Port 113

Question

Level 3

672 points

Port 113

I just visited the Shields UP!! website (after seeing a demonstration at my local users group). The demonstrator's computer at the meeting passsed all the tests, but mine (at home) failed the "Solicited TCP Packets". It said that port 113 was in "closed" status not stealth. It said my computer has responded that this port exits by is currently closed to connections. Should I be concerned???? I am currently using a NetGear router with NAT.

Shields UP!! went on to say this:

New users of NAT routers, who use this site to check their security, are often disappointed to discover a single closed (blue) port floating in a calm sea of stealth green.

The good news is . . . it is possible to configure NAT routers to return them to full stealth. The trick is to use the router's own "port forwarding" configuration options to forward just port 113 into the wild blue yonder. Just tell the router to forward port 113 packets to a completely non-existent IP address, one way up at the end of your router's internal address range. The router will then NOT return a port closed status. It will simply forward the port 113 packet "nowhere" . . . and your network will be returned to full stealth status.

Should I do this???

Thanks,
William

PowerMac MDD FW800 Dual 1.25Ghz, Mac OS X (10.4.4)

Posted on Mar 19, 2006 6:58 AM

Reply

Answer 1

Mar 19, 2006 7:31 AM in response to WilliamL

It said that port 113 was in "closed"
status not stealth. It said my computer has
responded that this port exits by is currently closed
to connections. Should I be concerned???? I am
currently using a NetGear router with NAT.

Personally, I wouldn't be concerned. The difference between "closed" and "stealth" is usually very small. A hacker would still have to use the correct password to get past the "closed" status of the port. If the port didn't respond at all, the hacker wouldn't even know that it was there. And that is just at the router. The hacker still has no idea what is behind the router. That is one of the benefits of NAT.

I'm not sure about the NetGear router's capabilities. Certainly you could set it up to use port forwarding for port 113. If you can make additional firewall rules you could place a rule that refused anything incoming on port 113. Another tactic would be to use Tiger's built in firewall and put it in stealth mode. It will not respond to any inquiries on port 113 or otherwise if a hacker does get past the router and somehow finds your computer and guesses it's password as well. Double the protection, double the fun. 🙂

Matt

Reply

Answer 2

monk3y

Level 4

1,605 points

Mar 19, 2006 1:10 PM in response to Matt Broughton

Agreed...

How to enable "Stealth Mode" in 10.4's Firewall:

1. Go to System Preferences > Sharing
2. Click on the Firewall tab
3. Unlock the pane, if necessary
4. Click the start button, if necessary
5. Click the Advanced button

Reply

Answer 3

WilliamL Author

Level 3

672 points

Mar 19, 2006 1:45 PM in response to monk3y

Stealth Mode was already turned on. So it is the router that is responding???

Reply

Answer 4

Mar 19, 2006 3:07 PM in response to WilliamL

Stealth Mode was already turned on. So it is the
router that is responding???

Yes.

Reply

Answer 5

WilliamL Author

Level 3

672 points

Mar 23, 2006 5:31 AM in response to Matt Broughton

I did use the Port Forwarding capability of the router to send port 113 to an un-used IP address at the top of the range. Now when I run the port scan test at Shields Up everything shows up stealth.

Reply