[Dshield] Randex.E from Symantec

Shannon Johnston sjohnston at cavion.com
Wed Aug 13 20:50:37 GMT 2003


We solve the timeout problem by having our FW reject 113 requests.

Shannon Johnston

On Wed, 2003-08-13 at 14:34, Joe Stewart wrote:
> On Wednesday 13 August 2003 04:20 pm, Jon R. Kibler wrote:
> > Port 113 -- AUTH -- can't block that one easily. If you do so, most mail
> > connections will hang for about 90 to 180 seconds before timing out their
> > IDENT request and then proceeding.
> >
> > Not good.
> >
> > I wonder if this poses any risk to corruption of IDENTD or PIDENTD servers?
> 
> There's no need to block this port. What Symantec is saying is that it listens 
> on port 113 for ident requests. This is pretty common in IRC bots.
> 
> -Joe
-- 
Shannon Johnston <sjohnston at cavion.com>




More information about the list mailing list