Re: Identification Protocol (was: Re: your mail)
On Thu, Mar 16, 2000 at 06:25:53PM +0100, Sebastian Stark wrote: > identd takes two parameters, the server and the source port of a tcp > connection. it gives back the userid of the user who started it. am i > right so far? > i think, the userid may be useful for some purposes but in most cases it > is not but gives a hacker a little piece of information. > but, you're right, it could be worth while tracking down some attack from > your own computer. hmm... i will think about it :-) If you're particularly concerned about giving away userids there are various ident demons that will send something other than the login name (such as a securely encoded form of the login name, or even some random string that contains no useful information). The point is more to provide a cookie that the remote site can give to you when tracking down some problem than it is to provide information they can use directly - if you trust your identd, it saves you a lot of grovelling through logs. It may even be the only way you have of identifying the user responsible on a multi-user box. -- Mark Brown mailto:[EMAIL PROTECTED] (Trying to avoid grumpiness) http://www.tardis.ed.ac.uk/~broonie/ EUFShttp://www.eusa.ed.ac.uk/societies/filmsoc/ pgpwBIS1P290V.pgp Description: PGP signature
RE: Identification Protocol (was: Re: your mail)
On Thu, 16 Mar 2000, Fredrik Liljegren wrote: > > i'd turn auth off for security reasons if your box has a direct > > connection to internet. > Many people misunderstand the usefulness of identd, and so disable it or > block all off site requests for it. identd is not there to help out remote > sites. There is no way of knowing if the data you get from the remote identd > is correct or not. There is no authentication in identd requests. maybe i am one of these people :) identd takes two parameters, the server and the source port of a tcp connection. it gives back the userid of the user who started it. am i right so far? i think, the userid may be useful for some purposes but in most cases it is not but gives a hacker a little piece of information. but, you're right, it could be worth while tracking down some attack from your own computer. hmm... i will think about it :-) thanks
RE: Identification Protocol (was: Re: your mail)
> irc server make ident connections to clients. > squid can use ident for authorization. > sendmail sometimes uses ident. > > maybe you want to read rfc1413. > > i'd turn auth off for security reasons if your box has a direct > connection to internet. Hmm, that's an easy approach, but from Security-HOWTO: Many people misunderstand the usefulness of identd, and so disable it or block all off site requests for it. identd is not there to help out remote sites. There is no way of knowing if the data you get from the remote identd is correct or not. There is no authentication in identd requests. Why would you want to run it then? Because it helps you out, and is another data-point in tracking. - Well, the rest is to read there.. (part 8.4). If you trust this writer, there is no harm in having it going and it could be good.. Mvh EOF
