Can anyone tell me what service wants to talk on port 113? There is
a Solaris 2.4 machine on my internal network that wants to open a tcp
connection from some random >1024 port to port 113 on my bastion host.
rfc1700 says the following:
auth 113/tcp Authentication Service
auth 113/udp Authentication Service
# Mike St. Johns <stjohns @
/etc/services on the offending host doesn't list anything for port
113. Is it possible that this host is confused? I have other Solaris
2.4 hosts that behave quite nicely. Have any other Solaris 2 users
noticed similar behavior?
How can I figure out what process is creating these packets?
I've tried everything I can think of.
Thanks for any and all help,
Ordinarily you will find that port 113 is used by the identd daemon to provide
a very simple network user authentication facility. For example, irc servers
use identd to identify exactly who is running the irc client process that has
connected to it. This means that if that user causes trouble, then he may be
K-lined (banned) from that server with a specific ban rather than banning the
entire machine (or even the domain!).
There are various identd daemons around, identd, pidentd, jidentd (which
incidentally spoofs the identd process and so renders it totally useless).
I've also found that the TIS Firewall toolkits authsrv daemon tries to use 113
as its default port. This causes problems if you run anything from that
machine that requires identd, since authsrv does not support simple identd
requests. I changed my authsrv daemon to port 7777 just for the hell of it and
that works fine.
_/_/_/ _/_/_/ _/_/_/ _/_/_/ | Tel: (0141) 337 5000
_/ _/ _/ _/ | Fax: (0141) 337 5050
_/_/_/ _/ _/_/ _/ | Net: scet @
_/ _/ _/ _/ | AppleLink: SCET.DEV
_/_/_/ _/_/_/ _/_/_/ _/ |
......learning through technology |