> sites of users that I have on the machine (i.e- ~debian-isp). I was
> wondering how they are finding out which users that I have on the machine
> and was wondering if I could be running services that pose a security
> problem. I only have the following open:
>
> Port State Protocol Service
> 21 open tcp ftp
> 22 open tcp ssh
> 25 open tcp smtp
> 80 open tcp http
> 113 open tcp auth
> 443 open tcp https
> 515 open tcp printer
> 3306 open tcp mysql
> 6000 open tcp X11
>
> I had a question as to the function of 'auth'.
> I am not quite sure what this does. If someone could give me a heads up.
> Any advice appriciated.
Auth servers are used to determine the "owner" of a specific
connection, more commonly known as identity servers, and essentially
useless. Some IRC servers use them to make sure you're not IRC'ing as
root.
Some network scanners use ident to determine what services are running as
root, to aid them in a system compromise.
If you need to run identity/auth services at all, use one that can be
configured to return useless information like (*shameless plug*) ident2 at
http://netgraft.com/
You can probably safely disable it, though.
-MB
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]