> I have noticed several denied packets from outside systems attempting to
> poke at tcp port 113 on one of my DMZ systems.
> TCP 113 is defined as the authentication port. I can not seem to get a
> clear explanation as to what service(s) on the client side would be
> attempting to do this. This port is not enabled on our host sides.
> I'd appreciate any input and/or clarification.
tcp/113 is ident protocol (RFC-1413).
Filtering it may cause problems with some applications, to include
some TELNET implementations. Some applications still send a tcp/113
auth request as back-channel response to incoming connections.
Blocking _shouldn't_ wreak too much havoc, but you may notice that
establishing connections to outside services may seem to hang during
the connection process while the tcp/113 request times out.
My vote: Block it.
US Sprint tel: 703.689.6828
Managed Network Engineering internet: paul @
Reston, Virginia USA http://www.sprintmrn.com