Date: Mon, 4 Feb 2002 20:09:06 -0500 From: Chris Thomas <resopmok@gramsc1.dyndns.org> To: freebsd-security@freebsd.org Cc: Bart Matthaei <bart@dreamflow.nl> Subject: Re: Port 113 Traffic Message-ID: <20020204200906.5559b083.resopmok@gramsc1.dyndns.org> In-Reply-To: <20020204202532.P34448@heresy.dreamflow.nl> References: <200202041914.g14JEiM74583@dc.cis.okstate.edu> <20020204202532.P34448@heresy.dreamflow.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi folks- If i might make suggestions that will both fulfill security concerns and provide identd services. I ran across a program on freshmeat called bsidentd (http://freshmeat.net/projects/bsidentd/) which will provide a random auth response each time it is queried. It does not interact with user processes, yet prevents programs such as sendmail from hanging during auth query and allows services such as IRC, while at the same time protecting valuable information about user names. As some may know, auth is a potential security risk when providing actual usernames, due in part to a feature in nmap which, during a connect scan, will query for the owner of open ports. Using bsidentd, you will generate a repsonse such as this: State Service Owner 21/tcp open ftp ykpqe 22/tcp open ssh cqxw 25/tcp open smtp achrmp 80/tcp open http achrmp 110/tcp open pop-3 untzdr 113/tcp open auth ykpqes In this way valuable information about your system is protected, but an auth response is created, allowing services to run appropriately (It's also useful for avoiding IRC banmasks ;). Anyway, this is not a plug for the program, but a solution I have found to be useful for protecting anonymity yet still provide full services. Enjoy, -chris On Mon, 4 Feb 2002 20:25:32 +0100 Bart Matthaei <bart@dreamflow.nl> wrote about Re: Port 113 Traffic: ||On Mon, Feb 04, 2002 at 01:14:44PM -0600, Martin McCormick wrote: ||[snip] || ||You don't wanna block ident. Its trivial. If you block it, ident ||requests to your machine will time out, resulting in a slow ||initialization of connections like irc, to name one. ||If your sure you don't wanna use identd, it's best to just shut the ||service down, instead of blocking it. The ident server thats ||connecting to your server will just see a connection refused and cary ||on. || ||With Regards, || ||Bart Matthaei || ||-- ||Bart Matthaei bart@dreamflow.nl || ||Support wildlife -- vote for an orgy. || To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020204200906.5559b083.resopmok>