What is ident 113?

What is ident 113?

Description: Auth/Ident servers — which are supposed to run on the local user’s machine — open port 113 and listen for incoming connections and queries from remote machines. These querying machines provide a local and remote “port pair” describing some other already-existing connection between the machines.

What is ident in networking?

The Ident Protocol (Identification Protocol, Ident), specified in RFC 1413, is an Internet protocol that helps identify the user of a particular TCP connection. One popular daemon program for providing the ident service is identd.

What is ident user enum?

ident-user-enum is a simple PERL script to query the ident service (113/TCP) in order to determine the owner of the process listening on each TCP port of a target system. This can help to prioritise target service during a pentest (you might want to attack services running as root first).

What does filter ident port 113 do?

Filter IDENT (Port 113) – This filter keeps port 113 from being scanned by devices from the internet. This will protect your network from unauthorized access to services such as POP, IMAP, SMTP, IRC and FTP. The Filter IDENT option is set to enabled by default.

What ports should you block?

For example, the SANS Institute recommends blocking outbound traffic that uses the following ports:

  • MS RPC – TCP & UDP port 135.
  • NetBIOS/IP – TCP & UDP ports 137-139.
  • SMB/IP – TCP port 445.
  • Trivial File Transfer Protocol (TFTP) – UDP port 69.
  • Syslog – UDP port 514.

What does ident stand for?

Automated Biometric Identification System
Similarly, IDENT, the Automated Biometric Identification System, is at the heart of the central Department of Homeland Security (DHS) system to store, match, and process biometric and associated biographic information.

What is ident authentication?

The ident authentication method works by obtaining the client’s operating system user name from an ident server and using it as the allowed database user name (with an optional user name mapping). This is only supported on TCP/IP connections.

Should I filter port 113?

Filter IDENT(port 113) (Enabled)— IDENT allows hosts to query the device, and thus discover information about the host. Unless applications specifically require this degree of access, you should always filter IDENT traffic.