From owner-freebsd-security Mon Feb 4 10:18:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219]) by hub.freebsd.org (Postfix) with ESMTP id DDAD937B42A for ; Mon, 4 Feb 2002 10:18:42 -0800 (PST) Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1]) by dc.cis.okstate.edu (8.11.6/8.11.3) with ESMTP id g14IIgM69616 for ; Mon, 4 Feb 2002 12:18:42 -0600 (CST) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <200202041818.g14IIgM69616@dc.cis.okstate.edu> To: freebsd-security@FreeBSD.ORG Subject: Port 113 Traffic Date: Mon, 04 Feb 2002 12:18:42 -0600 From: Martin McCormick Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Why might a FreeBSD system be generating traffic on port 113? We have noticed occasional traffic from a FreeBSD system of ours to various addresses outside our network on Port 113. If I blocked it altogether with IPFW, would it effect ssh in any way? I am theorizing right now that hosts in the big wide world are occasionally probing this port and the traffic might be a response of some kind, maybe nothing more than "I don't know you. Goodbye!" Hopefully, our sniffer will eventually see one of the exchanges and we will have a better idea of what is going on. Martin McCormick WB5AGZ Stillwater, OK OSU Center for Computing and Information Services Network Operations Group To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message