP address on my local net, resulting in full
> stealth.

That's probably a bad idea but you could allow the connections and
reroute them with rinetd.

> Any suggestions on how to prevent port 113 being visible.

It's not visible, it's just being denyed. Unless you are actually
running an identd daemon of course.

> Also.. is there a way to get new settings from SUSFirewall2.conf to be
> loaded without having to reboot.

$ /usr/sbin/rcSuSEfirewall2 reload

--

-ckm

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]