Re: Is ident secure?

To: debian-security@lists.debian.org
Subject: Re: Is ident secure?
From: Sunny Dubey <dubeys@bxscience.edu>
Date: Mon, 3 Sep 2001 10:08:16 -0400
Message-id: <[🔎] 200109031437.f83Ebwq90198@voyager.bxscience.edu>
Reply-to: dubeys@bxscience.edu

slightly off topic ... but identd is pretty insecure ...

directly copied from the nmap man page ....

              As  noted
              by Dave Goldsmith in a 1996 Bugtraq post, the ident
              protocol (rfc 1413) allows for  the  disclosure  of
              the  username  that  owns any process connected via
              TCP, even if that process didn't initiate the  con
              nection.  So  you  can, for example, connect to the
              http port and then use identd to find  out  whether
              the  server  is  running  as root. This can only be
              done with a full TCP connection to the target  port
              (i.e.  the  -sT scanning option).  When -I is used,
              the remote host's identd is queried for  each  open
              port  found.  Obviously this won't work if the host
              is not running identd.

for some odd reason, I've noticed that when I tell oidentd to bind itself to 
port 113, it seem prevent this "problem".  (Amazingly its still works for 
legit identd requests)  Identd is pretty crappy, however major IRC networks 
like EFnet will require because less abuse comes from clients with identd.  
(unless you get lucky and run into an open I:Line server that doesn't need 
identd.)

Sunny Dubey

Reply to:

Prev by Date: Sendmail patches in work?
Next by Date: a filter for tcp socket
Previous by thread: Re: Is ident secure?
Next by thread: Re: FUCK YOU
Index(es):
- Date
- Thread