the ident protocol (was about risk linked to long list in /etc/services)
It appears that I did not read correctly the report of rkhunter about
the warning linked to inetd.
It goes like this:
[08:17:19] Info: Using inetd configuration file '/etc/inetd.conf'
[08:17:19] Checking for enabled inetd services [ Warning ]
[08:17:19] Warning: Found enabled inetd service: ident
Here an extract of http://www.faqs.org/rfcs/rfc1413.html (about ident
protocol which seems active):
An Identification server may reveal information about users,
entities, objects or processes which might normally be considered
private. An Identification server provides service which is a rough
analog of the CallerID services provided by some phone companies and
many of the same privacy considerations and arguments that apply to
the CallerID service apply to Identification. If you wouldn't run a
"finger" server due to privacy considerations you may not want to run
this protocol.
I was not aware that web site could read my login name.
I will indeed probably deactivate it.
Reply to: