Port 113 and Bind

Port 113 and Bind

Post by EL Ci » Thu, 24 May 2001 01:49:52



Hi guys.. Do i need oirt 113  Ident open if I am running  a mail/web
server? This is what GRC says about it

"Identification/Authorization Service Internet servers such as POP,
IMAP, SMTP, and IRC query this port in response to client
connections."

So, according to the above, it gotto stay open right? Some people say
it can be closed without affecting your DNS, Mail, Web servers, while
others says it got to be open.

thanks

 
 
 

Port 113 and Bind

Post by Ralf Hildebrand » Thu, 24 May 2001 01:52:58



> Hi guys.. Do i need oirt 113  Ident open if I am running  a mail/web
> server?

No.

Quote:> So, according to the above, it gotto stay open right?

No.

Quote:> Some people say
> it can be closed without affecting your DNS, Mail, Web servers, while
> others says it got to be open.

It's been working for years here without identd.

 
 
 

Port 113 and Bind

Post by Brad Knowle » Thu, 24 May 2001 02:30:06



Quote:>  So, according to the above, it gotto stay open right? Some people say
>  it can be closed without affecting your DNS, Mail, Web servers, while
>  others says it got to be open.

        Certain types of connections may be slower (because the server at
the other end is waiting to get an IDENT reply or for the IDENT query
to timeout, before allowing the connection to go through), but it is
not strictly required.

        Indeed, since servers can be trivially easily programmed to lie
in their IDENT responses (and there may be buffer overflow risks in
the bogus IDENT responses), it has always been my suggestion to
simply turn off all IDENT services, and to make sure that everything
on all machines are configured to make no attempt to use IDENT.

        BTW, please don't use "NOSPAM" type addresses.  This mailing list
is gatewayed to a newsgroup, and all address snarfing programs I know
of are intelligent enough to strip that stuff anyway.

--


/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'

 
 
 

Port 113 and Bind

Post by Mark.Andr.. » Thu, 24 May 2001 12:35:27


Quote:

> Hi guys.. Do i need oirt 113  Ident open if I am running  a mail/web
> server? This is what GRC says about it

> "Identification/Authorization Service Internet servers such as POP,
> IMAP, SMTP, and IRC query this port in response to client
> connections."

> So, according to the above, it gotto stay open right? Some people say
> it can be closed without affecting your DNS, Mail, Web servers, while
> others says it got to be open.

> thanks

        The IDENT port is not required.  However it is useful to
        ensure that RST gets returned and you don't just drop
        the connection establishment requests.  If you don't do
        this you have to wait for the tcp connect to timeout.

        Mark
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia