On Thu, Mar 16, 2000 at 06:25:53PM +0100, Sebastian Stark wrote:
> identd takes two parameters, the server and the source port of a tcp
> connection. it gives back the userid of the user who started it. am i
> right so far?
> i think, the userid may be useful for some purposes but in most cases it
> is not but gives a hacker a little piece of information.
> but, you're right, it could be worth while tracking down some attack from
> your own computer. hmm... i will think about it :-)
If you're particularly concerned about giving away userids there are
various ident demons that will send something other than the login name
(such as a securely encoded form of the login name, or even some random
string that contains no useful information).
The point is more to provide a cookie that the remote site can give to
you when tracking down some problem than it is to provide information
they can use directly - if you trust your identd, it saves you a lot of
grovelling through logs. It may even be the only way you have of
identifying the user responsible on a multi-user box.
--
Mark Brown mailto:broonie@tardis.ed.ac.uk (Trying to avoid grumpiness)
http://www.tardis.ed.ac.uk/~broonie/
EUFS http://www.eusa.ed.ac.uk/societies/filmsoc/
Attachment:
pgpQdp9n2R_cd.pgp
Description: PGP signature