RE: Port 113 requests?

From: Tony Gale (galeat_private)
Date: Fri Dec 07 2001 - 01:45:09 PST

Next message: Todd Suiter: "RE: Port 113 requests?"

Previous message: Mike Meredith: "Re: Port 113 requests?"
In reply to: Slighter, Tim: "RE: Port 113 requests?"
Next in thread: Florian Weimer: "Re: Port 113 requests?"
Next in thread: Chris Keladis: "RE: Port 113 requests?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Normally I'd agree, but auth (113) is a special case due to how it is
used. As previously stated certain mail systems will try an auth
connection. Also, certain eBanking systems will do the same. Simply
dropping these connection will result in these services not working
correctly. So, you should either send a RST or ICMP unreachable.

-tony

On Thu, 2001-12-06 at 20:51, Slighter, Tim wrote:
> you really should try and specify that the rule "drops" instead of reject so
> that the potential intruder is not provided with any information about their
> attempted connection.
> 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Todd Suiter: "RE: Port 113 requests?"
Previous message: Mike Meredith: "Re: Port 113 requests?"
In reply to: Slighter, Tim: "RE: Port 113 requests?"
Next in thread: Florian Weimer: "Re: Port 113 requests?"
Next in thread: Chris Keladis: "RE: Port 113 requests?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 07 2001 - 13:34:42 PST