[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is ident secure?

On Fri, Aug 31, 2001 at 12:11:11PM +0200, Martin F Krafft wrote:
> > > identd is a horrible concept and elicits shrieks among
> > > the security conscious. i do understand that you need it for this and
> > 
> > Would you mind explaining that statement?
> 
> it's in my other post. ident is an easy way to establish whether e.g.
> named is running as root so as to properly target attacks.

Not if configured appropriately. Good identds don't allow reverse ident
scanning anymore.

> it tells you the uid. for root, that's 'root' and that's pretty damn
> sensitive information right there...

Agreed, leaking UIDs is serious. Which is why modern identds support returning
crypted uids which can only be decoded by the originating server admin.

-- 
Colin Phipps         PGP 0x689E463E     http://www.netcraft.com/
Reply to: