also sprach Ethan Benson (on Fri, 31 Aug 2001 01:38:45AM -0800): > > honest question: whose business is the name of a user who initiated a > > connection??? identd is a horrible concept and elicits shrieks among > > the security conscious. i do understand that you need it for this and > > that, so install oidentd, which has a feature to return random user > > names, but other than that, don't worry about it. ident is a hacker's > > this is a severe exaggeration. > most people who bitch about identd don't even understand what its for. okay, i give you that, but still, i have yet to encounter one sensibly good use for ident. any shots? > > friend, not only because nmap can tell everyone who is running the > > services behind your open ports. you don't want that. > > why not? in most cases they will know anyway because most services > either must run as root, or not, if its a nonroot service what the > actual username is really isn't useful nor important. well, while my named runs may run as user bind and my proftpd as user proftpd and my apache as www-data, there are *plenty* of people who run these things as root. it's nice to determine first whether named is running as root before cracking it... > security through obscurity is all your really gaining. true in a way, but it's a step... > i am more concerned that the services i run are properly configured > and have all security updates applied then whether someone knows what > userid they are running as. that's one of the many other parts of being security-concious... martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck -- have you drugged your kids today?
Attachment:
pgpEhvCVVAI5S.pgp
Description: PGP signature