Date: Sat, 10 Jul 1999 16:00:02 -0600 From: Warner Losh <imp@village.org> To: hackers@FreeBSD.ORG Cc: chris@calldei.com Subject: Re: a BSD identd Message-ID: <199907102200.QAA33239@harmony.village.org> In-Reply-To: Your message of "Sat, 10 Jul 1999 15:57:21 CDT." <19990710155721.C57198@holly.dyndns.org> References: <19990710155721.C57198@holly.dyndns.org> <199907102048.WAA14139@gratis.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19990710155721.C57198@holly.dyndns.org> Chris Costello writes: : The whole point of ident was -- and still is -- to : authenticate or verify who created a specific TCP connection. NO. The IDENT protocol was never intended to authenticate who was on the other end. *NEVER*. People ABUSED it as such, but its value is only as good as the person providing the information. : If : the machine is untouched (i.e., has not had the root account : compromised), then ident responses are usually trustworthy : enough. It is generally not applicable to single user operating : systems like Windows, Mac OS, or DOS. FALSE. If I can hit the remote side faster than the machine that is untouched with a response (by sniffing the packets on a network and heavily loading the machine that I'm attacking from, but haven't penetrated root), then the information is bogus as well. At best, the information provides who might be on the other end of the end of the link... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907102200.QAA33239>