On Tue, 26 May 2009 09:40:01 +0000 Michael Shalayeff <mic...@lucifier.net> wrote:
> On Mon, May 25, 2009 at 10:51:01PM +0200, rembra...@jpberlin.de wrote: > > > this does not add any security. > > > > I think differently: > > http://seclists.org/bugtraq/1996/Feb/0023.html > > > > Also there is no loss during deactivating those services from my point of > > view. > > you can know what uid inetd(8) is running on by reading > the sources that are available publicly. > cu You might miss the point Mickey. You can query the ID for any service. Not just identd. Even this scan technic was removed from the public sources long ago: http://nmap.org/nmap_doc.html#ident "TCP reverse ident scanning : As noted by Dave Goldsmith in a 1996 Bugtraq post, the ident protocol (rfc1413) allows for the disclosure of the username of the owner of any process connected via TCP, even if that process didn't initiate the connection. So you can, for example, connect to the http port and then use identd to find out whether the server is running as root. This can only be done with a full TCP connection to the target port (i.e. the -t option). nmap's -i option queries identd for the owner of all listen()ing ports." Kind regards, Rembrandt
