1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDENT Port 113 Setting

Discussion in 'Other Linksys Equipment' started by komUnec8, Sep 20, 2004.

  1. komUnec8

    komUnec8 Network Guru Member

    Anyone know which way around the Security/Firewall "FILTER INENT (Port 113)" setting in v1.02.5 should be set to allow IDENT on port 113 (Enabled or Disabled)?

    ie does ENABLED mean that Port 113 is Filtered (blocked), or does ENABLED mean that 113 IDENT's will pass through the firewall?
     
  2. Beta_Hal

    Beta_Hal Guest

    Stealthing port 113 on NAT routers

    NAT router manufacturers certainly don't want to get the reputation that their NAT router causes connection trouble. But NAT routers have the problem that incoming IDENT requests are inherently unsolicited. As we know, NAT routers double as terrific hardware firewalls due to their natural tendency to drop all incoming unsolicited packets, thus stealthing their owner's networks. But since stealthing port 113 can "theoretically" cause connection problems (but probably never does) NAT routers usually treat port 113 specially. They deliberately return a "closed" status, actively rejecting connection attempts . . . but blowing their otherwise full-stealth cover in the process.

    New users of NAT routers, who use this site to check their security, are often disappointed to discover a single closed (blue) port floating in a calm sea of stealth green.

    The good news is . . . it is possible to configure NAT routers to return them to full stealth. The trick is to use the router's own "port forwarding" configuration options to forward just port 113 into the wild blue yonder. Just tell the router to forward port 113 packets to a completely non-existent IP address, one way up at the end of your router's internal address range. The router will then NOT return a port closed status. It will simply forward the port 113 packet "nowhere" . . . and your network will be returned to full stealth status.

    It is my hope that NAT routers may consider incorporating the sort of adaptive dynamic IDENT handling which has always been (uniquely) offered by the Zone Alarm personal firewall . . .

    UPDATE: The latest firmware update for the Linksys family of NAT routers has added an adaptive IDENT stealthing feature (though it is not enabled by default). So the Linksys routers will give you the best of both worlds. Bravo Linksys!

    http://grc.com/port_113.htm
     

Share This Page