Re: port 113?

[Sven Simon <sven@example.com>]

On Thu, 24 May 2001, Jonathan Q wrote:

> Part II - if everything is working, that's prima facie evidence
> that you don't need <insert service here>.  Authentication for
> ftp, pop, authsmtp, is done by those services, respectively.
> For his dialup authentication, he's probably using radius.
>
> Jonathan

On a mailing list I found:
- Install identd.  /usr/ports/security/pidentd
- It will make some things work a bit faster.IIRC, even sendmail and other
- MTAs will try an ident request these days.

And also:
- Actually, you just need to reset the connection for sendmail.  In ipfw:
- $fwcmd add reset log tcp from any to any 113
- For something like IRC, you would need the daemon installed and
- responding to port 113 requests.

But you're right, since services are running fine, why open up ports we
don't even have anything running on?

and here's what I put on the cisco for this specific machine I was getting
the requests:
access-list 102 permit tcp any host A.B.C.D eq ftp
access-list 102 permit tcp any host A.B.C.D eq domain
access-list 102 permit udp any host A.B.C.D eq domain
access-list 102 permit udp any eq domain host A.B.C.D gt 1023
access-list 102 permit tcp any host A.B.C.D eq www
access-list 102 permit tcp any host A.B.C.D eq 443
access-list 102 permit tcp any host A.B.C.D established

SVEN