[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: auth port 113: enable or disable on a router/packet filter?

On Sun, Sep 09, 2001 at 04:31:41PM +0200, Markus Kolb 'Capri' wrote:
> Should I start identd or should I only open port 113 and shutdown the
> ident daemon?

If you have a multi user box (like a shel server) you may run and enable
identd on that host, since it greatly makes your live, finding abusers,
easier. You may want to use crypt tokens with identd for enhanced privacy,
but generally the normal unix login is better suited for using free services
on the internet (like chat systems (irc), FTP Serrvers, BBS and Muds).

For performance reason you should never silently drop identd requests (many
MTAs are doing them). So you can eighter reject identd requests on the
router or forward them to the host which has no idnetd running (appearently
the later method is a but unsafe if you are not the admin of both systems).

> Are there any security riscs if my router answers on this auth requests?

Well, identd's are nowaday fairly stable, so exploits are seldom, but you
will leak some information (namely usernames).

> Are there any functional disadvantages if I stop the daemon and reject
> or deny the port?

Yes, if you deny you may experience some delays in delivering mail or
opening FTP Servers. You may also expect some limitations on free services
(like beeing able to connect only 2 times to a IRC Server).

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: