Hey guys,
Totally stumped here. Noticed last night 12/19 that after going to GRC and Sygate my port 113 is showing "closed" instead of stealth like all the others.
Have tried everything I know to try, even connected one machine at a time (three running XP Pro) and still no luck. I am behind a linksys router with latest firmware (which I reset to default). Even loaded ZA Pro version, activated XP`s weak little firewall, and still I cannot get 113 to go back to stealth. I don`t know when it changed, but all ports until now have been stealth.
Also shutdown Norton`s live update, Windows automatic update, etc.
Little help please............
port 113
port 113
Steve
www.zport.com
www.zport.com
If you're behind a router, that's what's being scanned. Unless you are using port forwarding, that is. Changes to each host will make no difference.
On the router:
1. Do you have "remote administration" or the equiv enabled? Bad idea...
2. Enable "drop wan request" or the like to place the router into stealth mode.
Skye
On the router:
1. Do you have "remote administration" or the equiv enabled? Bad idea...
2. Enable "drop wan request" or the like to place the router into stealth mode.
Skye
anything is possible - nothing is free
Blisster wrote:It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)
-
Joint Chiefs of Staff
- Posts: 42832
- Joined: Mon Mar 26, 2001 12:00 am
- Location: The Sandbox
Why isn't my Port 113 Stealthed? I'm using a firewall to stealth my entire machine, but the ShieldsUP! port probe shows port 113 to only be closed instead of stealthed! What gives?
Port 113 is associated with the Internet's Ident/Auth (Identification / Authentication) service. When a client program in your computer contacts a remote server for services such as POP, IMAP, SMTP, or IRC, that remote server sends back a query to the "Ident" server running in many systems listening for these queries on port 113. Essentially, the remote server is asking your system to identify itself . . . and you. This means that port 113 is often probed by attackers as a rich source of your personal information.
You may recall, from my explanation of Stealthed ports, that attempting to connect to a stealthed port is both costly and painful for the contact initiator — which is why it's so cool to stealth our machines. But the problem with simple stealthing of port 113 is that we don't want to hurt the servers we are trying to contact when they turn around and send us their IDENT query. If they get no response at all from their port 113 query, our connection to them (which initiated their query in the first place) will be delayed or perhaps completely abandoned.
Note that not all servers generate IDENT queries. So, depending upon your ISP, stealthing port 113 may not be any problem for you. However, you'll note that requirements for port 113 are common enough that most mature firewalls (BlackICE Defender, AtGuard, NIS2K, etc.) include built-in default rules allowing IDENT queries to pass through. These rules result in the IDENT's status being "closed" rather than "stealth."
So what can you do?
You may be able to remove or disable your firewall's default rule for IDENT (port 113) and run it in full stealth mode without trouble. If you do this, keep on the lookout for trouble connecting to less common servers, like IRC, which might have problems that you haven't encountered before.
Or, you can leave the default rule in place and live with your system's IDENT service port being visible to the outside world. Be aware that this provides a means for intruders to detect an otherwise stealthed computer. And they'll know you're running a firewall since other things are stealthed, but not port 113.
Or, you can switch to the very latest, highest technology, and best adaptive firewall which is smart enough to stealth this port against random probes, while still showing it as "closed" to queries from valid servers . . .
My current favorite firewall — soon to be recommended — is the completely free ZoneAlarm 2.0 (ZA2) from ZoneLabs. ZoneAlarm is the only firewall I know of that's smart enough to stealth your ENTIRE machine while still allowing your remote servers to see port 113 as closed.
ShieldsUP! shows my ports as 'Closed' and not 'Stealth', but I want Stealth! How do I get 'Stealth'?
'Stealthed' ports are a, strictly speaking, a violation of proper TCP/IP rules of conduct. Proper conduct requires a closed port to respond with a message indicating that the open request was received, but has been denied. This lets the sending system know that its open request was received so that it doesn't need to keep retrying. But, of course, this "affirmative denial" also lets the sending system know that a system actually exists on the receiving end . . . which is what we want to avoid in the case of malicious hackers attempting to probe our systems.
I coined the term 'Stealth' when I developed this site's port probing technology to describe a closed port that chooses to remain completely hidden by sending nothing back to its attempted opener, preferring instead to appear not to exist at all.
Since 'Stealthing' is non-standard behavior for Internet systems, it is behavior which must be created and enforced by means of a firewall security system of some sort. The native TCP/IP interface software used by personal computers will ALWAYS reply that a port is closed. Therefore, some additional software or hardware, in the form of a 'stealth capable firewall' must be added to the computer system in order to squelch its "closed port" replies.
To get full stealth-mode status from your system, I highly recommend using the completely FREE ZoneAlarm 2 firewall from ZoneLabs, Inc. Visit their website at http://www.ZoneLabs.com to learn more about this excellent and free firewall, then download the latest version.
Port 113 is associated with the Internet's Ident/Auth (Identification / Authentication) service. When a client program in your computer contacts a remote server for services such as POP, IMAP, SMTP, or IRC, that remote server sends back a query to the "Ident" server running in many systems listening for these queries on port 113. Essentially, the remote server is asking your system to identify itself . . . and you. This means that port 113 is often probed by attackers as a rich source of your personal information.
