Port 113 Insurgent

Hi people,

Does someone has an effective way to TOTALLY block and shield port 113 or the IDENT protocol?


http://img18.imageshack.us/img18/1668/port113failedpd7.th.png

btw: I do have rules to block port 113 in “Global Rules” and others for each app, but seems they are not working as it should be. There’s NO email, ICQ or any other app that requires port 113 or IDENT protocol in this PC.

The ONLY way that I know is to redirect all comunications on this port to an un-used IP at the router, but I don’t have a router where this PC is used (direct to DSL modem).

Any chance to solve this via CIS?

MANY thanks.

Is the rule for port 113 above the basic block rulle (the one with the red icon)? If it is underneath the rule is not active.

Hi, Eric:

Double-checked:

It is the 1st rule (top) in Global Rules (here, at GR, I don’t have any “allow” rule and I think order doesn’t matter in this case),

and it is the 1st rule for all apps (here, all specific “blocking” rules are on top of the “allow” rules, and after all (bottom) there are an generic “Block & Log All”, and here order matters)

Thanks for your time.

Can you describe the block rule you made for that port under Global Rules?

Sure, here it is:

Block and Log TCP OR UDP In/Out From IP Any To Ip Any Where Source Port Is Any And Destination Port Is 113

This is the same first rule for the apps.

Tried with the below, instead that, one by one, for testing:
Block and Log TCP In From IP Any To IP Any Where Source Port Is Any And Destination Port Is 113
Block and Log TCP In From IP Any To In [NICs] Where Source Port Is Any And Destination Port Is 113
Block and Log TCP In From In [4.79.142.206] To IP Any Where Source Port Is Any And Destination Port Is 113
Block and Log TCP In From In [4.79.142.206] To In [NICs] Where Source Port Is Any And Destination Port Is 113

where [NICs] is a “Network Zone” included in “My Network Zones” with my NIC MAC address.

Same behavior with new v468/fresh rules. Same results. Question still NOT answered/solved.

Can’t pass in GRC port 113 probe - “unsolicited packets sent by my PC”

Here is what you can do to check this:

  1. do a “Shields-up” test at GRC and choose “All Service Ports”
  2. follow the guidelines in the bottom of the page (ref. port 113)

OR:

  1. test only port 113 at “Shiels-up”
  2. open a second browser-window and go to http://4.79.142.206 (don’t care if it “fail”)
  3. come back to the first page and re-do test on port 113.