[Dshield] ...so much hurt trough hacking one day...

André Costa brblueser at uol.com.br
Tue Nov 26 21:27:48 GMT 2002


----- Original Message -----
From: "Bruce Lilly" <blilly at erols.com>
To: <list at dshield.org>
Sent: Tuesday, November 26, 2002 5:48 PM
Subject: Re: [Dshield] ...so much hurt trough hacking one day...


> Port 113 connects are not necessarily harmless and can be quite
> dangerous in a number of ways:
> 1. There are known exploita against some ident (a.k.a. auth) servers.
>     Search CERT for port 113, ident, auth
> 2. The ident protocol may reveal information which you would prefer
>     not to disclose to nosy individuals. It can return information
>     about the type and version of OS on your computer, id of logged in
>     users, etc., all of which is invaluable to hackers.
>
> Here, port 113 connection attempts are dropped and logged, and the logs
> submitted to Dshield.  Ftp and smtp work fine and I don't use IRC.
> Nobody needs to know what OS is in use here or who is logged in at
> any given time.

Well, while I agree that port 113 might definitely be a target for exploits,
and that it shouldn't be necessary to keep it opened, I cannot say things
run 100% fine if I just block it here. I have two boxes here: my dad's
running Win98 (I know, I know... I hate this "sub-OS" too, but it suits his
needs fine, so...) and my box with Linux and Win2000. My dad's SMTP server
times out some attempts (usually the first ones) if I don't allow it to poke
port 113. Also, xchat on Linux hangs for a little while (3-5s) before
establishing a connection if port 113 is simply blocked.

Fortunately, iptables allow me to reply with TCP_REJECT to attempts on port
113, so my life is easier. OTOH, Sygate Personal Firewall doesn't have this
fancy feature (maybe Pro version has, I don't know), so I have to keep port
113 opened in order no to keep my dad (and I, since he won't be complaining)
happy.

Best,

Andre


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.419 / Virus Database: 235 - Release Date: 13/11/2002




More information about the list mailing list