LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-21-2004, 11:31 PM   #1
ntime60
LQ Newbie
 
Registered: Feb 2004
Location: Over there --->
Distribution: Slackware 10.0 and SuSE 9.1
Posts: 6

Rep: Reputation: 0
Port 113 masquerading


After testing my firewall config with GRCs Shields up, I found my Linux box leaves port 113 open. Is there a clever way to masquerade port 113 and have it still work normally in IRC and other apps that require Identd response? My goal is simple - to have a completely invisible box on mycable modem.

Currently I have the config set to use firewall on both the external interface and the internal one. The internal network consists of 1 Win2k3 server, 1 Win2k server, 4 XP client boxes, 1 Slackware 10.0 box (my experiment) and the SUSE box which acts as the firewall/router.

The SUSE is running the following.

SUSE 9.1
SUSEFirewall2
Squid
Spamassassin

Monitoring with
Snort
ntop

The box has been rock solid other than I am not sure what to do about port 113. Every setting I have tried results in port 113 being blocked. Any ideas?
 
Old 09-22-2004, 01:19 AM   #2
CroMagnon
Member
 
Registered: Sep 2004
Location: New Zealand
Distribution: Debian
Posts: 900

Rep: Reputation: 33
You could drop all port 113 packets except for known hosts - for example, adding exceptions specifically for your IRC servers. Otherwise - you can't expect access to the port to work without someone else being able to see it. If your ident-requiring servers are on dynamic IP addresses... well, you might be out of luck.
 
Old 09-22-2004, 08:50 PM   #3
ntime60
LQ Newbie
 
Registered: Feb 2004
Location: Over there --->
Distribution: Slackware 10.0 and SuSE 9.1
Posts: 6

Original Poster
Rep: Reputation: 0
hmmm, that is what I was thinking as well. However I happened to read on the grc.com site that some nat routers can successfully port forward and stealth port 113. I was curious to see if anyone had ever done so yet on Linux.

I will see what I can uncover using RFC1413 and attempt to reconfigure SUSEFirewall2 to masq this port.


It is always the little stuff that gets you in the end.
 
Old 09-22-2004, 09:34 PM   #4
CroMagnon
Member
 
Registered: Sep 2004
Location: New Zealand
Distribution: Debian
Posts: 900

Rep: Reputation: 33
(unfavourable comment about SG and grc.com deleted to save space)

I think you may have misunderstood what you read there (or I have misunderstood what you're saying). He says that some hardware routers might be actively rejecting port 113 packets in order to let the requesting server know that you really are there, you're just not running an ident server. This means your IP address doesn't look like a black hole - if someone probes port 113, they will see that there is a machine there, because it's acknowledging their packet. His suggestion is to tell the harware device to send the packet to an invalid IP, so it becomes a black hole again (nothing will ever send back a rejection or confirmation). You could certainly turn port 113 into a black hole with linux, or have it reject the packets (which may solve your IRC problem anyway - hardly anyone required valid ident responses).

He also mentions that ZoneAlarm does a little extra checking to see if the ident request is coming from someone you tried to connect to, and responds if that's the case, or drops the packet otherwise. If this is what you want to achieve with Linux, then I'm not sure how you'd go about it
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Port 113 floppywhopper Linux - Security 7 02-07-2008 07:51 PM
port 113 jthepro Linux - Networking 2 05-24-2004 01:52 PM
113 port spank Linux - Newbie 3 12-02-2003 04:54 PM
port 113 pangfai Linux - Security 7 06-06-2002 06:53 AM
How to stealth port #113 ? johnm1957 Linux - Networking 5 06-05-2002 11:25 PM


All times are GMT -5. The time now is 08:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration