From owner-freebsd-security Mon Feb 4 10:25:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from ns.ulstu.ru (ns.ulstu.ru [62.76.34.36]) by hub.freebsd.org (Postfix) with ESMTP id DE0F737B434 for ; Mon, 4 Feb 2002 10:24:48 -0800 (PST) Received: by ns.ulstu.ru (Postfix-ULSTU, from userid 3909) id D9443107861; Mon, 4 Feb 2002 21:24:46 +0300 (MSK) Date: Mon, 4 Feb 2002 21:24:46 +0300 From: zhuravlev alexander To: freebsd-security@FreeBSD.ORG Subject: Re: Port 113 Traffic Message-ID: <20020204212446.A94743@ulstu.ru> Reply-To: zhuravlev alexander Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <200202041818.g14IIgM69616@dc.cis.okstate.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <200202041818.g14IIgM69616@dc.cis.okstate.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Feb 04, 2002 at 12:18:42PM -0600, Martin McCormick wrote: > Why might a FreeBSD system be generating traffic on port > 113? We have noticed occasional traffic from a FreeBSD system of > ours to various addresses outside our network on Port 113. > > If I blocked it altogether with IPFW, would it effect ssh > in any way? > your system try to send ident requests to other systems you can safely block this requests. > I am theorizing right now that hosts in the big wide > world are occasionally probing this port and the traffic might be > a response of some kind, maybe nothing more than "I don't know > you. Goodbye!" > > Hopefully, our sniffer will eventually see one of the > exchanges and we will have a better idea of what is going on. > > Martin McCormick WB5AGZ Stillwater, OK > OSU Center for Computing and Information Services Network Operations Group > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- zhuravlev alexander u l s t u c t c e-mail:zaa@ulstu.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message