Port 353 carries NDSAUTH (NDS Authentication), the authentication protocol for Novell Directory Services. In the 1990s, when two-thirds of corporate networks ran on Novell NetWare, this port authenticated millions of users to network resources through the first global directory service.12
What NDSAUTH Does
NDSAUTH handles authentication for Novell Directory Services (NDS), later renamed eDirectory. When a user logs into an NDS-enabled network, the authentication process happens over port 353 on both TCP and UDP.3
The protocol's job is straightforward: verify user identity and establish authenticated sessions for accessing network resources. What made it revolutionary was the scope—one authentication gave access to any resource in the entire directory tree, not just a single server.4
The NDS Revolution
Novell released NetWare Directory Services in 1993 with NetWare 4.5 It replaced the "Bindery" system, where every server maintained its own separate list of users and resources. NDS introduced a global, distributed, replicated database—a single hierarchical tree spanning entire organizations.6
This was six years before Microsoft released Active Directory.7 For that brief window, NDS was the standard for how large organizations unified their network infrastructure. A single directory tree contained branches for servers, workstations, users, groups, printers—every network entity in one place, accessible from anywhere.8
How It Worked
The authentication process involved two steps:
-
Initial Login: The client connects to an NDS server to establish the user's identity. NDS walks the tree until it finds a writeable copy of the user's object and retrieves the client's private key.9
-
Background Authentication: After login, the user still needs to authenticate to individual servers offering network services—but this happens automatically using the credentials established in step one.
The critical authentication data never crossed the network in plain text, and authentication tokens were valid only for the current login session.9
The Scale of Novell's Dominance
Around 1993, NetWare commanded roughly two-thirds of the market for network operating systems. Over half a million NetWare-based networks were installed worldwide, serving approximately 55 million users.10
Port 353 authenticated a significant portion of the corporate world's network access during that era. If you worked in a large organization in the mid-1990s and logged into your computer, there's a decent chance your credentials flowed through this port.
Where NDSAUTH Fits Today
NDS evolved into Novell eDirectory, which later became NetIQ eDirectory after Novell was acquired. The product still exists and is still used, though its market dominance is long gone. Modern eDirectory deployments primarily use other ports for server-to-server communication (port 524 for eDirectory traffic, port 427 for Service Location Protocol), but port 353 remains officially assigned to NDSAUTH.11
Security Considerations
Port 353 should only be accessible within trusted networks. Like any authentication port, exposure to the public Internet creates unnecessary risk.
Some older security databases flagged port 353 as having been used by malware in the past.3 This doesn't mean the port itself is dangerous—just that like any well-known port, it's been exploited by various threats over the decades.
Modern networks rarely need port 353 open unless running legacy eDirectory infrastructure.
Related Ports
- Port 389: LDAP (Lightweight Directory Access Protocol), the successor standard for directory services
- Port 636: LDAPS (LDAP over SSL/TLS), secure directory access
- Port 88: Kerberos, the authentication protocol used by Active Directory
- Port 524: Primary eDirectory server-to-server communication port11
Checking Port 353
To see if anything is listening on port 353:
Linux/Mac:
Windows:
If you see something listening on port 353 and you're not running eDirectory or legacy Novell infrastructure, investigate further.
Was this page helpful?