Port 113 - IDENT

C

contender

Guest
why is it that when i do an online firewall security test, some sites tell me its closed and others will tell me its open? the only way i have been able to get a closed result for port 113 is to have my router forward it and i dont think this is a good thing or maybe its ok? can you help me?
 
It may be your router itself that holding 113 open.

Is it a Linksys router? Its a knowen issue with old linksys firmware.

Which test sites have you used?

Check out www.computercops.biz CCSP module on the top left

Computer cops does a NMAP scan and is very accurate.

If your router allows it i highly recommend setting a dummy DMZ, this will counter UDP echo scans amoung others that NAT based routers (presuming its a NAT based router).

A dummy DMZ will stop the problem to in the same way your fake forwarding address has.

Its okay to do this providing you ensure a system never gets assigned the dummy IP of the DMZ or forwarding targer :)
 
identd is not as bad as it seems, most IRC servers need it, and i have it installed on my BSD box.
 
There isnt much wrong with having Ident forwarded or Closed. The only thing would be if everything else was Stealthed, then it would be that port that gave your existence away.
But as X-Istence said, if you use IRC a lot then you probably want to have Ident working.
 
Well I dont really use mIRC so i would like to close this port if possible.

The firmware for my BEFSR41 Linksys 4-Port Router currently is - Firmware Version: 1.44Z, Nov 21 2002

Now on the linksys site there is Firmware Version: 1.44.2

There are 2 links - Click here to start downloading the new Firmware Upgrade Utility with Zone Alarm support for windows users.

Click here to start downloading the new firmware for windows users.

Which of those 2 should i click? Are they both the same but one has the extra update for zone alarm utility if i am using ZA? Am I correct?
 
You are running a faulty version of the firmware

Its nothing to do with you actually running a IDENT server as the guys above were talking about, its a bug and should be treated as such!

Yes your right, the one has extra features for ZA the other does not.

Go with this one:

ftp://ftp.linksys.com/pub/befsr41/befsr-fw-1442.zip

Once flashed you can turn forwarding off on port 113 and it should report as "stealthed"
 
why would you not recommend the ZA update?

the reason i ask is because i use zapro as my firewall and it can work in conjuntion with my router, would this be of benefit to me or not really to go with the za update instead of just the regular update?
 
Either one will do really but i guess it you use ZAP it would be nice to have the ZA supported :) Im not sure of the level of support and interoperability the ZA supported firmware gives but it cant hurt, either one will fix your issue :)
 
ok i did the firmware upgrade and it completed fine from what i see

what is the next step?

i shouldnt have to really change anything in the router settings for it to stealth port 113, correct? even tho i did before to get the result.

its showing port 80 and 113 open and this result is with the online sygate scan

shouldnt the router automatically stealth those ports without any configuration or do i have to forward it again which worked before, but i didnt think i really needed to do that?
 
Go to:

http://192.168.1.1/Filters.htm

Ensure Block WAN Request is set to Enabled.

Ensure Remote Management is set to disabled.

Ensure Remote Upgrade is set to disabled (this only need be enabled before a firmware update)

http://192.168.1.1/Forward.htm

Ensure no forwarders are enabled.

http://192.168.1.1/DMZ.htm

Configure a Dummy DMZ, input a IP address that is unused and that will not be assigned by the routers DHCP.

Also ensure that the online scanner your using is scanning your host and not a proxy.
 
i have checked all that you told me to and all is correct.

do you recommend an IP number i set in the DMZ zone?

i have a rule in my firewall to block port 113 also, would that conflict or is that fine?
 
Anything you set on your computers firewall wont affect the router.

For the DMZ I would use a IP that stands out but it can be anything.

Go onto the DHCP tab and see what IP's the router uses to lease to clients:

http://192.168.1.1/DHCP.htm

eg. If the starting address is 2 and Number of DHCP Users is 5 then 192.168.1.2 to 192.168.1.6 are reserved for your clients so dont use anything in that range for a Dummy DMZ.

I would use something high like 222, but as i say i can be anything as long as no host actually exisits at that address :)

Port 113 was not been held open by your computer but the router, you dont need to worry about a rule at the workstation but its OK to have one non the less.
 
i have again followed your suggestions but i am getting the same result.

sygate and grc both show port 113 open whereas sygate also shows port 80. dslreports.com however gives me full stealth result.

i am not sure how this has changed but i once had a stealthed result on all online scans.

any other suggestions/ideas?
 
I would trust DSLR's scan over them to be honest, are they all scanning the correct host? Check the IP that is being scanned as i say it may be reading a proxy.

Its probably just a false positive, not unuseual.

Try:

http://www.hackerwhacker.com/, http://www.pcflank.com and as above http://www.computercops.biz

Also:

https://www.grc.com/

http://www.blackcode.com/scan/

http://www.auditmypc.com/

If you have a DMZ set and no port forwarders then the results should be stealth all over, the very nature of a Dummy DMZ will ensure of that.

Do you have logging enabled on the router? If not download linklogger and enable logging on the router, you should be able to see then that the ports are being blocked.

http://www.linklogger.com/
 
like i have mentioned above, i have tried everything being suggested.

i have setup a DMZ host and i still continue to get the same result.

the only way i can get stealth on those ports - 80 and 113 are to forward them.

i have installed linklogger and have it set so that when an attempt is made on 113 i am notified
 
Originally posted by contender
i have setup a DMZ host and i still continue to get the same result.

With a dummy DMZ in place thats a very strange result indeed.

As long as the fake forwarders work all is ok i guess.

If you have a news reader head to news.grc.com and ask in security.hardware the linksys routers are well loved by the community and they have a great deal of expertise with them.

Read only:

https://grc.com/x/news.exe?cmd=xover&group=grc.security.hardware
 
Well I am still having the same problem. If I allow port 443 (http-secure) then as the scan proceeds it shows port 80 and 113 open, but if i deny port 443 the scan does not continue.

If I have port forwarding enabled on my router then it doesnt matter if i allow port 443 it will show a stealth result for ports 80 and 113.
 
This result is coming from Sygate's Stealth Scan.

I have the LinkLogger program installed to accompany my Linksys Router. (Latest Firmware Installed)

I have Linklogger setup to alert me when that port is scanned and during the scan the first alert shows Src Port 53 and Dest Port 113 and 2nd alert shows Src Port 80 and Dest Port 113.

Today I installed KPF v2.1.4. I was messing around with the rules and actually had it setup where I did get a full Stealth result, but stupid me didn't write the rules down I had set as I continued to mess with the rules.

Currently I am messing with the rules where I block port 113 by itself, block local port 113 and remote port 53 and block local port 113 and remote port 80.

For the life of me, I cannot think of the combination of rules I had set now to give me that full Stealth scan that I actually achieved earlier.

All suggestions are welcome to help me solve this annoying little issue I have.
 
Hi, me again.

C: This result is coming from Sygate's Stealth Scan.

E: Do all the scanning sites say them same or do they still report differant results, I want to make sure its not a false positive.

C: I have Linklogger setup to alert me when that port is scanned and during the scan the first alert shows Src Port 53 and Dest Port 113 and 2nd alert shows Src Port 80 and Dest Port 113.

E: What IP's does it log for these events?

C: Today I installed KPF v2.1.4.

E: Nice Choice

C: I was messing around with the rules and actually had it setup where I did get a full Stealth result, but stupid me didn't write the rules down I had set as I continued to mess with the rules.

E: Do you get the alert on the workstation to? You should not and anything you do on the workstation should not affect the router.

C: Currently I am messing with the rules where I block port 113 by itself, block local port 113 and remote port 53 and block local port 113 and remote port 80.

E: Using kerios status screen is port 113 in the listening state on your system? Again if it is it should not be showing up through the NAT router.

C: All suggestions are welcome to help me solve this annoying little issue I have.

E: Sorry its me again but what the hell. Did you ask the guys in the GRC group from above?
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back