Ident - Port 113

Basic Information

The Ident Protocol is used over the Internet to associate a TCP connection with a specific user. Originally designed to aid in network management and security, it operates by allowing a server to query a client on port 113 to request information about the user of a particular TCP connection.

However, due to modern privacy concerns and the potential for misuse, its usage has decreased as it can inadvertently reveal user information to unauthorized parties. Enhanced security measures, such as encrypted connections and strict access controls, are recommended to mitigate these risks.

Default port: 113

PORT    STATE SERVICE
113/tcp open  ident

Enumeration

nmap -p 113 <target-ip>

Querying the Service To test the Ident service manually:

nc <target-ip> 113
<local-port> , <remote-port>

This will return a response containing the username associated with the TCP connection.

Enumerating Usernames

use auxiliary/scanner/ident/ident
set RHOSTS <target-ip>
run

./ident-user-enum.pl -f targets.txt

When run, the tool might produce output like this:

192.168.1.10:113 -> User: admin
192.168.1.10:113 -> User: www-data
192.168.1.10:113 -> User: root

Files

Default Location of identd.conf

The identd.conf file is typically found in the following locations, depending on the system and Ident implementation:

• /etc/identd.conf

• /usr/local/etc/identd.conf

• /etc/oidentd.conf (for oidentd)

If you can’t locate the file, use a search command:

sudo find / -name "identd.conf"