topic Re: port 113 in Operating System - Linux

port 113

K.C. Chan — Sat, 21 Sep 2002 23:02:04 GMT

Does any one knows what port 113 is used for? Thanks.

Re: port 113

Craig Kelley — Sun, 22 Sep 2002 10:40:26 GMT

Looks like ident:

http://www.dancinman.com/GuideBooks/CommonPortsGuide/commonports-guide1.html

Re: port 113

K.C. Chan — Sun, 22 Sep 2002 13:22:43 GMT

I know it's ident, also known as auth. But what's it used for? why is it that my mail server is trying to access a windows 2000 server on this port? Any idea? Thanks.

Re: port 113

Craig Kelley — Sun, 22 Sep 2002 14:47:50 GMT

http://www.rosat.mpe-garching.mpg.de/mailing-lists/procmail/2001-12/msg00173.html

AFAIK, auth *is* ident, it just depends on your vendor as to what they want to call it.

Re: port 113

U.SivaKumar_2 — Mon, 23 Sep 2002 02:59:13 GMT

Hi,

identd is a small program that typically runs out of your inetd server. It keeps track of what user is running what TCP service, and then reports this to whoever requests it.

Many people misunderstand the usefulness of identd, and so disable it or block all off site requests for it. identd is not there to help out remote sites. There is no way of knowing if the data you get from the remote identd is correct or not. There is no authentication in identd requests.

Why would you want to run it then? Because it helps you out, and is another data-point in tracking. If your identd is un compromised, then you know it's telling remote sites the user-name or uid of people using TCP services. If the admin at a remote site comes back to you and tells you user so-and-so was trying to hack into their site, you can easily take action against that user. If you are not running identd, you will have to look at lots and lots of logs, figure out who was on at the time, and in general take a lot more time to track down the user.
When you open ANY tcp connection to a remote site, this remote site may query your Unix Workstation for the name of the process Owner.
Especially Sendmail and Apache can do this.

If you are not running an identd, the remote site will get a connection refused and continue its operation immediately. if you run identd from inetd a fork/exec will take place. The remote server will wait until it gets the answer from your Workstations Identd.

This means, the faster your identd is able to answer requests the faster you will get answers from remote servers.

identd can be used for denial of service attacks . So you can disable it.

regards,
U.SivaKumar

Re: port 113

Craig Kelley — Mon, 23 Sep 2002 14:20:05 GMT

I completely agree. System administrators disable many tools that can be helpful. In addition, many software developers are being forced to make all their network connectivity run over HTTP on port 80 just to get by facist "security" setups (see dotNet, for example). These overly-zealous administrators end up defeating the whole point of being able to manage individual ports.

Re: port 113

Paul_159 — Sun, 17 Nov 2002 08:46:36 GMT

You did give some good answers to the question, "What is port 113?" Thank you. I still see no reason to use it though. Any one with enough knowledge to "hack" will know better than to reply to it.