[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Puerto 113

xploiting wrote ..
> Hola, soy nuevo en la lista y tenia una duda. Tengo Debian etch y hago
> nmap -vv -sS -P0 localhost y me dice que tengo abierto el puerto 113.
> Quisiera saber cuales si este serivicio es imprescindible, por si
> puedo cerrarlo para mejorar así mi seguridad.
> Gracias por la atención.
> --
> To UNSUBSCRIBE, email to debian-user-spanish-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Está en inglés, pero se entiende bien. Googleando...

Why isn't my Port 113 Stealthed? I'm using a firewall to stealth my entire machine, but the ShieldsUP! port probe shows port 113 to only be closed instead of stealthed! What gives?

Port 113 is associated with the Internet's Ident/Auth (Identification / Authentication) service. When a client program in your computer contacts a remote server for services such as POP, IMAP, SMTP, or IRC, that remote server sends back a query to the "Ident" server running in many systems listening for these queries on port 113. Essentially, the remote server is asking your system to identify itself . . . and you. This means that port 113 is often probed by attackers as a rich source of your personal information.

You may recall, from my explanation of Stealthed ports, that attempting to connect to a stealthed port is both costly and painful for the contact initiator ? which is why it's so cool to stealth our machines. But the problem with simple stealthing of port 113 is that we don't want to hurt the servers we are trying to contact when they turn around and send us their IDENT query. If they get no response at all from their port 113 query, our connection to them (which initiated their query in the first place) will be delayed or perhaps completely abandoned.

Note that not all servers generate IDENT queries. So, depending upon your ISP, stealthing port 113 may not be any problem for you. However, you'll note that requirements for port 113 are common enough that most mature firewalls (BlackICE Defender, AtGuard, NIS2K, etc.) include built-in default rules allowing IDENT queries to pass through. These rules result in the IDENT's status being "closed" rather than "stealth."

Reply to: