From owner-freebsd-hackers Sun Jul 11 13:57: 9 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id 73ABB14CFB; Sun, 11 Jul 1999 13:57:07 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id NAA64508; Sun, 11 Jul 1999 13:57:06 -0700 (PDT) (envelope-from dillon) Date: Sun, 11 Jul 1999 13:57:06 -0700 (PDT) From: Matthew Dillon Message-Id: <199907112057.NAA64508@apollo.backplane.com> To: "Brian F. Feldman" Cc: Doug , John Polstra , imp@village.org, hackers@FreeBSD.ORG Subject: Re: a BSD identd References: Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :How in the world could my inetd ident service be exploited? I just fixed :the only problematic feature, fake id, to make it not read anything but a :regular file and not let you try to use someone else's name. I can't see :any way that any part of it could be exploited... Typically the exploitation of identd is in the form of a denial-of-service attack. What we saw at BEST were denial-of-service attacks against identd to prevent users on a particular shell machine from being able to initiate an IRC client session (because the remote IRC server would not be able to obtain ident info). Early versions of Identd could be used for port scanning purposes, but not any more. Since identd will only resolve connections comming from the client IP making the connection, there aren't very many "interesting" ways to abuse it. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message