Date: Sat, 10 Jul 1999 15:57:21 -0500 From: Chris Costello <chris@calldei.com> To: Mark Murray <mark@grondar.za> Cc: Ben Rosengart <ben@skunk.org>, "Brian F. Feldman" <green@FreeBSD.ORG>, hackers@FreeBSD.ORG Subject: Re: a BSD identd Message-ID: <19990710155721.C57198@holly.dyndns.org> In-Reply-To: <199907102048.WAA14139@gratis.grondar.za>; from Mark Murray on Sat, Jul 10, 1999 at 10:48:53PM %2B0200 References: <199907102048.WAA14139@gratis.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jul 10, 1999, Mark Murray wrote: > > > Pidentd+DES _is_ useful in the situation you mention above. It is > > > on average useless to most security folk, as it can also be used > > > to obfuscate the problem. Crack root on the box, and identd is no > > > longer trustworthy. > > > > You have an interesting point, however, once a user gains root > > access, nothing on the machine should be considered trustworthy. > > Right - but ident is an "after the fact" tool; one which at the time > you really need results is at its least trustworthy. I need that like > an extra hole in the head. :-) The whole point of ident was -- and still is -- to authenticate or verify who created a specific TCP connection. If the machine is untouched (i.e., has not had the root account compromised), then ident responses are usually trustworthy enough. It is generally not applicable to single user operating systems like Windows, Mac OS, or DOS. -- Chris Costello <chris@calldei.com> Sure it's user-friendly...if you know what you're doing. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990710155721.C57198>