1. Home
  2. Networking Firewalls
  3. Output packets on port 113

Output packets on port 113

Hello all,

I manage a debian etch, with only official packets. External accessible services are :

- a web server Apache, on port 80.

- a mail box on port smtp (exim).

- a ssh server, but accessible only from one fixed IP address.

My firewall log seems to drop output packets on port 113 : Jul 6 01:04:35 sinfo kernel: Firewall:Drop output:IN= OUT=eth0 SRC=XX.XXX.XX.XXX DST=122.116.17.133 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59847 DF PROTO=TCP SPT=35914 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0

The beginning of a whois result is : inetnum: 122.116.0.0 - 122.117.255.255 netname: HINET-NET country: TW descr: CHTD, Chunghwa Telecom Co.,Ltd. descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd. descr: Taipei Taiwan 100 ... And I'm sure to have no relation with Taiwan...

Somebody here knowns which service send those packets, and why ?

Thanks. Andre.

Reply to
andre
Loading thread data ...

SRC=XX.XXX.XX.XXX DST=122.116.17.133 LEN=60 TOS=0x00

exim, because authd is part of the smtp procedure.

Reply to
Sebastian G.

SRC=XX.XXX.XX.XXX DST=122.116.17.133 LEN=60 TOS=0x00

cobalt@chrome:~ $ grep 113/ /etc/services auth 113/tcp authentication tap ident cobalt@chrome:~ $ _

google://ident

You can safely ignore these packets, even more if you don't haven an identd running.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

SRC=XX.XXX.XX.XXX DST=122.116.17.133 LEN=60 TOS=0x00

SYN URGP=0

Reply to
andre

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.