On Thu, Mar 16, 2000 at 06:25:53PM +0100, Sebastian Stark wrote: > identd takes two parameters, the server and the source port of a tcp > connection. it gives back the userid of the user who started it. am i > right so far? > i think, the userid may be useful for some purposes but in most cases it > is not but gives a hacker a little piece of information. > but, you're right, it could be worth while tracking down some attack from > your own computer. hmm... i will think about it :-) If you're particularly concerned about giving away userids there are various ident demons that will send something other than the login name (such as a securely encoded form of the login name, or even some random string that contains no useful information). The point is more to provide a cookie that the remote site can give to you when tracking down some problem than it is to provide information they can use directly - if you trust your identd, it saves you a lot of grovelling through logs. It may even be the only way you have of identifying the user responsible on a multi-user box. -- Mark Brown mailto:broonie@tardis.ed.ac.uk (Trying to avoid grumpiness) http://www.tardis.ed.ac.uk/~broonie/ EUFS http://www.eusa.ed.ac.uk/societies/filmsoc/
Attachment:
pgpQdp9n2R_cd.pgp
Description: PGP signature