Web Port 80 and IDent 113
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Web Port 80 and IDent 113

  1. #1
    Senior Member
    Join Date
    Feb 2005
    Posts
    149

    Web Port 80 and IDent 113

    I have a 2 computer network. I have file sharing enabled. I am using a Linksys Router Model NR041.Both machines are firewalled with Zone Alarm. One Machine has Windows XP and the other has Windows 98. When I run the the online security scan, it says my Port 80 (web) and Port 113 (ident) are closed. They should be blocked so they can be in stealth mode like all my other ports. Does anyone know why those ports are closed and not Blocked, and is there a way for them to be Blocked (Stealthed)? Thanks

  2. #2
    Senior Member Falcon21's Avatar
    Join Date
    Dec 2002
    Location
    Singapore
    Posts
    252
    Originally posted here by yourdeadin

    if you block ur port 80 then there will be no more browsing for you !


    and port 113
    Port 113 identd/auth. ... Reveals a lot of information to hackers.
    so i guess that you can block port 113
    http://www.iss.net/security_center/a...13/default.htm
    I thought the browser use random port to connect to port 80 of the web server...so blocking local port 80 is not a problem if you doesn't run a local web server.
    The online scan is scanning the gateway (router), not your pc...or may be I am wrong?

  3. #3
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    You can block port 80 perfectly fine. You will be able to keep browsing. You won't be able to host your own webserver though (not configured to use that default port anyways).

    Identd is typically used to provide some 'authentication' data when connecting to IRC-networks. You can shut it down and still connect to most networks though, as I understand it.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    if you block ur port 80 then there will be no more browsing for you !
    WRONG. Please do your research before you give an unknowing person bad information.

    Clients use a random port beginning at 1024 + 1. Anything below this is considered priviledged ports for the localhost. The connection then hits port 80 on the REMOTE host, not the localhost.

    identd is a simple service to authenticate remote users. It can query which user on a remote system attempts to establish a connection. This service is clear text and no longer in wide use. However, many mail servers will still query it. Some IRC servers use it to verify the userid. What information does IDENT reveal to "hackers"? The worst issues with the service are related to the bad design thus it is subject to buffer overflows, etc.. It's a relic from a time when the internet was a friendly place.

    Get your facts in line before you prove to the world that you are without a clue.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Member
    Join Date
    Dec 2002
    Posts
    63
    I would consult your routers web interface to either create a rule filtering those ports or in some cases a radio button is available to select to specificaly filter said ports. The router should have documentation on how to get there... something like http://192.168.1.1 and entering the default user/pass.
    $pak = me;

  6. #6
    Senior Member
    Join Date
    Feb 2005
    Posts
    149
    Thanks for the replies guys. The internet security stealth scan (sygate) doesn't scan my routers' assigned IP to each of my computers. It only scans the IP given to me by my ISP. So am I safe since I have a firewall on both of my networked computers. My router uses NAT. ??? So i guess i can't stealth my ports 80 and 113, or can I?

  7. #7
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    The IP assigned by your ISP is going to be the WAN address(or external interface) for your router. This means the online test is scanning your router. I have seen ISPs block ports but usually if they block port 80 they also block common trojan ports and tons of others as well. This leads me to the conclusion your router is responding to the scans with these ports blocked. This is not exactly desired behaviour, but is not terribly serious. If I had to guess (and I'm going too ) I would say you need to upgrade the firmware on your router. I have seen linksys firmwares report ports as closed before, and the problem was resolved through a firmware upgrade. As far as the IDENT protocol goes, I would say its not a huge information leak, but it can be used to return the UserID of a particlular TCP connection. This can be used to gather a list of valid accounts for later bruteforce or dictionary attacks on another service, but this scenario is really only troublesome in a multiuser system with services availbale to exploit. (telnet,ssh,etc)

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  8. #8
    Senior Member
    Join Date
    Feb 2005
    Posts
    149
    Ok thanks a lot Maestr0, i'll upgrade my router's firmware right now to see if that fixes the problem.

  9. #9
    Senior Member
    Join Date
    Feb 2005
    Posts
    149
    It seems like the firmware on my router is new than the firmware upgrade available at the website (www.networkeverywhere.com), lol, i guess i'll just keep the firmware that i already have. I have firmware Version 1.2 Release 06, and the one i downloaded (only 1 option), is firmware Version 1.2 Release 03.

  10. #10
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    You may want to try the other one.

    -Maestr0

    edit: Maybe not.
    http://secunia.com/advisories/12393/
    Still, cant find anything about ANY releases over 1.2 03. Are sure its 1.2 06?
    Their ftp hosts 1.2 01, and 1.2 03
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •