Date: Thu, 14 Feb 2002 14:37:02 +0200 From: Peter Pentchev <roam@ringlet.net> To: Alexandr Alov <amil198@eltex.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: about 113 port Message-ID: <20020214143702.A935@straylight.oblivion.bg> In-Reply-To: <200202141216.PAA05281@incredible.hq.eltex.ru>; from amil198@eltex.ru on Thu, Feb 14, 2002 at 03:16:58PM %2B0300 References: <200202141018.NAA05098@incredible.hq.eltex.ru> <20020214135052.A339@straylight.oblivion.bg> <200202141216.PAA05281@incredible.hq.eltex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--+HP7ph2BbKc20aGI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 14, 2002 at 03:16:58PM +0300, Alexandr Alov wrote: > Hello ! >=20 > PPAA> Somebody is trying to connect to you, and your machine is sending > PPAA> back TCP RST (connection refused) packets. > message from log: >=20 > Connection attempt to TCP 10.0.0.2:113 from 10.0.0.1:2932 >=20 > but on 10.0.0.2 in inetd.conf string with autn not present. >=20 > what you mean about ? This is a connection *attempt*, not an actual connection. It is only an attempt, because there is nothing that listens on port 113 on 10.0.0.2; therefore, the OS returns a TCP RST (reset) packet, and a TCP client on 10.0.0.1 would get a 'connection refused' error. Many programs attempt connections to port 113 - mail servers, IRC servers, some FTP servers.. If there is nothing that answers such connection requests, the programs just go on, having received no data. This is the way it should generally be :) (unless you happen to use one of those picky-picky IRC servers that require an auth response; but that's another topic for another day) In general, you should leave things configured exactly the way they are now - nothing listening on port 113. The network traffic that you are seeing is just somebody *trying* to connect and failing - it is completely normal. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 Nostalgia ain't what it used to be. --+HP7ph2BbKc20aGI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjxrr24ACgkQ7Ri2jRYZRVPTZQCgxkMEZhiD9KVAUSCEBPrEmXhB JmAAniQYdjmrnobmWbjDD+79OFxfbvmo =6E5h -----END PGP SIGNATURE----- --+HP7ph2BbKc20aGI-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020214143702.A935>