Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: FW port 113 keeps open
  • From: Thomas Seliger <CRJLJAKTJORB@xxxxxxxxxxxxx>
  • Date: Fri, 13 Sep 2002 17:19:38 +0200
  • Message-id: <3D82020A.4070300@xxxxxxxxxxxxx>
It does exactly what you said, it REJECTS the packet. Reject means that a "reject packet" is send back to the remote host. If you had a deny rule here, the firewall would just drop the packet (thats the difference between deny and reject).

NMAP gets the reject packet and assumes that the port is there but closed (hence the "closed" state).

113 is usually set to REJECT instead of DENY because some services tend to take some time to realize that auth over 113 is disabled when they are waiting for the response. Reject tells em that auth is disabled.

ciao
Tom



Pep wrote:

When I scan the TCP ports from the external iface I see
that port 113 is not rejected:

22/tcp open ssh 25/tcp open smtp 80/tcp open http 113/tcp closed auth 443/tcp open https




--
this is a maillist account, so please
send personal replies to cso[at]trium[dot]de


< Previous Next >
Follow Ups
References