Port 113 is the Identd (or auth) port. When you connect to a remote unix
server, a connection may be opened by that server -back- to your port 113.
If you run a unix server with "identd" on port 113, and if the remote side
sends the tcp port # it received the connection from, then your side will
tell the remote unix server the userid of the process that opened that
connection.
If you silently discard those packets, you may see a slight delay in sending
email to some unix servers (because the remote unix does not get an
ICMP telling it that port 113 is unavailable.) If you can send back an
ICP unreachable, that will help streamline your email delivery to unix
servers (probably 90% of the large mail servers in the internet are unix.)
Either way, it won't hurt a thing to drop these packets, loudly or silently.
Remember that if you permit port 113 traffic, _and_ you run identd, then
it is possible for remote systems to know what userid initiated a
TCP connection to them.
-Will
-----Original Message-----
From: Igor I. Shulz <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Sunday, April 04, 1999 1:48 PM
Subject: is 113 dangerous?
>Should I drop TCP-packets on 113 (auth) incoming from internet? I have many
>such packets dropped in syslog and I'm worried am I correct by dropping
>them?
>------------------------------
>Igor I. Shulz
>IS Manager
>Extel Mobile Communications
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
