I'm seeing lots of ident services being droped at the firewall. The source
address is a host on the Internet and the destination is one of my boxes. I
thought ident was an identification reply for a unix login. Wouldn't ident
be a reply to a login service than? I'm trying to understand what it really
means. I see ident requests being dropped without any login requests. Are
there any good explanations for this?
Ident is used to determine what user owns what running daemons. If they are malicious, they may be trying to see if something like your Webserver is owned by root.
Keep it blocked, in fact I'd shut it off on all of your UNIX hosts altogether.
--
Rich Jankowski Lucent Technologies
Network Security Engineer NetworkCare
[EMAIL PROTECTED] 100 Eagle Rock Ave
Voice:(973)599-2000 East Hanover, NJ 07936
Fax:(973)599-2005 http://www.lucent.com
