Stealthing of Port 113

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View



Firstly, let me say that I *have* previously stealthed port 113,
{Shown in GRC.COM's port scanning program now showing as "Closed"}, in
a Linksys, a "Mercury" (Cheap Chinese Router) and also in an "Agilan"
Wi-Fi Router without too much difficulty.

However, I acquired a secondhand "Buffalo Air Station g54" yesterday,
& whilst I have managed to reset it to my own system - and I have some
info on how to stealth from a long-previous message on some newsgroup
- I have poked & probed in the "Advanced" options in the setup
accessed by http://192.168.11.1 (as I recall). Well, it might have
been 192,168.1.11 - but whatever it was, it led to the set-up screen,
 
Yet, despite repeated trials & attempts to find the correct location
to shunt port 113 into a dead-end port 254 {as my info suggests we
should do}, I haven't "hit the spot"    i.e got the Buffalo to accept
my demands.

I suspect it is just "finger trouble" on my part, but could some
"Buffalo Air Station g54" user point me to the correct page & location
in the set-up procedure.

Signed : Old China Hand in Commie Running Dog infested Hong Kong.



Re: Stealthing of Port 113


On Sun, 03 Jul 2005 00:43:31 GMT, ex-Moderator_HKNET_BBS-Buy_Sell_echo@faked.com
wrote:

Quoted text here. Click to load it

Look for something similar to advanced settings and "Virtual Server".
Set any requests to port 113 to be sent to a non-existant virtual server.  IE:
192.168.0.199


Re: Stealthing of Port 113


On Sun, 03 Jul 2005 00:43:31 GMT, ex-Moderator_HKNET_BBS-Buy_Sell_echo@faked.com
wrote:

Quoted text here. Click to load it

Found this for you:
http://www.buffalotech.com/wireless/_SUPPORT/downloads.php?type=manuals



Stealthing of Port 113 & impossible to send Eudora e'mails AND NOW Newsgroup postings !!


I attempted to post the message below - only to have it not arrive at
the local ISP server ....... UNTIL I had shut down Zone Alarm !!

I can understand, to some extent, why text - both Eudora and Newsgroup
are similarly affected, but VoIP "phone" calls go thro' this Buffalo
router okay.

Now read on......................[please].


.... And I thank you for the pointer; I had already printed out the
WBR-G54 Manual to be found on the supplied CDROM, I've also printed
the info from this site too. Actually I did go looking on Buffalotech
for such info, I don't know how I missed it.        <Mea Culpa>

Since the original posting, I have discovered another anomaly with
this Buffalo router.  It is exactly the same problem I had with an
earlier - highly expensive - wired Linksys -- Namely, with Zone Alarm
active, it just will not allow not enormously large text files with or
without attachments to get to my ISP's mail server to the world wide
web.  I have managed - occasionally - to get a 26.1 KB text file away.
I sent it to myself as a "test". On other occasions, even small files
of a few KB's - like 3~6KB just hang as Eudora version 3 *OR* 6
attempts to dispatch them.
 
If I switch Zone Alarm [3.0.26] off, then there is a slight pause
before the message leaves, but it DOES get sent to the mail server.

In my copy of Eudora 3, an "activity" bar shows the file being
uploaded. With ZAlarm activated, the blue sliding indicator in this
bar "sticks" at some point .... this sticking  point depends on the
file size. If the file is large, the indicator swiftly comes to a halt
close to its starting point on the left. If the file is small, then it
may make it almost to the end of its travel.  If the file is just a
few words - then the blue slider will quickly whizz across to the
right, and the message is sent out okay.

Now, this occurred with my original Linksys, and the maker disclaimed
any knowledge of why I was seeing what I again am seeing; and for the
life of me, I can't recall for sure what, if anything I did to cure
this problem !  

I'm just wondering if I "adjusted" the packet size somewhere in the
Linksys setup, and whether I should try it again with the Buffalo ?

I've got 3 routers here, one wired one out of China which works well &
e'mails just whizz thro' it with Zone Alarm protecting me. An "Agilan"
'b' type wireless router which similarly is set to make port 113
invisible & which handles Eudora e'mails with no problems at all, and
finally, my "upgrade" 'b' & 'g' Buffalo router into who's "Buffalo
Chips" I have stumbled. <wry smile>.
 
I know that I *ought* to be able to effect a "fix" - but so far,
whenever I need to send e'mails, I ABSOLUTELY HAVE TO shut down Zone
Alarm just to get the e'mails away --- & then remember to re-enable ZA
afterwards.

So, I will read the Buffalo "User Manual" and see if it has any
"pointers" there. Certainly the Buffalotech website offers no
solutions in their techsupport sections.... that's why I'm struggling
now. <wry smile>.

Anyone got further ideas?  I could sure use some !


Re: Stealthing of Port 113 & impossible to send Eudora e'mails AND NOW Newsgroup postings !!



