[Dshield] Randex.E from Symantec
Jon R. Kibler
Jon.Kibler at aset.com
Thu Aug 14 18:22:57 GMT 2003
Shannon Johnston wrote:
> We solve the timeout problem by having our FW reject 113 requests.
Any idea how I can do that on a Cisco router? "Deny" simply drops packets.
Charleston, SC USA
> Shannon Johnston
> On Wed, 2003-08-13 at 14:34, Joe Stewart wrote:
> > On Wednesday 13 August 2003 04:20 pm, Jon R. Kibler wrote:
> > > Port 113 -- AUTH -- can't block that one easily. If you do so, most mail
> > > connections will hang for about 90 to 180 seconds before timing out their
> > > IDENT request and then proceeding.
> > >
> > > Not good.
> > >
> > > I wonder if this poses any risk to corruption of IDENTD or PIDENTD servers?
> > There's no need to block this port. What Symantec is saying is that it listens
> > on port 113 for ident requests. This is pretty common in IRC bots.
> > -Joe
> Shannon Johnston <sjohnston at cavion.com>
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list