Port 113

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

I recently noticed in my firewall logs incoming packets to my port 113,
coming from various IP addresses. Does anyone know what this means? I
don't recall seeing it before, but in the last day or two it seems to be
happening a lot. Right now the firewall is blocking them. Everything
seems to work fine otherwise. Any ideas why this is happening?

--
Kerodo
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

On Mon, 12 Jul 2004 01:02:14 -0700, Kerodo wrote:
> I recently noticed in my firewall logs incoming packets to my port 113,
> coming from various IP addresses. Does anyone know what this means? I
> don't recall seeing it before, but in the last day or two it seems to be
> happening a lot. Right now the firewall is blocking them. Everything
> seems to work fine otherwise. Any ideas why this is happening?

infected machines hitting your box. Normal noise.

http://isc.sans.org/port_details.php?port=113
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

In article <slrncf4hkd.u4v.BitTwister@wb.home.invalid>,
BitTwister@localhost.localdomain says...
> On Mon, 12 Jul 2004 01:02:14 -0700, Kerodo wrote:
> > I recently noticed in my firewall logs incoming packets to my port 113,
> > coming from various IP addresses. Does anyone know what this means? I
> > don't recall seeing it before, but in the last day or two it seems to be
> > happening a lot. Right now the firewall is blocking them. Everything
> > seems to work fine otherwise. Any ideas why this is happening?
>
> infected machines hitting your box. Normal noise.
>
> http://isc.sans.org/port_details.php?port=113
>

Ok, thanks...

--
Kerodo
 
D

DJ

Distinguished
Apr 2, 2004
203
0
18,680
Archived from groups: comp.security.firewalls (More info?)

Kerodo wrote:

> I recently noticed in my firewall logs incoming packets to my port 113,
> coming from various IP addresses. Does anyone know what this means? I
> don't recall seeing it before, but in the last day or two it seems to be
> happening a lot. Right now the firewall is blocking them. Everything
> seems to work fine otherwise. Any ideas why this is happening?
>

Maby some IRC server.. I see incoming traffic blocked in my logs, when
connect to the irc server.

Greets
D
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Hallo Kerodo, you wrote:

> In article <slrncf4hkd.u4v.BitTwister@wb.home.invalid>,
> BitTwister@localhost.localdomain says...
> > > I recently noticed in my firewall logs incoming packets to my port 113,
> > > coming from various IP addresses.

> > infected machines hitting your box. Normal noise.
> > http://isc.sans.org/port_details.php?port=113

One explanation but not the only one: Port 113 is the ident service,
often used in conjunction with smtp and/or ftp (look in your firewall
log). So, if you want to use a smtp server, you must have an ident
server or you have to reject 113-packets correctly and not to drop.

HTH
Wolfgang
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Wolfgang Ewert <w.ewert2002@gmx.de> wrote:

> One explanation but not the only one: Port 113 is the ident service,
> often used in conjunction with smtp and/or ftp (look in your firewall
> log). So, if you want to use a smtp server, you must have an ident
> server or you have to reject 113-packets correctly and not to drop.

IDENT is also used by IRC-servers quite often, IIRC.

Juergen Nieveler
--
"I know the human being and fish can coexist peacefully"
George W. Bush --Saginaw, Mich., Sept. 29, 2000
 
B

Barry

Distinguished
Apr 1, 2004
346
0
18,780
Archived from groups: comp.security.firewalls (More info?)

"Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message
news:Xns9524C7AD36561juergennieveler@nieveler.org...
> Wolfgang Ewert <w.ewert2002@gmx.de> wrote:
>
> > One explanation but not the only one: Port 113 is the ident service,
> > often used in conjunction with smtp and/or ftp (look in your firewall
> > log). So, if you want to use a smtp server, you must have an ident
> > server or you have to reject 113-packets correctly and not to drop.
>
> IDENT is also used by IRC-servers quite often, IIRC.
>
> Juergen Nieveler
> --
> "I know the human being and fish can coexist peacefully"
> George W. Bush --Saginaw, Mich., Sept. 29, 2000

yup, it is
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom