Port 873 – RSYNC (Remote Sync Protocol)

Why It’s Open

Port 873 is used by the rsync protocol, a fast and versatile file synchronization and transfer tool. It’s designed for efficiently transferring and synchronizing files between systems by only transmitting the differences between source and destination files. Rsync is widely used for backups, mirroring, and file distribution in both local networks and over the internet.

Organizations commonly use this port for automated backups, website mirroring, or maintaining distributed file repositories. It’s particularly popular among web hosting providers and in development environments for code deployment.

Common Risks

• Anonymous Access:
  Unrestricted file access.
• Data Exposure:
  Unencrypted file transfers.
• Module Misconfigurations:
  Excessive permissions.
• Authentication Bypass:
  Weak access controls.
• Information Disclosure:
  Directory listing enabled.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

Book a Demo

Enumeration & Testing

Check if it’s open:

nmap -sT -p 873

List available modules:

rsync ::

Test anonymous access:

rsync rsync:///

What to Look For

Mitigation

• Require Authentication:
  Configure module-specific user authentication.
• Use SSH Tunneling:
  Encrypt rsync traffic using SSH (rsync over SSH).
• Access Controls:
  Implement strict file permissions and module restrictions.
• Read-Only Access:
  Disable write access unless specifically required.
• Network Restrictions:
  Limit rsync access to trusted IP ranges.

TL;DR

• Port 873 = rsync file transfer
• Fast file synchronization tool
• Often misconfigured for open access
• Needs encryption and auth controls

Known CVEs and Exploits

• CVE-2017-16548 – rsync daemon path traversal vulnerability
• CVE-2011-1097 – rsync daemon heap overflow via long filenames
• Metasploit rsync_modules_list – Module listing and access tester