You may recall, from my explanation of Stealthed ports, that attempting to connect to a stealthed port is both costly and painful for the contact initiator — which is why it's so cool to stealth our machines. But the problem with simple stealthing of port 113 is that we don't want to hurt the servers we are trying to contact when they turn around and send us their IDENT query. If they get no response at all from their port 113 query, our connection to them (which initiated their query in the first place) will be delayed or perhaps completely abandoned.
Note that not all servers generate IDENT queries. So, depending upon your ISP, stealthing port 113 may not be any problem for you. However, you'll note that requirements for port 113 are common enough that most mature firewalls (BlackICE Defender, AtGuard, NIS2K, etc.) include built-in default rules allowing IDENT queries to pass through. These rules result in the IDENT's status being "closed" rather than "stealth."
So what can you do?
You may be able to remove or disable your firewall's default rule for IDENT (port 113) and run it in full stealth mode without trouble. If you do this, keep on the lookout for trouble connecting to less common servers, like IRC, which might have problems that you haven't encountered before.
Or, you can leave the default rule in place and live with your system's IDENT service port being visible to the outside world. Be aware that this provides a means for intruders to detect an otherwise stealthed computer. And they'll know you're running a firewall since other things are stealthed, but not port 113.
Or, you can switch to the very latest, highest technology, and best adaptive firewall which is smart enough to stealth this port against random probes, while still showing it as "closed" to queries from valid servers . . .
My current favorite firewall — soon to be recommended — is the completely free ZoneAlarm 2.0 (ZA2) from ZoneLabs. ZoneAlarm is the only firewall I know of that's smart enough to stealth your ENTIRE machine while still allowing your remote servers to see port 113 as closed.
ShieldsUP! shows my ports as 'Closed' and not 'Stealth', but I want Stealth! How do I get 'Stealth'?
'Stealthed' ports are a, strictly speaking, a violation of proper TCP/IP rules of conduct. Proper conduct requires a closed port to respond with a message indicating that the open request was received, but has been denied. This lets the sending system know that its open request was received so that it doesn't need to keep retrying. But, of course, this "affirmative denial" also lets the sending system know that a system actually exists on the receiving end . . . which is what we want to avoid in the case of malicious hackers attempting to probe our systems.
I coined the term 'Stealth' when I developed this site's port probing technology to describe a closed port that chooses to remain completely hidden by sending nothing back to its attempted opener, preferring instead to appear not to exist at all.
Since 'Stealthing' is non-standard behavior for Internet systems, it is behavior which must be created and enforced by means of a firewall security system of some sort. The native TCP/IP interface software used by personal computers will ALWAYS reply that a port is closed. Therefore, some additional software or hardware, in the form of a 'stealth capable firewall' must be added to the computer system in order to squelch its "closed port" replies.
To get full stealth-mode status from your system, I highly recommend using the completely FREE ZoneAlarm 2 firewall from ZoneLabs, Inc. Visit their website at http://www.ZoneLabs.com to learn more about this excellent and free firewall, then download the latest version.
>>Cult Master of International Affairs<<
I know a lot of people like ZA but it certainly has it's issues (especially uninstall - it's worse than a symantec product). I think Steve Gibson must own stock in zonelabs 
Since you already have a router, ZA will only affect your outbound connection attempts - a very useful thing.
I mask my ident - all stealth - and have had no problems.
Since you already have a router, ZA will only affect your outbound connection attempts - a very useful thing.
I mask my ident - all stealth - and have had no problems.
anything is possible - nothing is free
Blisster wrote:It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)
OK Skye,
Any idea how to correct the problem with 113 through the router? I have the "Block WAN Request" enabled and the "Remote Admin" disabled.
My router is the Linksys BEFSR41.
Any idea how to correct the problem with 113 through the router? I have the "Block WAN Request" enabled and the "Remote Admin" disabled.
My router is the Linksys BEFSR41.
Steve
www.zport.com
www.zport.com
Hey guys,
As always, thanks for the help. Fixed the problem today. Contacted Linksys and they suggested to replace the firmware with the original version. Did this and the port 113 problem went away!
As always, thanks for the help. Fixed the problem today. Contacted Linksys and they suggested to replace the firmware with the original version. Did this and the port 113 problem went away!
Steve
www.zport.com
www.zport.com
Skye,
Yeah it stumped me too. Did several days of trial and error.
Didn`t realize you could "flashback" the firmware on the router. Another lesson learned!
Yeah it stumped me too. Did several days of trial and error.
Didn`t realize you could "flashback" the firmware on the router. Another lesson learned!
Steve
www.zport.com
www.zport.com
-
knightmare
- Posts: 6067
- Joined: Tue Feb 19, 2002 10:53 am
like admiral said
port 113 is perpetual * back a couple of yrs ago when i had black ice, lol, i had to always make sure it was closed
“"A wise man can learn more from a foolish question than a fool can learn from a wise answer."”
Bruce Lee
Bruce Lee
