Port 3113: cs-auth-svr — Registered, Abandoned, and Available

What Port 3113 Is

Port 3113 sits in the registered port range (1024-49151), also called the "user ports" range. These ports are assigned by IANA to specific applications and services. Unlike the well-known ports below 1024 — where HTTP lives at 80 and SSH at 22 — registered ports don't require root privileges to bind, and their assignments carry less weight in practice.

IANA's registry lists port 3113 as cs-auth-svr, the "CS-Authenticate Svr Port," registered by a company called Crypto Solutions. The registered contacts are two engineers at a .co.uk domain that no longer appears to have an active web presence. The registration exists. The company, it seems, does not.

This is not unusual. The registered port range contains thousands of entries from companies that merged, pivoted, or quietly closed, leaving their port assignments behind like unclaimed luggage.

What This Means in Practice

When a port has an IANA registration but no active, widely-deployed service, it becomes available territory. Any application can bind to port 3113. Some firewall rules and security tools still flag it based on the IANA name — "cs-auth-svr" — but in practice, if you see traffic on port 3113, it's almost certainly not Crypto Solutions' authentication service.

It could be a gaming application (the 3000-3200 range sees some unofficial gaming use), a development server, or any process that picked a port number without checking whether IANA had thoughts about it. ¹

How to Check What's Listening on Port 3113

If you see port 3113 active on a system and want to know why:

On Linux/macOS:

# Show the process using port 3113
ss -tlnp | grep 3113

# Or with lsof
lsof -i :3113

On Windows:

# Show the process using port 3113
netstat -ano | findstr :3113

# Then look up the PID
tasklist /FI "PID eq <PID>"

These commands tell you which process owns the port. From there, you can determine whether it's expected software or something that warrants a closer look.

Why Abandoned Registrations Matter

The registered port range has a subtle design assumption baked in: that IANA registrations are meaningful. When applications pick ports, they're supposed to check the registry to avoid conflicts. The system works when registrations reflect active, deployed services.

Port 3113 illustrates the slow entropy that affects any registry that spans decades. Real services come and go. The registry doesn't. The result is a range where some ports are genuinely claimed and some are registered-but-available, and the only way to tell the difference is to look for the service running on the other end.