Explore information related to ident exploit metasploit

Port 113 IDENT Requests - How to Disable it on Nagios

This article covers how to disable Port 113 IDENT Requests on Nagios. 

You are seeing port 113 return requests either from your Nagios XI server (when submitting NSCA passive results) to the originating host OR you are seeing port 113 return requests when checking NRPE services).

You will see this behavior on your firewall logs as you will most likely not have a firewall rule for port 113.

This is usually because you are running an NRPE check through XINETD with USERID included on the log_on_success or log_on_failure options in your remote hosts /etc/xinetd.d/nrpe file.

OR this could be because you are submitting passive results to the XI server through NSCA (which is running under XINETD) /etc/xinetd.d/nsca with the same options as above.


To disable Port 113 IDENT Requests:

1. Then remove the USERID option from the log_on_failure AND log_on_success to stop the IDENT from occurring. The file you need to change depends on:

i. NRPE on remote host

/etc/xinetd.d/nrpe

ii. NSCA on Nagios XI server

/etc/xinetd.d/nsca

2. After making the changes you need to restart the xinetd service using one of the commands below:

RHEL 7+ | CentOS 7+ | Oracle Linux 7+ | Debian | Ubuntu 16/18/20

$ systemctl restart xinetd.service


What is filter ident port 113?

Filter IDENT(port 113) (Enabled) IDENT allows hosts to query the device, and thus discover information about the host.

On the VPN Passthrough screen, you can configure the router to transparently pass IPSec, PPPoE, and PPTP traffic from internal hosts to external resources.

Read More