LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-04-2002, 10:16 PM   #1
pangfai
LQ Newbie
 
Registered: Jun 2002
Posts: 16

Rep: Reputation: 0
port 113


I found from my firewall monitor, our linux server keeps using port 113 to connect to a few external IP addresses. This did not happened before.

Based on my firewall information, it is my server which directly contact those external IP instead of coming in (our firewall blocks incoming signals from port 113).

Does anyone know what can I do about it ?
 
Old 06-05-2002, 03:36 AM   #2
MartBrooks
Member
 
Registered: May 2002
Location: London
Distribution: Debian
Posts: 388

Rep: Reputation: 31
If you take a look at /etc/services you'll see that port 113 is used by ident. Unless you need it, disable it.

Regards
 
Old 06-05-2002, 03:59 AM   #3
pangfai
LQ Newbie
 
Registered: Jun 2002
Posts: 16

Original Poster
Rep: Reputation: 0
We are currently running Apache, Sendmail and POP3 service in the Linux server. Is port 113 useful ?

I used the firewall to blocked all outgoing signals from port 113, it appears the server need this port to send something back to our e-mail users (but I don't know it is used in POP3 or SMTP).

No matter what, blocking this port seems not affecting our e-mails at this moment.
 
Old 06-05-2002, 05:33 AM   #4
Noerr
Member
 
Registered: May 2002
Location: Dalec, HU
Distribution: Redhat 7.3
Posts: 696

Rep: Reputation: 30
i think it mostly used for ftp and pop3 so you'll probably have to keep it
 
Old 06-05-2002, 09:46 AM   #5
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
Try rejecting instead of dropping. There is still a time lag when users try to log in, but it isn't nearly as bad with a REJECT rather than a DROP.
 
Old 06-05-2002, 11:12 PM   #6
pangfai
LQ Newbie
 
Registered: Jun 2002
Posts: 16

Original Poster
Rep: Reputation: 0
when I issue command : netstat , I found the Linux server is using port 4256, 4257, 4258.... instead of Port 113, POP3 and SMTP. And the destination IPs are in line with the outgoing addresses captured by our firewall from Port 113 of the Linux.

I feel uncomfortable and wonder my server has been trojan. Any software allows me to watch what is the data passing through these port ?
 
Old 06-06-2002, 01:34 AM   #7
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Rep: Reputation: 56
man tcpdump
the expression allows you to specify port
 
Old 06-06-2002, 06:53 AM   #8
Noerr
Member
 
Registered: May 2002
Location: Dalec, HU
Distribution: Redhat 7.3
Posts: 696

Rep: Reputation: 30
go rather for sniffit progie; really nice and adjustable
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Port 113 floppywhopper Linux - Security 7 02-07-2008 07:51 PM
port 113 jthepro Linux - Networking 2 05-24-2004 01:52 PM
113 port spank Linux - Newbie 3 12-02-2003 04:54 PM
blocking port 113 pix Debian 6 08-01-2003 06:53 AM
How to stealth port #113 ? johnm1957 Linux - Networking 5 06-05-2002 11:25 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration