From owner-freebsd-hackers Sat Jul 10 12:58:16 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from leap.innerx.net (leap.innerx.net [38.179.176.25]) by hub.freebsd.org (Postfix) with ESMTP id A295114C05; Sat, 10 Jul 1999 12:58:13 -0700 (PDT) (envelope-from chris@holly.dyndns.org) Received: from holly.dyndns.org (ip39.houston3.tx.pub-ip.psi.net [38.12.169.39]) by leap.innerx.net (Postfix) with ESMTP id 01A61374DF; Sat, 10 Jul 1999 15:58:10 -0400 (EDT) Received: (from chris@localhost) by holly.dyndns.org (8.9.3/8.9.3) id OAA64818; Sat, 10 Jul 1999 14:56:41 -0500 (CDT) (envelope-from chris) Date: Sat, 10 Jul 1999 14:56:40 -0500 From: Chris Costello To: Mark Murray Cc: Ben Rosengart , "Brian F. Feldman" , hackers@FreeBSD.ORG Subject: Re: a BSD identd Message-ID: <19990710145640.B57198@holly.dyndns.org> Reply-To: chris@calldei.com References: <199907101949.VAA14008@gratis.grondar.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/0.96.3i In-Reply-To: <199907101949.VAA14008@gratis.grondar.za>; from Mark Murray on Sat, Jul 10, 1999 at 09:49:12PM +0200 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Jul 10, 1999, Mark Murray wrote: > > I used to run a public shell machine, and one of my users cracked > > someone else's site. Identd made it much easier to figure out who the > > problem user was. > > That represents tiny percentage of identd use. The rest is noise. > > Pidentd+DES _is_ useful in the situation you mention above. It is > on average useless to most security folk, as it can also be used > to obfuscate the problem. Crack root on the box, and identd is no > longer trustworthy. You have an interesting point, however, once a user gains root access, nothing on the machine should be considered trustworthy. -- Chris Costello If a train station is where the train stops, what is a work station? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message