Quoted text here. Click to load it

If disableing ZA fixes your issue, then ZA isn't configured correctly.

Quoted text here. Click to load it

In this case, ZA is correctly configured to pass the VoIP traffic.

Quoted text here. Click to load it

Your answer is in your statement:

With ZA active, things fail.
With out ZA active, things work.
Therefore, ZA is doing what it's been configured to do: block traffic.
The router doesn't enter into the issue, as you say you can send just
fine by *disabling ZA* .

If you had left ZA alone (enabled) and made some change to whichever
router, and *then* things worked, it's the router.

Quoted text here. Click to load it

See? Disable ZA, things work.

Quoted text here. Click to load it

ZA (and every other firewall) has a small buffer to hold the data
during inspection. If ZA stops the traffic, you see this once this
small buffer is full. This is why small amounts of data seem to *just
about* make it, and larger amounts of data seem to never get very far.

FYI, I, to, use Eudora ver 3.0.5, so I know exactly what you are
seeing here  =]

Quoted text here. Click to load it

Um.

Before you said you simply disabled ZA, now you say that you made a
configuration change to the router. Which is it?

Quoted text here. Click to load it

Not if you simply disabled ZA and things worked.

Quoted text here. Click to load it

This points to a ZA issue, not the router.

Now, about this idea you have that port 113 needs to be blocked.
Why do you think this needs to be done? I hope you understand that a
firewall is used to block traffic. Thats all. The only reason to block
traffic would be because you can't otherwise control the application
thats listening to which ever port. If you can control that
application, then you don't need the firewall to block the traffic.
So, my question is: What do you have listening on port 113 and why can
you not instruct that application to not listen? Also, is that
application vunerable to some exploit that uses port 113? If nothing
is listening, then there isn't a need to block. Last point, port 113
isn't needed to send email or post newsgroup articles, so, port 113,
blocked or unblocked, isn't the issue here.



--
*Osc on efnet   aka   Allen C
usenet-avc@news.packetmonkeys.com
remove 'news' & -  to email


Re: Stealthing of Port 113 & impossible to send Eudora e'mails



Quoted text here. Click to load it


.... And I thank you for the pointer; I had already printed out the
WBR-G54 Manual to be found on the supplied CDROM, I've also printed
the info from this site too. Actually I did go looking on Buffalotech
for such info, I don't know how I missed it.        <Mea Culpa>

Since the original posting, I have discovered another anomaly with
this Buffalo router.  It is exactly the same problem I had with an
earlier - highly expensive - wired Linksys -- Namely, with Zone Alarm
active, it just will not allow not enormously large text files with or
without attachments to get to my ISP's mail server to the world wide
web.  I have managed - occasionally - to get a 26.1 KB text file away.
I sent it to myself as a "test". On other occasions, even small files
of a few KB's - like 3~6KB just hang as Eudora version 3 *OR* 6
attempts to dispatch them.
 
If I switch Zone Alarm [3.0.26] off, then there is a slight pause
before the message leaves, but it DOES get sent to the mail server.

In my copy of Eudora 3, an "activity" bar shows the file being
uploaded. With ZAlarm activated, the blue sliding indicator in this
bar "sticks" at some point .... this sticking  point depends on the
file size. If the file is large, the indicator swiftly comes to a halt
close to its starting point on the left. If the file is small, then it
may make it almost to the end of its travel.  If the file is just a
few words - then the blue slider will quickly whizz across to the
right, and the message is sent out okay.

Now, this occurred with my original Linksys, and the maker disclaimed
any knowledge of why I was seeing what I again am seeing; and for the
life of me, I can't recall for sure what, if anything I did to cure
this problem !  

I'm just wondering if I "adjusted" the packet size somewhere in the
Linksys setup, and whether I should try it again with the Buffalo ?

I've got 3 routers here, one wired one out of China which works well &
e'mails just whizz thro' it with Zone Alarm protecting me. An "Agilan"
'b' type wireless router which similarly is set to make port 113
invisible & which handles Eudora e'mails with no problems at all, and
finally, my "upgrade" 'b' & 'g' Buffalo router into who's "Buffalo
Chips" I have stumbled. <wry smile>.
 
I know that I *ought* to be able to effect a "fix" - but so far,
whenever I need to send e'mails, I ABSOLUTELY HAVE TO shut down Zone
Alarm just to get the e'mails away --- & then remember to re-enable ZA
afterwards.

So, I will read the Buffalo "User Manual" and see if it has any
"pointers" there. Certainly the Buffalotech website offers no
solutions in their techsupport sections.... that's why I'm struggling
now. <wry smile>.

Anyone got further ideas?  I could sure use some !


Re: Stealthing of Port 113


ex-Moderator_HKNET_BBS-Buy_Sell_echo@faked.com wrote on 7/2/2005 8:43 PM:
Quoted text here. Click to load it
Why are you stealthing it?

Jim


Site Timeline