Re: [SLUG] identd
identd attacks/probes are the fasting rising probe at http://isc.incidents.org/ Something could be up -- another reason not to run it. Matt -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] identd
thanks, Del Matt; I have removed pidentd which I was considering installing. thanks again. Bill -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] identd
-BEGIN PGP SIGNED MESSAGE- On Friday 07 Mar 2003 12:59 am, Bill wrote: should identd be installed, or is it a security risk? These days it's really not important. When I was working at a Unversity back in 92-94 we installed it on our big Ultrix computing servers so we could have some way of identifying users making connections for auditing purposes, but these days with single user systems you can't really rely on it. Remember, the main reason for installing an IDENT/AUTH service is to help you when someone comes to you and says we had a connection from machine X and your AUTH server said it was 'blah'. Also remember that IDENT/AUTH servers do not have to return a username, they can quite happily return some sort of token that you can then tie back into a user. Crackers tend to look for these services because they can then do a reverse-ident to figure out what the service they connected to is running as. For instance - a cracker connects from his own machine a web server. Whilst that connection is still up he then connects to the IDENT/AUTH server on the web server and asks who is the user behind the connection *from* the web server to his own box. The IDENT/AUTH server will then give away the UID of the owner (unless it is configured to return some sort of obscure token), so they can tell if it's running as apache, httpd or as their preferred target, root. cheers! Chris - -- Chris Samuel : http://csamuel.org/ : Wollongong, NSW -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iQEVAwUBPmmiAI1yjaOTJg85AQHXPwgAoQfD5+ahca8gR70/x5eagRcNSnSdZHCc PSlGRmhb7B2zAVhclDhOTzFk+zzpswwG9jAZO0O4UtK42nwl3D0wdnyNr/Nyh6Eg YgYa+USgkEBnq/ACK8paPHjt4MFaCcw9UmYQerZXbxh/+dF1fa0lAB6u38dLNs1E zbSigeDNKT9BVg2VdMDnB/Pfom/g1LqUacc+KpwVmCG9PE5MMiDmivl+WthudKtQ YLvNQGApdz4XPBSagtOIB+8q2+SH7Haz3j6Vk3SoqxFiKLHlBBb2MzsipDals4pH f0GfynuBoLQu4ZyDytaMFFTM4YciKXhtWuAV2jnhyNjBApz3mgCTNg== =cTiT -END PGP SIGNATURE- -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] identd
should identd be installed, or is it a security risk? will the firewall (SME 5.12) negate any advantages, or will identd weaken the firewall ? google produced mixed answers, and mandrake 9.0 makes it even more fun by calling it pidentd, which may be different . (makes it hard to find, anyway)(not installed in a standard install) all comments, clues appreciated TIA bill -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] identd
Bill wrote: should identd be installed, or is it a security risk? There are several possible answers to that: 1. Switching your computer on and connecting it to the internet is a security risk. Don't do it. 2. identd is not inherently a security risk, but it does run as root and is a daemon, and buffer overflows can hurt it if there are buffer overflow conditions. 3. I have seen one system hacked via what could have been identd, but I didn't have sufficient data to verify that. Personally, I wouldn't bother with it. Not to say that I'd steer clear of it, but so few programs make any kind of use out of the information that identd provides these days that you're better off just rejecting (not dropping) the packets. Dropping the packets slows things down because programs like sendmail will hold off until they either get a connection refused or a timeout, which means that if you drop auth packets your system will take longer to send mail to remote systems. will the firewall (SME 5.12) negate any advantages, or will identd weaken the firewall ? Neither. I'd choose not to run identd but leave the port open in the firewall so that anyone attempting to connect to it gets a simple connection refused. ... google produced mixed answers, and mandrake 9.0 makes it even more fun by calling it pidentd, which may be different . (makes it hard to find, anyway)(not installed in a standard install) pidentd is different to the original identd but it does the same thing. http://www.lysator.liu.se/~pen/pidentd/ -- Del -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] identd
On Fri, Mar 07, 2003 at 12:59:00AM +1100, Bill wrote: should identd be installed, or is it a security risk? will the firewall (SME 5.12) negate any advantages, or will identd weaken the firewall ? google produced mixed answers, and mandrake 9.0 makes it even more fun by calling it pidentd, which may be different . (makes it hard to find, anyway)(not installed in a standard install) all comments, clues appreciated I don't think there's any compelling reason to install and run an identd. Note that some remote services do check for it, so you should have that port actively rejected or not firewalled at all. Otherwise those remote services will seem slow as they do timeouts on ident connections to you. Matt -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Identd - silly question
On Sun, Jul 01, 2001 at 04:10:02PM +1000, Bernhard L?der wrote: Hi, this might be a silly question, but what is identd used for? Does it need to run? What for? Bernhard L?der Rather than try to explain it myself, I'll just quote part of RFC 1413: 1. INTRODUCTION The Identification Protocol (a.k.a., ident, a.k.a., the Ident Protocol) provides a means to determine the identity of a user of a particular TCP connection. Given a TCP port number pair, it returns a character string which identifies the owner of that connection on the server's system. I hope this clears it up. AFAIK, it's not often used anymore, except by some IRC services. -Andrew. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Identd - silly question
