Dan Harkless <[EMAIL PROTECTED]> writes:
> Rainer Weikusat <[EMAIL PROTECTED]> writes:
> > Dan Harkless <[EMAIL PROTECTED]> writes:
> > > > Using this grammar applied to the data we send to an arbitrary host
> > > > piped to the ident/auth port will reveal the process owner running
> > > > on a given port, even though we initiated the connection.
> > >
> > > Uh, no. With properly-written ident daemons, such as pidentd,
[...]
> Well, there's a feature request for auth/ident/tap daemons running on OSes
> (if any) that can distinguish after-the-fact between connections that
> originated locally and those that originated remotely. Assuming that
> doesn't break RFCs 931 / 1413, of course (I'd re-read them right now to
> check, if I had the time)...
Theo de Raadt just informed me via email that OpenBSD fixed their identd to
only report SS_CONNECTOUT sockets in 1996. He says as far as he knows
theirs is the only identd to implement this, and that he tried to contact
the RFC authors about getting a revision done saying that you should not
respond for non-locally-originating connections, but he either got no reply
or there was disagreement.
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
[EMAIL PROTECTED] | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.