[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is ident secure?



On Fri, Aug 31, 2001 at 04:45:05AM +0200, Martin F Krafft wrote:
> On Thu, Aug 30, 2001 at 11:14:33PM -0300, Alisson Sellaro wrote:
> > I was checking my firewall logs and have detected lots of TCP/113 dropped
> > packets. Checking /etc/services I realized it was ident traffic. What do
> > you think about such service? Should I let it blocked or should I allow it
> > without further security exposure?
> 
> honest question: whose business is the name of a user who initiated a
> connection??? identd is a horrible concept and elicits shrieks among
> the security conscious. i do understand that you need it for this and
> that, so install oidentd, which has a feature to return random user
> names, but other than that, don't worry about it. ident is a hacker's

this is a severe exaggeration.  

most people who bitch about identd don't even understand what its for.

> friend, not only because nmap can tell everyone who is running the
> services behind your open ports. you don't want that.

why not? in most cases they will know anyway because most services
either must run as root, or not, if its a nonroot service what the
actual username is really isn't useful nor important.  

security through obscurity is all your really gaining.  

i am more concerned that the services i run are properly configured
and have all security updates applied then whether someone knows what
userid they are running as.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpsMUAiSxuWm.pgp
Description: PGP signature


Reply to: