On 01-08-31 Martin F Krafft wrote:
> also sprach Christian Kurz (on Fri, 31 Aug 2001 10:12:31AM +0200):
> > > honest question: whose business is the name of a user who initiated a
> > > connection???
> > It can be some sort of help if you have a system with lots of users and
> > complainments about one. Some admins may be able to send you the logged
> > ident information and if you then can trust you ident server, you get a
> > nice hint to the user, who is responsible. But this depends heavily on
> > the fact, if you can be sure that your ident server hasn't been
> > modified/replaced.
> process accounting. process accounting.
Would you care to explain that a bit more and especially compare it with
ident protocol (advantages and disadvantages)?
> > > identd is a horrible concept and elicits shrieks among
> > > the security conscious. i do understand that you need it for this and
> > Would you mind explaining that statement?
> it's in my other post. ident is an easy way to establish whether e.g.
> named is running as root so as to properly target attacks.
It's absolutely not. This heavily depends on the setup of your ident
daemon.
> > > names, but other than that, don't worry about it. ident is a hacker's
> > > friend, not only because nmap can tell everyone who is running the
> > > services behind your open ports. you don't want that.
> > No, that's a wrong statement. Ident doesn't necessarily tell you
> > anything about the user.
> it tells you the uid. for root, that's 'root' and that's pretty damn
> sensitive information right there...
Argh, wrong again. Would you now mind reading the RfC describing the
"Ident Protocol"? It's possible to run ident daemons, which don't tell
you an name or uid. Why don't you inform yourself before making wrong
claims?
Christian
--
Debian Developer (http://www.debian.org)
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Attachment:
pgpMMW6BaWwde.pgp
Description: PGP signature