Date: Tue, 6 Apr 1999 13:04:42 -0700 (PDT) From: Nick Sayer <nsayer@quack.kfu.com> To: freebsd-hackers@freebsd.org Subject: Re: cvs commit: ports/security/identify - Imported sources Message-ID: <199904062004.NAA34014@medusa.kfu.com> In-Reply-To: <18803.923390753@axl.noc.iafrica.com> from Sheldon Hearn at "Apr 6, 1999 11:25:53 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> > > On Fri, 02 Apr 1999 11:07:31 PST, Nick Sayer wrote: > > > Log Message: > > Add "identify" daemon wrapper. Allows one to add ident lookup and logging > > to arbitrary daemons (like telnetd or fingerd). > > Since a remote host's response to your ident request offers you nothing > in terms of security, I'd _strongly_ recommend that this port be moved > to net and _not_ left in security, where it's bound to mislead the > uninitiated. It is appropriate to leave it in security, because it is a logging tool. It can be used to identify miscreants in certain, limited circumstances. Specifically... You get a connection from a shell account ISP. The machine is not evil, but a particular user is. Under those circumstances, the data you get from the remote identd daemon is useful to the extent that you can send the ident readback to the administrators of the machine. There are programs (ircd, for one) and users who misconstrue ident as being an authentication protocols (in ircd's case, despite their protestations, the de facto use to which they put identd is authentication, since they take the ident protocol output and make that the left-hand-side of your e-mail address, even if the data is a logging token only -- as allowed by the RFC when you set the machine type to OTHER). identify certainly isn't one of them. -- echo afnlre@dhnpx.xsh.pbz |\ : Anita Hill then, Paula Jones now. tr 'a-z' 'n-za-m' : or remove nospam in From: line : What goes around, comes around. http://www.kfu.com/~nsayer/ : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904062004.NAA34014>