Koozali.org formerly Contribs.org

Version 5.5 security

Mr Dog

Version 5.5 security
« on: July 16, 2002, 05:52:38 PM »
I have installed version 5.5 as a private server/gateway.

GRC is telling me port 113 is OPEN and since I am a private gateway
I want to be as stealthy as I can.
Why are these open by default?

ACCEPT     tcp  ------  anywhere             not.telling.com.au  any ->   auth
ACCEPT     udp  ------  anywhere             not.telling.com.au any ->   113

Is there a simple setting to block these?
Custom templates are a pain.

Apart from that 5.5 seems very sweet.

Bill Talcott

Re: Version 5.5 security
« Reply #1 on: July 16, 2002, 06:40:42 PM »
Port 113 is ident. Some servers (IRC, SMTP, etc.) use it to contact the client. If you stealth it (just drop all incoming packets), some of your connections may take longer. This is because it has to wait for the connection to time out, instead of immediately receiving a reply (whether it's "ok" or "denied"). See http://forums.contribs.org/index.php?topic=13868.msg52747#msg52747 for my findings on it, and http://www.tpffaq.com/cgi-bin/faqmanager.cgi?file=other&toc=faq#q2 for more info on results of blocking ident.

fred m.

Re: Version 5.5 security
« Reply #2 on: July 17, 2002, 08:48:58 PM »
Here are some good howto's from Mitel: