On Thu, Nov 29, 2001 at 05:58:48PM -0800, nate wrote: > <quote who=""> > > > prepared to open up port 113 if I could guarantee that the program > > would not give my real user id and there is no way that it could be > > compromised. > > i don't think theres anybody who could give a network daemon > a complete vote of confidence and say it cannot be compromised. > most of the identd servers with debian have no known problems, > but that doesn't mean they are no unknown ones. if you don't > NEED identd then don't run it. i use it on some systems > for irc, but on the vast majority of my servers i do not > have it installed. identd is not needed for email. my main > mail servers do not have it. and they are behind firewalls > that don't allow it through even if they did. > > maybe if i had the time to look at my firewall logs i would > have them logged. i don't care if people hit ports that > are blocked or are not running. > Yeah, that was what the conclusion I came to also last time I looked at this issue. This is why I have not been running an identd server at all. I guess that if I hate the logs then I should just add an iptables rule to REJECT the requests rather than DROP and LOG them. Thanks for the info. I think I will be glad to do the same as you and continue to not run an identd server. Cheers. Mark.
Attachment:
pgpYB2WoWsQxJ.pgp
Description: PGP signature