Re: information question

To: debian-isp@ghost.net.cfw.com
Cc: debian-isp <debian-isp@lists.debian.org>
Subject: Re: information question
From: Michael Bacarella <mbac@nyct.net>
Date: Tue, 5 Sep 2000 13:02:03 -0400 (EDT)
Message-id: <[🔎] Pine.BSF.4.21.0009051252130.58470-100000@bsd1.nyct.net>
In-reply-to: <[🔎] Pine.LNX.4.21.0009051047290.12993-100000@ghost.net.cfw.com>

> sites of users that I have on the machine (i.e- ~debian-isp). I was
> wondering how they are finding out which users that I have on the machine
> and was wondering if I could be running services that pose a security
> problem. I only have the following open:
> 
> Port    State       Protocol  Service
> 21      open        tcp        ftp
> 22      open        tcp        ssh
> 25      open        tcp        smtp
> 80      open        tcp        http
> 113     open        tcp        auth
> 443     open        tcp        https
> 515     open        tcp        printer
> 3306    open        tcp        mysql
> 6000    open        tcp        X11
> 
> I had a question as to the function of 'auth'.
> I am not quite sure what this does. If someone could give me a heads up.
> Any advice appriciated.

Auth servers are used to determine the "owner" of a specific
connection, more commonly known as identity servers, and essentially 
useless. Some IRC servers use them to make sure you're not IRC'ing as
root.

Some network scanners use ident to determine what services are running as
root, to aid them in a system compromise.

If you need to run identity/auth services at all, use one that can be
configured to return useless information like (*shameless plug*) ident2 at
http://netgraft.com/

You can probably safely disable it, though.

-MB

Reply to:

References:
- information question
  - From: <debian-isp@ghost.net.cfw.com>

Prev by Date: Re: traffic shaping
Next by Date: Re: traffic shaping
Previous by thread: Re: Suggestion for Mail Archiving Software
Next by thread: Re: information question
Index(es):
- Date
- Thread