Service:
auth
Protocol:
TCPPort:
113Used for:
User identification protocol for validating connections and authenticationWhy It’s Open
Port 113 is used for the Identification Protocol (Ident), an older authentication mechanism primarily used by IRC servers and some legacy systems. While largely obsolete in modern networks, some systems maintain this service for backward compatibility with certain applications that expect ident responses.
Common Risks
- Username Disclosure
Reveals valid system usernames to potential attackers - System Fingerprinting
Responses may expose OS and service information - Legacy Vulnerabilities
Older implementations contain unpatched security flaws - Denial of Service
Can be abused to consume system resources - False Security
Provides unreliable authentication information
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Check if it’s open:
nmap -sT -p 113Basic ident query:
echo "6667,113" | nc -w 3 113Scan for ident info:
amap -p 113What to Look For
| Checkpoint | What it means |
|---|---|
| Active ident service | Potential information leak |
| Username disclosure | Valid usernames exposed |
| Verbose error messages | Additional system details |
| Unrestricted access | Open to network-wide queries |
Mitigation
- Disable Service
Remove identd unless specifically required - Network Filtering
Block port 113 at perimeter firewalls - Response Limiting
Configure to return minimal information - Modern Alternatives
Replace with secure authentication methods - Monitoring
Log all ident query attempts
TL;DR
- Obsolete authentication protocol
- Information disclosure risk
- Should be disabled by default
- Provides minimal security value
Known CVEs and Exploits
- CVE-2015-8325 - Buffer overflow vulnerability
- CVE-2013-4426 - Information disclosure issue
- CVE-2011-2688 - Remote code execution flaw