Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Jori on December 22, 2001, 01:51:00 PM
-
Dec 16 10:00:46 router xinetd[725]: START: auth pid=5315 from=213.131.131.155
Dec 16 10:41:50 router xinetd[725]: START: auth pid=5326 from=64.77.41.227
Dec 16 10:42:48 router xinetd[725]: START: auth pid=5327 from=64.77.41.227
Dec 16 10:48:13 router xinetd[725]: START: auth pid=5328 from=213.131.131.155
Dec 16 16:26:11 router xinetd[725]: START: auth pid=5409 from=62.250.14.14
Dec 16 16:26:36 router xinetd[725]: START: auth pid=5410 from=213.131.131.155
Dec 16 16:26:46 router xinetd[725]: START: auth pid=5411 from=213.131.131.155
Dec 16 16:26:48 router xinetd[725]: START: auth pid=5412 from=213.131.131.155
Dec 16 16:27:02 router xinetd[725]: START: auth pid=5413 from=195.162.203.183
and this goes on for a while....
Does anyone know what this is? when i do a portscan on myself, port 113 is open. I read somewhere that 113 is auth?
I have no idea what auth is, but I do want this to go away if possible :]
-
See the following:
http://www.dshield.org/ports/port113.html
-
hmmmm, so I can just shut down the auth service? And everything will continue to function normally?
(dont use sendmail)
How do I do that? :)
/etc/xinetd.conf
service auth
{
socket_type = stream
wait = no
user = nobody
server = /usr/sbin/in.identd
server_args = -l -e -o -q
}
should I change something in there (in templates)? Or can I just not allow any connections to 113 through the firewall? (if so, how?)
-
Jori wrote:
>
> Does anyone know what this is? when i do a portscan on
> myself, port 113 is open. I read somewhere that 113 is auth?
>
> I have no idea what auth is, but I do want this to go away if
> possible :]
you should look at this message from 10 months ago that explains the open ports and why they are needed:
http://e-smith.org/bboard/read.php?f=3&i=2649&t=2647
-
Jori,
You can edit the ipchain rules to deny any port 113 connections on your external interface. I do this with all the servers I set up (along with a few other unneeded ports as well :) ). Just search this forum for the word masq and you should be able to find what you need.
Kelvin
-
Kelvin wrote:
> You can edit the ipchain rules to deny any port 113
> connections on your external interface. I do this with all
> the servers I set up (along with a few other unneeded ports
> as well :) ). Just search this forum for the word masq and
> you should be able to find what you need.
No need to edit anything. Just do:
/sbin/e-smith/db configuration setprop auth status disabled
/sbin/e-smith/signal-event remoteaccess-update
Regards
Charlie