On Thu, Aug 30, 2001 at 11:14:33PM -0300, Alisson Sellaro wrote: > I was checking my firewall logs and have detected lots of TCP/113 dropped > packets. Checking /etc/services I realized it was ident traffic. What do > you think about such service? Should I let it blocked or should I allow it > without further security exposure? honest question: whose business is the name of a user who initiated a connection??? identd is a horrible concept and elicits shrieks among the security conscious. i do understand that you need it for this and that, so install oidentd, which has a feature to return random user names, but other than that, don't worry about it. ident is a hacker's friend, not only because nmap can tell everyone who is running the services behind your open ports. you don't want that. martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck -- the web site you seek cannot be located but endless others exist.
Attachment:
pgpcKhJyjSXf1.pgp
Description: PGP signature