Re: Port 113 (auth) accept or deny?

To: debian-security@lists.debian.org
Subject: Re: Port 113 (auth) accept or deny?
From: Will Aoki <waoki@umnh.utah.edu>
Date: Sat, 9 Feb 2002 14:05:00 -0700
Message-id: <[🔎] 20020209140500.R29217@umnh.utah.edu>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 02020921390001.00348@weissi.de>; from weissi@tux4u.de on Sat, Feb 09, 2002 at 09:39:00PM +0100
References: <[🔎] 02020921390001.00348@weissi.de>

On Sat, Feb 09, 2002 at 09:39:00PM +0100, Johannes Weiss wrote:
> 
> Hi,
> I have a security question:
> On my HTTP(s)/MAIL(SMTP,POP,IMAP)/SSH-Server:
> should I open(accept) or close(deny, perhaps reject?) the port 113???

Accept if you've chosen to run an ident server; otherwise, reject, but
don't deny. The deny target dosen't send back indication that the traffic
was dropped, so if you send mail to a mailserver that does ident queries,
you'll have to wait for the queries to time out before the mail can go
through.

(The only case where I can see accept on tcp/113 being dangerous if
you're not running an ident server is if you're firewalled against inbound
SYNs to all your other ports that don't have daemons listening and if
someone broke in using a non-identd entry point and left a backdoor
listening on 113. I'm not aware of any standard kiddie-friendly rootkits
in the wild doing this, but an clued attacker might do it.)

-- 
William Aoki     waoki@umnh.utah.edu       /"\  ASCII Ribbon Campaign
3B0A 6800 8A1A 78A7 9A26 BB92              \ /  No HTML in mail or news!
9A26 BB92 6329 2D3E 199D 8C7B               X
                                           / \

Reply to:

References:
- Port 113 (auth) accept or deny?
  - From: Johannes Weiss <weissi@tux4u.de>

Prev by Date: Re: Port 113 (auth) accept or deny?
Next by Date: Re: Port 113 (auth) accept or deny?
Previous by thread: Re: hosts deny, alow
Next by thread: Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
Index(es):
- Date
- Thread