Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port 113 impossible to block, need help.

Status
Not open for further replies.
usalabs3

usalabs3

Technical User
Sep 7, 2004
152
US
The setup I using now, is a cable highspeed modem connected to a linksys router via ethernet (100mb/s), I contacted linksys to find out is the router blocks all incoming on all ports (with exeption to 80), tech support said "yes", but, a port scan shows that port 113 is open, so I installed a software firewall, and closed all ports from 1 to 79 and 81 through 1056, leacing port 80 for incoming/outgoing, then I ran the port scan again, and it still shows port 113 as open.

Many moons ago, I used to be on dsl, and the dsl router blocked all (including 113) incoming on all ports (execpt 80), I remember the port scan then showed all ports from 1 through 1056 as stealth, (meaning completely invisible on the net), the only time a port would open, is to allow outgoing traffic, with exeption to port 80.

How can I forcibly stealth port 113?, I have tried nearly every firewall out there, and not one of them can block port 113.
 
Sort by date Sort by votes
I found a way to stealth port 113, by using the routers firewall, by directing incoming/outgoing on port 113 to a none existent local ip address.
 
Upvote 0 Downvote
Well.. since I don't think you read that link...

Q: Why isn't my Port 113 Stealthed? I'm using a firewall to stealth my entire machine, but the ShieldsUP! port probe shows port 113 to only be closed instead of stealthed! What gives?

A: Port 113 is associated with the Internet's Ident/Auth (Identification / Authentication) service. When a client program in your computer contacts a remote server for services such as POP, IMAP, SMTP, or IRC, that remote server sends back a query to the "Ident" server running in many systems listening for these queries on port 113. Essentially, the remote server is asking your system to identify itself . . . and you. This means that port 113 is often probed by attackers as a rich source of your personal information.

You may recall, from my explanation of Stealthed ports, that attempting to connect to a stealthed port is both costly and painful for the contact initiator — which is why it's so cool to stealth our machines. But the problem with simple stealthing of port 113 is that we don't want to hurt the servers we are trying to contact when they turn around and send us their IDENT query. If they get no response at all from their port 113 query, our connection to them (which initiated their query in the first place) will be delayed or perhaps completely abandoned.

Note that not all servers generate IDENT queries. So, depending upon your ISP, stealthing port 113 may not be any problem for you. However, you'll note that requirements for port 113 are common enough that most mature firewalls (BlackICE Defender, AtGuard, NIS2K, etc.) include built-in default rules allowing IDENT queries to pass through. These rules result in the IDENT's status being "closed" rather than "stealth."

So what can you do?

You may be able to remove or disable your firewall's default rule for IDENT (port 113) and run it in full stealth mode without trouble. If you do this, keep on the lookout for trouble connecting to less common servers, like IRC, which might have problems that you haven't encountered before.

Or, you can leave the default rule in place and live with your system's IDENT service port being visible to the outside world. Be aware that this provides a means for intruders to detect an otherwise stealthed computer. And they'll know you're running a firewall since other things are stealthed, but not port 113.

Or, you can switch to the very latest, highest technology, and best adaptive firewall which is smart enough to stealth this port against random probes, while still showing it as "closed" to queries from valid servers . . .

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Take Linney's and Usalabs3's advice you can't block port 113 in your PC because it's your linksys router that is ansering the call on port 113 before it gets to your PC. You need to block it in the router. So router have options to stealth or block port 113, if not then use Usalabs3 and grc's info to stealth port 113. Port 113 is not used much any more but as Lloydsev ponts out if you stealth in and things quite working then you will have to un block it.
 
Upvote 0 Downvote
sounds like your cable modem is answering port 113.
That could have been configured by your ISP to help identify users/device etc.

How to close it? Well, you would probbly need the access method to your cable modem. But you will also be violating your ISP agreement most likely.

I wouldnt worry too much about it. If you have a hardware firewall, you should be decently protected at your computer.
 
Upvote 0 Downvote
Change you Admin logi and Password to your Linksys Router and done worry about it.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question
How to configure Bookmarks in Chrome 2
Replies
4
Views
711
pjw001
pjw001
Andrzejek
  • Locked
  • Question
How to Disable Google Chrome Password Manager 2
Replies
3
Views
1K
combo
combo
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
862
pjw001
pjw001
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
2K
Flinx
Flinx
Sebastian42
  • Locked
  • Question
Blocking unwanted alerts 1
Replies
4
Views
359
Rick998
Rick998

Part and Inventory Search

Sponsor

Back
Top