Stealth Port 113?

[Larry(LJL269)]

I used D-Link DI-604 Router to network my XP PC with my
TiVo DVR so they share my RoadRunner connection only. I
scanned my ports & found all do not respond to anything
except 113 that responds CLOSED.

https://www.grc.com/port_113.htm describes how to
stealth 113 at the router but I'm wondering what sort
of 'bad' things can happen if I dont?

Your help is MUCH appreciated.
Thanks- bye- Larry

Any advise is my attempt to contribute more than I have received but I can only assure you that it works on my PC. GOOD LUCK.

 

[Mark Dormer]

I have yet to see a problem caused by it, and have been stealthing mine for
about 5 years.

 

[Daniel Crichton]

Larry(LJL269) wrote on Thu, 28 Jul 2005 08:36:37 GMT:

I used D-Link DI-604 Router to network my XP PC with my
TiVo DVR so they share my RoadRunner connection only. I
scanned my ports & found all do not respond to anything
except 113 that responds CLOSED.

https://www.grc.com/port_113.htm describes how to
stealth 113 at the router but I'm wondering what sort
of 'bad' things can happen if I dont?

"Stealthing" ports isn't all it's cracked up to be, and in some cases can
cause problems. Port 113 is one of those that is better to be "closed" as
otherwise you may encounter delays when sending email, reading from usenet,
or connecting to irc - these (and some other services) may attempt to
connect back to port 113 at your IP address to verify your identity (it's a
hangover from older days when most, if not all, machines on networks ran
Unix and they all have an IDENT service to give out the machine name in a
simple authentication process). If the port is closed, that means it sends a
RST packet back when a connection attempt is made and the remote machine
will immediately continue processing (you might find you'll get an error
from some irc networks indicating that you need to have ident enabled),
however if you have this "stealthed" then you will find there is a delay of
normally around 30 seconds to 2 minutes before processing continues (your
PC/router returns nothing in response to the connection packet, so the
remote machine retries until it decides to give up, normally up to 4
attempts with 30 seconds timeout each).

If you nothing running on port 113, then you are no more at risk with it
showing closed than if it was dropping packets instead of responding to them
(which is all stealthing is). This whole stealth thing doesn't actually make
your machine any more secure - it can cause problems as above, and if a
hacker is really looking for your IP then you can tell if it's online by
looking at responses from the upstream router (if your PC/router really
isn't connected to the internet then with most ISPs the upstream router
would return a "Destination host unreachable" response in a ping or
traceroute as opposed to the normal response you see when it's connected).

Dan

 

[David H. Lipman]

From: "Larry(LJL269)" <[email protected]>

| I used D-Link DI-604 Router to network my XP PC with my
| TiVo DVR so they share my RoadRunner connection only. I
| scanned my ports & found all do not respond to anything
| except 113 that responds CLOSED.
|
| https://www.grc.com/port_113.htm describes how to
| stealth 113 at the router but I'm wondering what sort
| of 'bad' things can happen if I dont?
|
| Your help is MUCH appreciated.
| Thanks- bye- Larry
|
| Any advise is my attempt to contribute more than I have received but I can only assure you
| that it works on my PC. GOOD LUCK.

You should be asking this in a Router News Group such as; alt.comp.networking.routers

Port forward TCP and UDP port 113 to an IP address that is NOT in use by a LAN node.

Get a Router that does block TCP/UDP port 113.

 

[Larry(LJL269)]

Greetings & thank you for your response.

What are the advantages of NO response verses a CLOSED
response ?

I know very little about Internet communications but my
conjecture is that the only advantages of NO response
verses a CLOSED would be to discourage an attacker
from:
1-trying to open port 113
2-trying to open one of the Stealthed ports

Either of these may have a slim probability of success
with a software firewall such as Zone Alarm which is
subject to not only its own vulnerabilities but to the
vulnerabilities of the platform its running on.

A hardware firewall with its dedicated software I guess
would be immune from both attacks & so stealthing would
have no advantage.

Comments/suggestions/corrections appreciated.
Thanks- bye- Larry


On Thu, 28 Jul 2005 19:36:13 +1000, "Mark Dormer"

|I have yet to see a problem caused by it, and have been stealthing mine for
|about 5 years.
|
|--
|
|Regards
|Mark Dormer

Any advise is my attempt to contribute more than I have received but I can only assure you that it works on my PC. GOOD LUCK.

