Output packets on port 113

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hello all,

I manage a debian etch, with only official packets. External accessible services
are :
- a web server Apache, on port 80.
- a mail box on port smtp (exim).
- a ssh server, but accessible only from one fixed IP address.

My firewall log seems to drop output packets on port 113 :
Jul  6 01:04:35 sinfo kernel: Firewall:Drop output:IN= OUT=eth0
SRC=XX.XXX.XX.XXX DST=122.116.17.133 LEN=60 TOS=0x00
PREC=0x00 TTL=64 ID=59847 DF PROTO=TCP SPT=35914 DPT=113 WINDOW=5840 RES=0x00
SYN URGP=0

The beginning of a whois result is :
inetnum:      122.116.0.0 - 122.117.255.255
netname:      HINET-NET
country:      TW
descr:        CHTD, Chunghwa Telecom Co.,Ltd.
descr:        Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd.
descr:        Taipei Taiwan 100
...
And I'm sure to have no relation with Taiwan...

Somebody here knowns which service send those packets, and why ?

Thanks.
Andre.

Re: Output packets on port 113
andre wrote:

Quoted text here. Click to load it


exim, because authd is part of the smtp procedure.

Re: Output packets on port 113
Quoted text here. Click to load it

cobalt@chrome:~ $ grep 113/ /etc/services
auth            113/tcp         authentication tap ident
cobalt@chrome:~ $ _

google://ident

You can safely ignore these packets, even more if you don't haven an
identd running.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Output packets on port 113
Thanks.
André.
Ansgar -59cobalt- Wiechers wrote:
Quoted text here. Click to load it

Site Timeline