Port 3205: iSNS — The Phone Book for Storage Networks

What It Does

Port 3205 carries iSNS: the Internet Storage Name Service. If you run iSCSI storage on your network, iSNS is how your servers find their disks.

An iSCSI network has two kinds of devices: initiators (servers that want to access storage) and targets (storage arrays that have disks to offer). Without iSNS, every initiator needs a manual list of every target's IP address. In a small lab, that's fine. In a datacenter with hundreds of servers and dozens of storage arrays, it becomes an unmaintainable mess.

iSNS is the phone book. Targets and initiators register with the iSNS server when they come online. Initiators query it when they want storage: "Who can I access?" The server answers. Connections happen. No manual lists required. ¹

How the Protocol Works

iSNS has three jobs.

Registration: When an iSCSI target comes online, it registers with the iSNS server. It announces its IQN (iSCSI Qualified Name, a unique identifier that looks like iqn.2001-04.com.example:storage.array1), its IP addresses, and its portal groups. Initiators register too, so the server knows who is asking.

Discovery with Access Control: An initiator queries the iSNS server: "What targets can I reach?" The server returns a list filtered by Discovery Domains. Not every initiator should see every target. Discovery Domains are the permission system. The backup servers see the backup targets. The production database cluster sees its own storage. Nothing bleeds across. ²

State Change Notifications: When topology shifts, iSNS pushes notifications to everyone who subscribed. A new LUN appears. A storage array goes offline. An initiator's domain membership changes. Clients do not poll continuously; they subscribe and receive push notifications. The network adapts without manual intervention, and without a person at 3am rewriting config files.

The History

iSNS emerged from the problem of making iSCSI work at scale.

Fibre Channel SANs had their own discovery fabric built in. FC hardware managed device registration automatically; you plugged something in and the fabric knew about it. But Fibre Channel required specialized cables, switches, and training, and it was expensive enough to be out of reach for most organizations.

iSCSI arrived as the democratizing alternative: run storage traffic over regular Ethernet TCP/IP. Same cables, same switches, same skills, fraction of the cost. But iSCSI had no equivalent of Fibre Channel's built-in discovery. At small scale you just configured targets manually. At enterprise scale, that fell apart.

A working group of storage industry engineers, from Microsoft, Nortel, Riverbed Technology, McDATA Corporation, and Rincon Research, wrote RFC 4171 in September 2005.³ iSNS gave iSCSI networks the discovery and management capabilities that had always been a Fibre Channel advantage. IANA assigned port 3205 for both TCP and UDP.

Port 3205 is the piece that made iSCSI credible as enterprise storage technology.

The Naming Coincidence

iSCSI device names look like this: iqn.2001-04.com.example:storage.disk2.sys1.xyz

That is reverse-domain notation, with a year-and-month stamp. The storage industry took the domain name convention, flipped it, added a date, and called it an iSCSI Qualified Name. Then they built a registration and lookup service for those names, which works like DNS, and called it the Internet Storage Name Service. Port 3205 is the proof that every sufficiently large naming problem eventually becomes DNS, whether or not you call it that.

Security Considerations

An iSNS server knows your entire storage topology. It knows which servers exist, which arrays exist, what is connected to what, and what volumes are available. An attacker who can query your iSNS server has a complete map of your storage infrastructure.

More concerning: if an attacker can register with your iSNS server, they can insert false records. A malicious target registers itself as legitimate storage. An initiator queries the server, receives the attacker's address, connects, and sends raw disk blocks to the wrong place.

iSNS supports authentication, but enforcement varies across implementations. Older deployments sometimes run iSNS without authentication under the assumption that the storage network is isolated. Network segmentation is the real protection. Port 3205 should not be reachable from untrusted networks. ⁴

Checking What Runs on Port 3205

# See if something is listening locally
ss -tlnp | grep 3205

# Check from a remote host
nmap -p 3205 <host>

# Nmap includes a dedicated iSNS script
nmap -p 3205 --script isns-info <host>

On Windows:

netstat -ano | findstr :3205

If port 3205 is open on a host you did not configure as a storage server, investigate. Some software runs iSNS components silently as part of storage management suites.

Related Ports

• Port 860: iSCSI (the original assigned port, rarely used now)
• Port 3260: iSCSI (the port most iSCSI traffic actually uses)