From owner-freebsd-hackers  Sat Jul 10 13:59: 1 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from leap.innerx.net (leap.innerx.net [38.179.176.25])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3860314E0C; Sat, 10 Jul 1999 13:58:57 -0700 (PDT)
	(envelope-from chris@holly.dyndns.org)
Received: from holly.dyndns.org (ip39.houston3.tx.pub-ip.psi.net [38.12.169.39])
	by leap.innerx.net (Postfix) with ESMTP
	id ADD0637096; Sat, 10 Jul 1999 16:58:53 -0400 (EDT)
Received: (from chris@localhost)
	by holly.dyndns.org (8.9.3/8.9.3) id PAA64961;
	Sat, 10 Jul 1999 15:57:27 -0500 (CDT)
	(envelope-from chris)
Date: Sat, 10 Jul 1999 15:57:21 -0500
From: Chris Costello <chris@calldei.com>
To: Mark Murray <mark@grondar.za>
Cc: Ben Rosengart <ben@skunk.org>,
	"Brian F. Feldman" <green@FreeBSD.ORG>, hackers@FreeBSD.ORG
Subject: Re: a BSD identd
Message-ID: <19990710155721.C57198@holly.dyndns.org>
Reply-To: chris@calldei.com
References: <199907102048.WAA14139@gratis.grondar.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
User-Agent: Mutt/0.96.3i
In-Reply-To: <199907102048.WAA14139@gratis.grondar.za>; from Mark Murray on Sat, Jul 10, 1999 at 10:48:53PM +0200
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Jul 10, 1999, Mark Murray wrote:
> > > Pidentd+DES _is_ useful in the situation you mention above. It is
> > > on average useless to most security folk, as it can also be used
> > > to obfuscate the problem. Crack root on the box, and identd is no
> > > longer trustworthy.
> > 
> >    You have an interesting point, however, once a user gains root
> > access, nothing on the machine should be considered trustworthy.
> 
> Right - but ident is an "after the fact" tool; one which at the time
> you really need results is at its least trustworthy. I need that like
> an extra hole in the head. :-)

   The whole point of ident was -- and still is -- to
authenticate or verify who created a specific TCP connection.  If
the machine is untouched (i.e., has not had the root account
compromised), then ident responses are usually trustworthy
enough.  It is generally not applicable to single user operating
systems like Windows, Mac OS, or DOS.

-- 
Chris Costello                                <chris@calldei.com>
Sure it's user-friendly...if you know what you're doing.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message