Dan Harkless writes: > Theo de Raadt just informed me via email that OpenBSD fixed their identd to > only report SS_CONNECTOUT sockets in 1996. The MTA and the FTP server and many other daemons will make outgoing TCP connections upon request. This bogus ``fix'' does not achieve the stated goal of keeping the daemon usernames secret. Meanwhile, it wipes out useful logs for some portmap-style protocols. (Rare protocols, I agree.) The correct approach is to encrypt the uid under a secret key. This has been built into pidentd for years. ---Dan
- Re: analysis of auditable port scanning techniques dethy
- Re: analysis of auditable port scanning techniques Michael Bacarella
- Re: analysis of auditable port scanning techniques Michael S Soukup
- Re: analysis of auditable port scanning techniques Rainer Weikusat
- Re: analysis of auditable port scanning techniq... Dan Harkless
- Re: analysis of auditable port scanning tec... Henrik Nordstrom
- Re: analysis of auditable port scanning tec... Dan Harkless
- Re: analysis of auditable port scanning... D. J. Bernstein
- Re: analysis of auditable port scanning techniques John Ladwig