LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Port 113 masquerading (https://www.linuxquestions.org/questions/linux-newbie-8/port-113-masquerading-233631/)

ntime60 09-21-2004 10:31 PM
Port 113 masquerading
 
After testing my firewall config with GRCs Shields up, I found my Linux box leaves port 113 open. Is there a clever way to masquerade port 113 and have it still work normally in IRC and other apps that require Identd response? My goal is simple - to have a completely invisible box on mycable modem.

Currently I have the config set to use firewall on both the external interface and the internal one. The internal network consists of 1 Win2k3 server, 1 Win2k server, 4 XP client boxes, 1 Slackware 10.0 box (my experiment) and the SUSE box which acts as the firewall/router.

The SUSE is running the following.

SUSE 9.1
SUSEFirewall2
Squid
Spamassassin

Monitoring with
Snort
ntop

The box has been rock solid other than I am not sure what to do about port 113. Every setting I have tried results in port 113 being blocked. Any ideas?

CroMagnon 09-22-2004 12:19 AM
You could drop all port 113 packets except for known hosts - for example, adding exceptions specifically for your IRC servers. Otherwise - you can't expect access to the port to work without someone else being able to see it. If your ident-requiring servers are on dynamic IP addresses... well, you might be out of luck.

ntime60 09-22-2004 07:50 PM
hmmm, that is what I was thinking as well. However I happened to read on the grc.com site that some nat routers can successfully port forward and stealth port 113. I was curious to see if anyone had ever done so yet on Linux.

I will see what I can uncover using RFC1413 and attempt to reconfigure SUSEFirewall2 to masq this port.


It is always the little stuff that gets you in the end. :D

CroMagnon 09-22-2004 08:34 PM
(unfavourable comment about SG and grc.com deleted to save space)

I think you may have misunderstood what you read there (or I have misunderstood what you're saying). He says that some hardware routers might be actively rejecting port 113 packets in order to let the requesting server know that you really are there, you're just not running an ident server. This means your IP address doesn't look like a black hole - if someone probes port 113, they will see that there is a machine there, because it's acknowledging their packet. His suggestion is to tell the harware device to send the packet to an invalid IP, so it becomes a black hole again (nothing will ever send back a rejection or confirmation). You could certainly turn port 113 into a black hole with linux, or have it reject the packets (which may solve your IRC problem anyway - hardly anyone required valid ident responses).

He also mentions that ZoneAlarm does a little extra checking to see if the ident request is coming from someone you tried to connect to, and responds if that's the case, or drops the packet otherwise. If this is what you want to achieve with Linux, then I'm not sure how you'd go about it :(


All times are GMT -5. The time now is 03:03 AM.