Re: Identification Protocol (was: Re: your mail)
On Thu, Mar 16, 2000 at 06:25:53PM +0100, Sebastian Stark wrote: identd takes two parameters, the server and the source port of a tcp connection. it gives back the userid of the user who started it. am i right so far? i think, the userid may be useful for some purposes but in most cases it is not but gives a hacker a little piece of information. but, you're right, it could be worth while tracking down some attack from your own computer. hmm... i will think about it :-) If you're particularly concerned about giving away userids there are various ident demons that will send something other than the login name (such as a securely encoded form of the login name, or even some random string that contains no useful information). The point is more to provide a cookie that the remote site can give to you when tracking down some problem than it is to provide information they can use directly - if you trust your identd, it saves you a lot of grovelling through logs. It may even be the only way you have of identifying the user responsible on a multi-user box. -- Mark Brown mailto:[EMAIL PROTECTED] (Trying to avoid grumpiness) http://www.tardis.ed.ac.uk/~broonie/ EUFShttp://www.eusa.ed.ac.uk/societies/filmsoc/ pgpwBIS1P290V.pgp Description: PGP signature
Identification Protocol (was: Re: your mail)
On Thu, 16 Mar 2000, Ivan Ivanovic wrote: On my Slink placed on Inernet often appears auth port connection attempts from various sites... What (common) application needs this port? irc server make ident connections to clients. squid can use ident for authorization. sendmail sometimes uses ident. maybe you want to read rfc1413. i'd turn auth off for security reasons if your box has a direct connection to internet. from rfc1413: An Identification server may reveal information about users, entities, objects or processes which might normally be considered private. An Identification server provides service which is a rough analog of the CallerID services provided by some phone companies and many of the same privacy considerations and arguments that apply to the CallerID service apply to Identification. If you wouldn't run a finger server due to privacy considerations you may not want to run this protocol. seb
RE: Identification Protocol (was: Re: your mail)
irc server make ident connections to clients. squid can use ident for authorization. sendmail sometimes uses ident. maybe you want to read rfc1413. i'd turn auth off for security reasons if your box has a direct connection to internet. Hmm, that's an easy approach, but from Security-HOWTO: Many people misunderstand the usefulness of identd, and so disable it or block all off site requests for it. identd is not there to help out remote sites. There is no way of knowing if the data you get from the remote identd is correct or not. There is no authentication in identd requests. Why would you want to run it then? Because it helps you out, and is another data-point in tracking. - Well, the rest is to read there.. (part 8.4). If you trust this writer, there is no harm in having it going and it could be good.. Mvh EOF
RE: Identification Protocol (was: Re: your mail)
On Thu, 16 Mar 2000, Fredrik Liljegren wrote: i'd turn auth off for security reasons if your box has a direct connection to internet. Many people misunderstand the usefulness of identd, and so disable it or block all off site requests for it. identd is not there to help out remote sites. There is no way of knowing if the data you get from the remote identd is correct or not. There is no authentication in identd requests. maybe i am one of these people :) identd takes two parameters, the server and the source port of a tcp connection. it gives back the userid of the user who started it. am i right so far? i think, the userid may be useful for some purposes but in most cases it is not but gives a hacker a little piece of information. but, you're right, it could be worth while tracking down some attack from your own computer. hmm... i will think about it :-) thanks