 

[Larry(LJL269)]

On Thu, 28 Jul 2005 13:16:34 +0100, "Daniel Crichton"

|If you nothing running on port 113, then you are no more at risk with it
|showing closed than if it was dropping packets instead of responding to them
|(which is all stealthing is).
Greetings & thank you for your response.

If you have somehting running on port 113, then are you
at more risk with it |showing closed than if it was
stealthed?

Also I know very little about Internet communications
but my conjecture is that the only advantages of NO
response verses a CLOSED would be to discourage an
attacker from:
1-trying to open port 113
2-trying to open one of the Stealthed ports

Either of these may have a slim probability of success
with a software firewall such as Zone Alarm which is
subject to not only its own vulnerabilities but to the
vulnerabilities of the platform its running on.

A hardware firewall with its dedicated software I guess
would be immune from both attacks & so stealthing would
have no advantage.


| This whole stealth thing doesn't actually make
|your machine any more secure - it can cause problems as above, and if a
|hacker is really looking for your IP then you can tell if it's online by
|looking at responses from the upstream router (if your PC/router really
|isn't connected to the internet then with most ISPs the upstream router
|would return a "Destination host unreachable" response in a ping or
|traceroute as opposed to the normal response you see when it's connected).

Comments/suggestions/corrections appreciated.
Thanks- bye- Larry
Any advise is my attempt to contribute more than I have received but I can only assure you that it works on my PC. GOOD LUCK.

 

[Daniel Crichton]

Larry(LJL269) wrote on Fri, 29 Jul 2005 18:19:38 GMT:

On Thu, 28 Jul 2005 13:16:34 +0100, "Daniel Crichton"

|If you nothing running on port 113, then you are no more at risk with it
|showing closed than if it was dropping packets instead of responding to
them |(which is all stealthing is).
Greetings & thank you for your response.

If you have somehting running on port 113, then are you
at more risk with it |showing closed than if it was
stealthed?

If it's showing as closed, a connection cannot be made to it. Therefore,
something is blocking it. Safety would be dependent on whatever is doing the
blocking.

Also I know very little about Internet communications
but my conjecture is that the only advantages of NO
response verses a CLOSED would be to discourage an
attacker from:
1-trying to open port 113
2-trying to open one of the Stealthed ports

Closed indicates nothing is running on that port, so attempting to open it
is fruitless unless there really is a vulnerable service running on that
port and the blocking application (eg software firewall) can be bypassed or
broken to get to it. If that's the case, your entire machine is open -
stealthing won't save you.

Either of these may have a slim probability of success
with a software firewall such as Zone Alarm which is
subject to not only its own vulnerabilities but to the
vulnerabilities of the platform its running on.

Indeed. A software firewall should never be relied on - security starts with
ensuring that there are no services running in the first place that could be
accessed.

A hardware firewall with its dedicated software I guess
would be immune from both attacks & so stealthing would
have no advantage.

A hardware firewall could still be compromised. However, a software firewall
on the PC is much more vulnerable - for instance, if the user on that PC ran
a program that killed the firewall process.

| This whole stealth thing doesn't actually make
|your machine any more secure - it can cause problems as above, and if a
|hacker is really looking for your IP then you can tell if it's online by
|looking at responses from the upstream router (if your PC/router really
|isn't connected to the internet then with most ISPs the upstream router
|would return a "Destination host unreachable" response in a ping or
|traceroute as opposed to the normal response you see when it's
connected).

Comments/suggestions/corrections appreciated.
Thanks- bye- Larry
Any advise is my attempt to contribute more than I have received but I can
only assure you that it works on my PC. GOOD LUCK.

Hope my further comments help explain things a little better.

Dan

 

[Larry(LJL269)]

On Mon, 1 Aug 2005 11:20:08 +0100, "Daniel Crichton"

|Hope my further comments help explain things a little better.


Greetings Dan & thank you for your response which was
much help.

Your comments have added a securiy reason to justify my
time taken to shutdown services & apps I dont need-
Messenger, NetBios, all scripting but Java,...so many I
sometimes worry I wont boot In 5 yrs I've had PCs
I've yet to get any malware so I must be doing
something right! Credit too goes to genetics- mostly
cops in family back 3 generations.

Thanks again- bye- Larry



Any advise is my attempt to contribute more than I have received but I can only assure you that it works on my PC. GOOD LUCK.