[Dshield] Randex.E from Symantec
jstewart at lurhq.com
Wed Aug 13 20:34:40 GMT 2003
On Wednesday 13 August 2003 04:20 pm, Jon R. Kibler wrote:
> Port 113 -- AUTH -- can't block that one easily. If you do so, most mail
> connections will hang for about 90 to 180 seconds before timing out their
> IDENT request and then proceeding.
> Not good.
> I wonder if this poses any risk to corruption of IDENTD or PIDENTD servers?
There's no need to block this port. What Symantec is saying is that it listens
on port 113 for ident requests. This is pretty common in IRC bots.
Joe Stewart, GCIH
Senior Security Researcher
More information about the list