[Dshield] Randex.E from Symantec

Joe Stewart jstewart at lurhq.com
Wed Aug 13 20:34:40 GMT 2003


On Wednesday 13 August 2003 04:20 pm, Jon R. Kibler wrote:
> Port 113 -- AUTH -- can't block that one easily. If you do so, most mail
> connections will hang for about 90 to 180 seconds before timing out their
> IDENT request and then proceeding.
>
> Not good.
>
> I wonder if this poses any risk to corruption of IDENTD or PIDENTD servers?

There's no need to block this port. What Symantec is saying is that it listens 
on port 113 for ident requests. This is pretty common in IRC bots.

-Joe

-- 
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ Corporation
http://www.lurhq.com/




More information about the list mailing list