Sendmail also appears to try to use it, but doesn't fuss if it is not available. -- Howard. LANNet Computing Associates http://lannetlinux.com _ We needn't, as socialists, get too concerned about privacy; it's a bourgeois right, closely allied to the right to private property. - Former Federal Health Minister Neal Blewett, addressing the Fabian Society in 1988 in relation to the Australia Card issue. On Sun, 1 Jul 2001, Andrew Bennetts wrote: On Sun, Jul 01, 2001 at 04:10:02PM +1000, Bernhard L?der wrote: Hi, this might be a silly question, but what is identd used for? Does it need to run? What for? Bernhard L?der Rather than try to explain it myself, I'll just quote part of RFC 1413: 1. INTRODUCTION The Identification Protocol (a.k.a., ident, a.k.a., the Ident Protocol) provides a means to determine the identity of a user of a particular TCP connection. Given a TCP port number pair, it returns a character string which identifies the owner of that connection on the server's system. I hope this clears it up. AFAIK, it's not often used anymore, except by some IRC services. -Andrew. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
RE: [SLUG] Identd - silly question
So you are saying, if I do not need user authentication I do not need it? Bernhard Luder This electronic mail is solely for the use of the addressee and may contain information that is confidential or privileged. If you receive this electronic mail in error, please delete it from your system immediately and notify the sender by electronic mail. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard Lowndes Sent: Sunday, 1 July 2001 17:12 To: Andrew Bennetts Cc: Bernhard L?der; SLUG user group Subject: Re: [SLUG] Identd - silly question Sendmail also appears to try to use it, but doesn't fuss if it is not available. -- Howard. LANNet Computing Associates http://lannetlinux.com _ We needn't, as socialists, get too concerned about privacy; it's a bourgeois right, closely allied to the right to private property. - Former Federal Health Minister Neal Blewett, addressing the Fabian Society in 1988 in relation to the Australia Card issue. On Sun, 1 Jul 2001, Andrew Bennetts wrote: On Sun, Jul 01, 2001 at 04:10:02PM +1000, Bernhard L?der wrote: Hi, this might be a silly question, but what is identd used for? Does it need to run? What for? Bernhard L?der Rather than try to explain it myself, I'll just quote part of RFC 1413: 1. INTRODUCTION The Identification Protocol (a.k.a., ident, a.k.a., the Ident Protocol) provides a means to determine the identity of a user of a particular TCP connection. Given a TCP port number pair, it returns a character string which identifies the owner of that connection on the server's system. I hope this clears it up. AFAIK, it's not often used anymore, except by some IRC services. -Andrew. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Identd - silly question
There are services that use identd, though I can't remember them all. I think that by removing it, you may actually incur delays (although small) when doing some things. For example I think sendmail and maybe even ssh use identd, so if you stop it then at times during the initiation of a connection there maybe a time out while the program asks what user is trying to initiate the connection and gets no response. Then again I am probably wrong about everything so don't bother reading this message. Maybe that should have gone at the beginning? Matt. Bernhard Luder wrote: So you are saying, if I do not need user authentication I do not need it? Bernhard Luder This electronic mail is solely for the use of the addressee and may contain information that is confidential or privileged. If you receive this electronic mail in error, please delete it from your system immediately and notify the sender by electronic mail. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Howard Lowndes Sent: Sunday, 1 July 2001 17:12 To: Andrew Bennetts Cc: Bernhard L?der; SLUG user group Subject: Re: [SLUG] Identd - silly question Sendmail also appears to try to use it, but doesn't fuss if it is not available. -- Howard. LANNet Computing Associates http://lannetlinux.com _ We needn't, as socialists, get too concerned about privacy; it's a bourgeois right, closely allied to the right to private property. - Former Federal Health Minister Neal Blewett, addressing the Fabian Society in 1988 in relation to the Australia Card issue. On Sun, 1 Jul 2001, Andrew Bennetts wrote: On Sun, Jul 01, 2001 at 04:10:02PM +1000, Bernhard L?der wrote: Hi, this might be a silly question, but what is identd used for? Does it need to run? What for? Bernhard L?der Rather than try to explain it myself, I'll just quote part of RFC 1413: 1. INTRODUCTION The Identification Protocol (a.k.a., ident, a.k.a., the Ident Protocol) provides a means to determine the identity of a user of a particular TCP connection. Given a TCP port number pair, it returns a character string which identifies the owner of that connection on the server's system. I hope this clears it up. AFAIK, it's not often used anymore, except by some IRC services. -Andrew. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Identd - silly question
Hi, this might be a silly question, but what is identd used for? Does it need to run? What for? Bernhard Lüder This electronic mail is solely for the use of the addressee and may contain information that is confidential or privileged. If you receive this electronic mail in error, please delete it from your system immediately and notify the sender by electronic mail. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug