Berend De Schouwer wrote:
> > Port 111 is the Sun Remore Procedure call an unless you are wanting to
> > offer such services to other Sun systems, then block it out.
> >
> > Use REJECT rather than DENY - it tells the Sun system to forget it.
> > You will get log entries if you use the -l option but they make interesting
> > reading.
> >
> > Unrelated but for security purposes, block 113 and 137.
NB: do *not* use DENY on port 113; use REJECT.
> > Look at /etc/services. (grep 113 /etc/services)
>
> 113 is currently blocked, but generates its share of logs. It seems to
> happen when sendmail connects (makes a reverse connection to 113). Why
> is that? To verify the sender?
Whenever a client connects to a server, the server may connect back to
port 113 ("auth", aka "ident") to obtain the username on the client.
The protocol is described in RFC 931.
Not all daemons do this (HTTP daemons normaly don't), but many (or
even most) do.
> And how do I stop it?
Some daemons can be configured as to whether they issue ident
requests. For tcpd, it's a compile-time option. For sendmail, it's
controlled by whether the "O Timeout.ident" setting (in sendmail.cf)
is non-zero.
You can't control whether other peoples' servers try to connect to
your auth service, but you can use ipchains to REJECT the connection
(don't use DENY; that will result in outbound connections hanging
while the server waits for the auth lookup to time out).
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
