TCP Dangerous Other

Port 113 (Ident)

Learn about port 113 (Ident) - security risks, vulnerabilities, and common uses. Find devices with port 113 open.

Quick Info

Port Number

113

Protocol

TCP

Service

Ident

IANA Name

Ident

Service Description

Network port 113 (TCP), commonly known as Ident or the Identification Protocol, is a service that allows remote servers to determine the username of the user who initiated a TCP connection. It operates by the server initiating a connection to port 113 on the client's machine. The client's Ident daemon then responds with the username associated with the TCP connection's source port. The protocol is defined in RFC 1413. At a technical level, a server, upon receiving a connection from a client, will open a connection back to the client's port 113. The client's Ident daemon then receives a request specifying the client-side port number of the original connection. The Ident daemon then looks up the process using that port and returns the username under which that process is running. The response is a simple string formatted as `port1 , port2 : USERID : system : username`, where `port1` and `port2` are the client and server ports, respectively, `system` indicates the operating system type (typically `UNIX`), and `username` is the user account name. It was initially intended to improve logging and accountability on Internet Relay Chat (IRC) networks and other services.

## Firewall Recommendations

Generally, it is recommended to block incoming connections to port 113 on client machines. The Ident protocol is largely obsolete and provides minimal benefit in modern network environments. Allowing incoming connections to port 113 exposes a potential attack surface with little corresponding benefit. For servers requiring Ident information from clients, it's preferable to use more secure authentication mechanisms instead of relying on the Ident protocol. If Ident is absolutely necessary, ensure the Ident daemon is properly configured and patched against known vulnerabilities. Rate-limiting connections to port 113 can also help mitigate denial-of-service attacks. Consider using a firewall to restrict access to this port to only trusted networks or IP addresses.

Security Information

Ident has significant security risks due to its inherent lack of authentication and its reliance on the client's system to provide accurate information. An attacker can easily spoof or manipulate the Ident response to provide false information about the user. This makes it unreliable for authentication or authorization purposes. Furthermore, exposing the Ident service can reveal potentially sensitive information about the internal usernames on a system, which can be used for social engineering or targeted attacks. The service itself is often targeted for reconnaissance, as it can reveal information about system architecture and user accounts, aiding in the planning of further attacks. Because it runs as a daemon, vulnerabilities in the Ident implementation itself can be exploited to gain unauthorized access to the system.

Known Vulnerabilities

CVE	Name	Severity	Description
CVE-2000-0637	Identd format string vulnerability	High	Уязвимость в некоторых реализациях identd, позволяющая удаленному злоумышленнику выполнить произвольный код через format string атаку.
CVE-2001-0550	tcp_wrappers identd spoofing vulnerability	Medium	Уязвимость в tcp_wrappers, позволяющая злоумышленнику подделать ответы identd, обходя ограничения доступа.