Port 113 - IDENT

Q: Do all the scanning sites say them same or do they still report differant results, I want to make sure its not a false positive.

A: I have used Sygate, GRC, DSLReports.com, HackerWatch.org and BlackCode.com. Sygate reports port 80 and 113 open and GRC reports port 113 open.

Q: What IP's does it log for these events?

A: In Sygate's case it logs the IP which Sygate says will show and for GRC it reports 204.1.226.228.

Q: Do you get the alert on the workstation to? You should not and anything you do on the workstation should not affect the router.

A: I am not sure what you mean by this question, please explain.

Q: Using kerios status screen is port 113 in the listening state on your system? Again if it is it should not be showing up through the NAT router.

A: No

Thank you Enyo and everyone else for your help and suggestions, keep em coming if you have more
 
Hey contender,

Could you scan yourself?

Use SuperScan and scan your external IP address as assigned by your ISP.

http://www.webattack.com/get/superscan.shtml

Scan only port 113 for now (you could always scan all ports but it may take a while)

See what it offers up. Its pretty easy to use and more acurate than these web based scanners. Also it may offer a little more detail to whats keeping it open (banner).

I would disregard Sygates scan for now.

Have you tried using the hard reset on your router? (button on the front). Unplug the router for a couple of mins then bring it back on and hit the hard reset button. Then re-flash it to the latest version.

Seems drastic i know but the router should not be showing this port open at all, as i said above its a bug that was fixed so maybe the new firmware flash did not apply correctly.

After the hard reset ensure Block WAN Request is on and Remote Upgrade and Remote Management are off then do your scan, see what it offers up. Use Dslreports scanner, i trust it more than the others :) (Also hackerwhacker.com is great)
 
Well I downloaded that Scanner and did a scan, I am not sure whether I had it set right or not, but it showed 3 ports which were never detected before from any online scan. Why am I gettin so many different results and which do I believe?

Was there certain settings I should have had checked off?

I havent tried the resetting of the router yet!
 
Well SuperScan tends to be more acurate than the online scan sites. I would not call any of them 100% however you just take the most common results as true! :)

Run Superscan as seen in the attached image.

Ensure the scanner scans the correct IP address and post open ports it finds (this should be none if Block WAN request is on and no forwarders exisit)

Seeming as the linksys routers are easy to configure a hard reset is a easy option :) It may help.

p.s dslreports tends to be my best for accuracy! I just wanted to try a more reliable port scanner to see what it said about port 113 at your address. The results may not be spot on as your scanning yourself from yourself but still may proove useful.

EDIT: Contender, im picking up some strange results over here now. Ill report back when i have got more details.
 
Argh! Sygate says the same about me! 80 and 113 open.

Also SuperScan and ScanLine is saying i have 25 and 110 open (making me a mail server! yay!)

Seems just to be false positivesm strange both of us use the BEFSR41 and see this.
 
when i do a hard reset, should my firmware number change and go back to original or not?

I unplugged the router for 2 mins then hit the reset button but the firmware stayed the same if this is ok plz let me know otherwise maybe it wasnt pushed in far enough or for long enough?
 
Enyo, since you have the same Linksys router as me, did you try the DMZ host and see if that works for you and gives your full stealth cuz it doesnt for me, but when i do port forwarding it do...
 
Hi

ScanLine / SuperScan say i have 110 and 25 open when i disable the DMZ then i have many more ports open (inc 80 and it grabs the routers banner)

GRC says i have 113 CLOSED

Sygate says i have 80 and 113 OPEN

Dslreports says all are STEALTH

Blackcode says all are STEALTH

ComputerCops says all are STEALTH

I think its false positives to be honest, i know im not a mail server :)

Your firmware will stay the same but the settings should go back to default.
 
Yea if i forward (Any port at all) 113 and 80 report closed.

This must just be a glitch in the way things are getting handled.

ITs Nuts, very Nuts indeed.

Edit:

Note that the sygate scanner only reports these ports on the stealth test not TCP or UDP scans, its getting it wrong.

GO TO: http://www.dslreports.com/forum/equip,16 Post your information.

My bet is that its just false positives, also search that forum somestuff may help you out. See what they say, ill be by in that forum to.

EDIT: Port 113 is open by design now! It should respond closed unless forwarded! However it should not show up with a DMZ present either. Catching more info on this matter all at the forum above. Do a search on that board.

However what about port 80 now, false positive?

Place a forward for 113 and count the others as FP's
 
You must log in or register to reply here.

Members online

No members online now.
Total: 106 (members: 0, guests: 106)

Affiliates

lunarsoft.net techzonez.com

- Contact us to trade links -

OSNN OSNN NTFS XP-erience

Latest profile posts

Steevo
Steevo
Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
•••
Steevo
Steevo
Any of the SP crew still out there?
•••
Xie
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
•••
N
Nismo83
hello peeps... is been some time since i last came here.
•••
Electronic Punk
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
•••

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back