* port 113 ?
@ 2005-01-13 7:59 Brent Clark
2005-01-13 8:03 ` Klemen Kecman
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Brent Clark @ 2005-01-13 7:59 UTC (permalink / raw)
To: iptables
[-- Attachment #1: Type: text/plain, Size: 1047 bytes --]
Hi all
on my debian fw, im running virtually no services (as to which is the
law) on my fw:
gate:~# netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN
tcp 0 0 192.168.111.10:22 0.0.0.0:* LISTEN
tcp 0 0 192.168.111.10:3128 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:33644 0.0.0.0:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
gate:~#
Soo I would like to know, if it is advisable to stop identd. I have
googled abit and from what I gather, its considered as dangerous and
basically pointless to run. By removing / stopping this service, will it
hamper hinder my users, other servers in any other way. I only run a
mail and ftp server.
Kind Regards and thanks inadvance
Brent Clark
^ permalink raw reply [flat|nested] 6+ messages in thread
* port 113 ?
@ 2005-01-13 7:59 Brent Clark
0 siblings, 0 replies; 6+ messages in thread
From: Brent Clark @ 2005-01-13 7:59 UTC (permalink / raw)
To: iptables
Hi all
on my debian fw, im running virtually no services (as to which is the
law) on my fw:
gate:~# netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN
tcp 0 0 192.168.111.10:22 0.0.0.0:* LISTEN
tcp 0 0 192.168.111.10:3128 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:33644 0.0.0.0:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
gate:~#
Soo I would like to know, if it is advisable to stop identd. I have
googled abit and from what I gather, its considered as dangerous and
basically pointless to run. By removing / stopping this service, will it
hamper hinder my users, other servers in any other way. I only run a
mail and ftp server.
Kind Regards and thanks inadvance
Brent Clark
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: port 113 ?
2005-01-13 7:59 Brent Clark
@ 2005-01-13 8:03 ` Klemen Kecman
2005-01-13 8:20 ` Ralf Spenneberg
2005-01-13 13:39 ` Jason Opperisano
2 siblings, 0 replies; 6+ messages in thread
From: Klemen Kecman @ 2005-01-13 8:03 UTC (permalink / raw)
To: netfilter
> Hi all
>
> on my debian fw, im running virtually no services (as to which is the
> law) on my fw:
>
> gate:~# netstat -ln
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN
> tcp 0 0 192.168.111.10:22 0.0.0.0:* LISTEN
> tcp 0 0 192.168.111.10:3128 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
> udp 0 0 0.0.0.0:33644 0.0.0.0:*
> Active UNIX domain sockets (only servers)
> Proto RefCnt Flags Type State I-Node Path
> gate:~#
>
>
> Soo I would like to know, if it is advisable to stop identd. I have
> googled abit and from what I gather, its considered as dangerous and
> basically pointless to run. By removing / stopping this service, will it
> hamper hinder my users, other servers in any other way. I only run a
> mail and ftp server.
>
> Kind Regards and thanks inadvance
> Brent Clark
>
>
You can stop ident daemon (which ever you have), as long as you don't need
it ;)
Greets,
Klemen K.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: port 113 ?
2005-01-13 7:59 Brent Clark
2005-01-13 8:03 ` Klemen Kecman
@ 2005-01-13 8:20 ` Ralf Spenneberg
2005-01-13 13:39 ` Jason Opperisano
2 siblings, 0 replies; 6+ messages in thread
From: Ralf Spenneberg @ 2005-01-13 8:20 UTC (permalink / raw)
To: Brent Clark; +Cc: iptables
Am Do, den 13.01.2005 schrieb Brent Clark um 8:59:
> Soo I would like to know, if it is advisable to stop identd. I have
> googled abit and from what I gather, its considered as dangerous and
> basically pointless to run. By removing / stopping this service, will it
> hamper hinder my users, other servers in any other way. I only run a
> mail and ftp server.
Yes you can stop it. It is not used by your ftp or mail server. Since it
might be used by remote ftp or mailservers you are connecting to, you
should take care that the packets destined at port 113 are not dropped
but rejected (default, if no firewall is running). Otherwise you can
experience delays.
Ralf
--
Ralf Spenneberg <lists@spenneberg.org>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: port 113 ?
2005-01-13 7:59 Brent Clark
2005-01-13 8:03 ` Klemen Kecman
2005-01-13 8:20 ` Ralf Spenneberg
@ 2005-01-13 13:39 ` Jason Opperisano
2005-01-13 15:15 ` R. DuFresne
2 siblings, 1 reply; 6+ messages in thread
From: Jason Opperisano @ 2005-01-13 13:39 UTC (permalink / raw)
To: netfilter
On Thu, 2005-01-13 at 02:59, Brent Clark wrote:
> Soo I would like to know, if it is advisable to stop identd. I have
> googled abit and from what I gather, its considered as dangerous and
> basically pointless to run. By removing / stopping this service, will it
> hamper hinder my users, other servers in any other way. I only run a
> mail and ftp server.
there are still mail servers out there configured to do an ident lookup
prior to sending mail to you. i normally disable identd, but i always
add a rule like this to speed up services that still request it:
iptables -N ident
iptables -A ident -p tcp --syn --dport 113 \
-j REJECT --reject-with tcp-reset
iptables -A INPUT -j ident
iptables -A FORWARD -j ident
-j
--
"Ahh the Luftwaffe--the Washington Generals of the History Channel."
--The Simpsons
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: port 113 ?
2005-01-13 13:39 ` Jason Opperisano
@ 2005-01-13 15:15 ` R. DuFresne
0 siblings, 0 replies; 6+ messages in thread
From: R. DuFresne @ 2005-01-13 15:15 UTC (permalink / raw)
To: Jason Opperisano; +Cc: netfilter
On Thu, 13 Jan 2005, Jason Opperisano wrote:
> On Thu, 2005-01-13 at 02:59, Brent Clark wrote:
> > Soo I would like to know, if it is advisable to stop identd. I have
> > googled abit and from what I gather, its considered as dangerous and
> > basically pointless to run. By removing / stopping this service, will it
> > hamper hinder my users, other servers in any other way. I only run a
> > mail and ftp server.
>
> there are still mail servers out there configured to do an ident lookup
> prior to sending mail to you. i normally disable identd, but i always
> add a rule like this to speed up services that still request it:
>
> iptables -N ident
> iptables -A ident -p tcp --syn --dport 113 \
> -j REJECT --reject-with tcp-reset
>
> iptables -A INPUT -j ident
> iptables -A FORWARD -j ident
>
besides sendmail, many <most?> irc servers also want to get a ident reply
back, so one might want to add a rules for say a source ports of 6667
coming in and a dest port 113 on the inside that allows a faked reply from
their pidentd or whatever they use.
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
...Love is the ultimate outlaw. It just won't adhere to rules.
The most any of us can do is sign on as it's accomplice. Instead
of vowing to honor and obey, maybe we should swear to aid and abet.
That would mean that security is out of the question. The words
"make" and "stay" become inappropriate. My love for you has no
strings attached. I love you for free...
-Tom Robins <Still Life With Woodpecker>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2005-01-13 15:15 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-01-13 7:59 port 113 ? Brent Clark
-- strict thread matches above, loose matches on Subject: below --
2005-01-13 7:59 Brent Clark
2005-01-13 8:03 ` Klemen Kecman
2005-01-13 8:20 ` Ralf Spenneberg
2005-01-13 13:39 ` Jason Opperisano
2005-01-13 15:15 ` R. DuFresne
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.