Re: ports 111, 113, and 119

["Mikkel L. Ellertson" <mikkel Infinity-ltd com>]

On Wed, 30 May 2001, Michael Turner wrote:

> Can anyone tell me what is on these ports a netstat dump tells me this:
> tcp        0      0 0.0.0.0:113             0.0.0.0:*               LISTEN
>     578/identd
> tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
>     432/portmap
> nothing seems to be running on 119. I have monitored a lot of activity from
> various ip's on my firewall log hitting these ports. Are Identd and portmap
> security holes? Just inquisitive. Thanks.
>
> Mike
>
>
Identd is handy to have running if you use chat, ftp, or any other
service over the Internet that asks who is connecting to it.  If you
deside to block the port, you will want to reject connections, instead
of the more common deny.  This is so the other end will not wait for the
connection to time out.

Portmap is the access to a lot of services., including NFS.  You normaly
would want to block access from the Internet to this port.  The services
run by Portmap are not ones you normaly want to let people access from
the Internet, and there have a fair number of exploits found for the
different services.  It is definitly a security risk.  If you are
running a seperate firewall system, then you probably do not need
portmap running at all.

Port 119 if for nntp.  If you are not running a news server, then you do
not need this port open.

Mikkel
 --

    Do not meddle in the affairs of dragons,
 for you are crunchy and taste good with ketchup.