113 - Ident

Ident, also known as the Identification Protocol, typically runs on TCP port 113. It is a legacy protocol that was originally designed to identify the user of a particular TCP connection on Unix-based systems. When a connection is made to a service, that service can query the ident service on the client’s machine to retrieve the username of the process that initiated the connection. This response is based on the source and destination ports involved in the TCP session.

Although the intention behind ident was to provide accountability and logging capabilities, the protocol poses several security concerns. It often exposes unnecessary information about the system, such as internal usernames, which can aid in user enumeration during reconnaissance. Additionally, the service itself has limited security features and is generally considered obsolete in modern environments.

Usernames can be enumerated with the ident-user-enum utility:

ident-user-enum <target-IP> <target-port>