Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] Re: FW port 113 keeps open
  • From: Pep Serrano <pep@xxxxxxxxxxx>
  • Date: Fri, 13 Sep 2002 18:04:47 +0200
  • Message-id: <200209131804.47565.pep@xxxxxxxxxxx>
Hi Thomas.

Thanks for your explanation. Now I undertand the complete scene...
Anyway, what would be the practical difference if I open the port 113 in the
firewall??? Nmap would keep reporting 113 is "closed" as long as I don't
start any application listening on that port... Am I right?

Nice we everybody!

On Friday 13 September 2002 17:19, Thomas Seliger wrote:
> It does exactly what you said, it REJECTS the packet. Reject means that
> a "reject packet" is send back to the remote host. If you had a deny
> rule here, the firewall would just drop the packet (thats the difference
> between deny and reject).
>
> NMAP gets the reject packet and assumes that the port is there but
> closed (hence the "closed" state).
>
> 113 is usually set to REJECT instead of DENY because some services tend
> to take some time to realize that auth over 113 is disabled when they
> are waiting for the response. Reject tells em that auth is disabled.

< Previous Next >
References