On Fri, Aug 31, 2001 at 04:45:05AM +0200, Martin F Krafft wrote: > On Thu, Aug 30, 2001 at 11:14:33PM -0300, Alisson Sellaro wrote: > > I was checking my firewall logs and have detected lots of TCP/113 dropped > > packets. Checking /etc/services I realized it was ident traffic. What do > > you think about such service? Should I let it blocked or should I allow it > > without further security exposure? > > honest question: whose business is the name of a user who initiated a > connection??? identd is a horrible concept and elicits shrieks among > the security conscious. i do understand that you need it for this and > that, so install oidentd, which has a feature to return random user > names, but other than that, don't worry about it. ident is a hacker's this is a severe exaggeration. most people who bitch about identd don't even understand what its for. > friend, not only because nmap can tell everyone who is running the > services behind your open ports. you don't want that. why not? in most cases they will know anyway because most services either must run as root, or not, if its a nonroot service what the actual username is really isn't useful nor important. security through obscurity is all your really gaining. i am more concerned that the services i run are properly configured and have all security updates applied then whether someone knows what userid they are running as. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp1sEUeIW3SG.pgp
Description: PGP signature