On 01-08-31 Martin F Krafft wrote:
> On Thu, Aug 30, 2001 at 11:14:33PM -0300, Alisson Sellaro wrote:
> > I was checking my firewall logs and have detected lots of TCP/113 dropped
> > packets. Checking /etc/services I realized it was ident traffic. What do
> > you think about such service? Should I let it blocked or should I allow it
> > without further security exposure?
> honest question: whose business is the name of a user who initiated a
> connection???
It can be some sort of help if you have a system with lots of users and
complainments about one. Some admins may be able to send you the logged
ident information and if you then can trust you ident server, you get a
nice hint to the user, who is responsible. But this depends heavily on
the fact, if you can be sure that your ident server hasn't been
modified/replaced.
> identd is a horrible concept and elicits shrieks among
> the security conscious. i do understand that you need it for this and
Would you mind explaining that statement?
> names, but other than that, don't worry about it. ident is a hacker's
> friend, not only because nmap can tell everyone who is running the
> services behind your open ports. you don't want that.
No, that's a wrong statement. Ident doesn't necessarily tell you
anything about the user.
Christian
--
Debian Developer (http://www.debian.org)
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Attachment:
pgpBJSIsBQxIj.pgp
Description: PGP signature