[Dshield] Randex.E from Symantec

Jon R. Kibler Jon.Kibler at aset.com
Thu Aug 14 18:22:57 GMT 2003


Shannon Johnston wrote:
> 
> We solve the timeout problem by having our FW reject 113 requests.

Any idea how I can do that on a Cisco router? "Deny" simply drops packets.

Thanks!
Jon Kibler
A.S.E.T., Inc.
Charleston, SC  USA

> 
> Shannon Johnston
> 
> On Wed, 2003-08-13 at 14:34, Joe Stewart wrote:
> > On Wednesday 13 August 2003 04:20 pm, Jon R. Kibler wrote:
> > > Port 113 -- AUTH -- can't block that one easily. If you do so, most mail
> > > connections will hang for about 90 to 180 seconds before timing out their
> > > IDENT request and then proceeding.
> > >
> > > Not good.
> > >
> > > I wonder if this poses any risk to corruption of IDENTD or PIDENTD servers?
> >
> > There's no need to block this port. What Symantec is saying is that it listens
> > on port 113 for ident requests. This is pretty common in IRC bots.
> >
> > -Joe
> --
> Shannon Johnston <sjohnston at cavion.com>
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list