From owner-freebsd-security  Mon Feb  4 14:35: 7 2002
Delivered-To: freebsd-security@freebsd.org
Received: from snafu.adept.org (snafu.adept.org [63.201.63.44])
	by hub.freebsd.org (Postfix) with ESMTP id 3832537B431
	for <freebsd-security@FreeBSD.ORG>; Mon,  4 Feb 2002 14:35:03 -0800 (PST)
Received: by snafu.adept.org (Postfix, from userid 1000)
	id 8F08E9EE33; Mon,  4 Feb 2002 14:34:59 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by snafu.adept.org (Postfix) with ESMTP
	id 8776C9B001; Mon,  4 Feb 2002 14:34:59 -0800 (PST)
Date: Mon, 4 Feb 2002 14:34:59 -0800 (PST)
From: Mike Hoskins <mike@adept.org>
To: Martin McCormick <martin@dc.cis.okstate.edu>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: Port 113 Traffic 
In-Reply-To: <200202041914.g14JEiM74583@dc.cis.okstate.edu>
Message-ID: <20020204142741.A53154-100000@snafu.adept.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, 4 Feb 2002, Martin McCormick wrote:

> auth, all right.  A man on auth yielded the auth_getval function
> in C and not much else so I knew it was some kind of
> authorization engine and that's where my trail ran a bit cold.

'Auth' as used here provides the ident service, formerly provided by
things like pidentd, and now served from FreeBSD's inetd as the 'auth'
service.

From /etc/inetd.conf,

# Provide internally a real "ident" service which provides ~/.fakeid support,
# provides ~/.noident support, reports UNKNOWN as the operating system type
# and times out after 30 seconds.
#auth   stream  tcp     nowait  root    internal        auth -r -f -n -o \
	UNKNOWN -t 30

Ident provides a historically trivially-bypassable (say that three
times fast) means of identifying a remote user.

As pointed out here, many services attempt ident queries.  Some
(IRC) may fail to connect at all if ident is unavailable, others (mail)
often continue on after the ident request times out...  so be sure to
configure your firewall per previous instructions in this thread.

Later,
-Mike

--
"They that can give up essential liberty to obtain a little temporary
 safety deserve neither liberty nor safety."  --Benjamin Franklin


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message