Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] FW port 113 keeps open
  • From: Peter Wiersig <wiersig-ml@xxxxxxxxxxxxx>
  • Date: Fri, 13 Sep 2002 15:47:57 +0200
  • Message-id: <20020913154757.C21092@xxxxxxxxxxxxx>
Pep wrote:
>
> I am installing a new FW with SuSE 8.0. I don't how the
> port TCP 113 keeps open...
>
> I have checked the iptables command used by the FW and
> it seems ok:
> montblanc:/home/pep # SuSEfirewall2 debug | grep 113
> iptables -A input_ext -j REJECT -p tcp --dport 113
> --syn --reject-with tcp-reset
> iptables -A input_dmz -j REJECT -p tcp --dport 113
> --syn --reject-with tcp-reset
> iptables -A input_int -j REJECT -p tcp --dport 113
> --syn --reject-with tcp-reset
> It should be rejecting any connections to port 113...
>
> So far is not a big risk because I do not run any
> application in that port. How can I reject connections
> to port 113? What is SuSE FW is allowing port 113???

Port 113 is the "identd", a daemon useful for finding out which user
has opened a connection to your server. If you close this port with
"DROP" your client will hang when sending mail or connecting to a
ftp-site.

The firewall rules you listed above should close the port On The
Firewall machine itself.

I would recommend that you leave the port open so that you will not
have to endure the hang period.

Peter

< Previous Next >
References