Tom's Hardware > Forum > General Networking > Firewall > Port 113

Port 113

Forum General Networking : Firewall - Port 113

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   07-12-2004 at 07:02:14 AM

Archived from groups: comp.security.firewalls (More info?)

 

I recently noticed in my firewall logs incoming packets to my port 113,
coming from various IP addresses. Does anyone know what this means? I
don't recall seeing it before, but in the last day or two it seems to be
happening a lot. Right now the firewall is blocking them. Everything
seems to work fine otherwise. Any ideas why this is happening?

--
Kerodo

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   07-12-2004 at 02:06:37 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

On Mon, 12 Jul 2004 01:02:14 -0700, Kerodo wrote:
> I recently noticed in my firewall logs incoming packets to my port 113,
> coming from various IP addresses. Does anyone know what this means? I
> don't recall seeing it before, but in the last day or two it seems to be
> happening a lot. Right now the firewall is blocking them. Everything
> seems to work fine otherwise. Any ideas why this is happening?

infected machines hitting your box. Normal noise.

http://isc.sans.org/port_details.php?port=113

Reply to Anonymous
Anonymous   07-12-2004 at 02:06:38 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

In article <slrncf4hkd.u4v.BitTwister@wb.home.invalid>,
BitTwister@localhost.localdomain says...
> On Mon, 12 Jul 2004 01:02:14 -0700, Kerodo wrote:
> > I recently noticed in my firewall logs incoming packets to my port 113,
> > coming from various IP addresses. Does anyone know what this means? I
> > don't recall seeing it before, but in the last day or two it seems to be
> > happening a lot. Right now the firewall is blocking them. Everything
> > seems to work fine otherwise. Any ideas why this is happening?
>
> infected machines hitting your box. Normal noise.
>
> http://isc.sans.org/port_details.php?port=113
>

Ok, thanks...

--
Kerodo

Reply to Anonymous
DJ   07-12-2004 at 05:57:28 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

Kerodo wrote:

> I recently noticed in my firewall logs incoming packets to my port 113,
> coming from various IP addresses. Does anyone know what this means? I
> don't recall seeing it before, but in the last day or two it seems to be
> happening a lot. Right now the firewall is blocking them. Everything
> seems to work fine otherwise. Any ideas why this is happening?
>

Maby some IRC server.. I see incoming traffic blocked in my logs, when
connect to the irc server.

Greets
D

Reply to DJ
Anonymous   07-12-2004 at 11:36:47 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

Hallo Kerodo, you wrote:

> In article <slrncf4hkd.u4v.BitTwister@wb.home.invalid>,
> BitTwister@localhost.localdomain says...
> > > I recently noticed in my firewall logs incoming packets to my port 113,
> > > coming from various IP addresses.

> > infected machines hitting your box. Normal noise.
> > http://isc.sans.org/port_details.php?port=113

One explanation but not the only one: Port 113 is the ident service,
often used in conjunction with smtp and/or ftp (look in your firewall
log). So, if you want to use a smtp server, you must have an ident
server or you have to reject 113-packets correctly and not to drop.

HTH
Wolfgang

Reply to Anonymous
Anonymous   07-12-2004 at 11:58:03 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

Wolfgang Ewert <w.ewert2002@gmx.de> wrote:

> One explanation but not the only one: Port 113 is the ident service,
> often used in conjunction with smtp and/or ftp (look in your firewall
> log). So, if you want to use a smtp server, you must have an ident
> server or you have to reject 113-packets correctly and not to drop.

IDENT is also used by IRC-servers quite often, IIRC.

Juergen Nieveler
--
"I know the human being and fish can coexist peacefully"
George W. Bush --Saginaw, Mich., Sept. 29, 2000

Reply to Anonymous
Barry   07-13-2004 at 03:25:46 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

"Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message
news:Xns9524C7AD36561juergennieveler@nieveler.org...
> Wolfgang Ewert <w.ewert2002@gmx.de> wrote:
>
> > One explanation but not the only one: Port 113 is the ident service,
> > often used in conjunction with smtp and/or ftp (look in your firewall
> > log). So, if you want to use a smtp server, you must have an ident
> > server or you have to reject 113-packets correctly and not to drop.
>
> IDENT is also used by IRC-servers quite often, IIRC.
>
> Juergen Nieveler
> --
> "I know the human being and fish can coexist peacefully"
> George W. Bush --Saginaw, Mich., Sept. 29, 2000

yup, it is

Reply to Barry
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > Firewall > Port 113
Go to:

There are 636 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.426 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them
How do I win badges?