[This is not in response to any one message, but is just to clarify a
couple things that have come up in the various threads.]
- pidentd 2.5 can DES-encrypt the returned cookie so it's useless to the
other end *unless he gives it to you*.
Obviously if the attacker breaks root on your machine and stomps on your
identd this is no better, but if they get into your machine as a regular
user, then use your machine as a staging point, you'll have a useful,
time & date-stamped log entry when you decrypt the cookie you got from
the target's sysadmin.
So no exposure of your usernames, but you still get some degree of
after-the-fact additional logging. Sounds like a win to me.
- Some PC TCP/IP stacks lose. If there's nothing listening on a port,
they should refuse the connection with RST, not stupidly suck up packets
and wait for the other end to time out. MacTCP gets this right ;-)
This is not ident's problem, or sendmail's, or tcpwrappers. This is a
TCP/IP stack that doesn't follow the spec. It's BROKEN.
Now, this is not to say that ident is for you. However, a couple of
common reasons given for not running it are at least mildly debunked :)
--
Christopher Davis * <ckd @
kei .
com> | "It's 106 ms to Chicago, we've got a full
http://www.kei.com/homepages/ckd/ | disk of GIFs, half a meg of hypertext,
* MIME * PGP * WWW * [CKD1] * | it's dark, and we're wearing sunglasses."
Save swap space: gzip /proc/[0-9]* | "Click it." -- <bluesbros @
bluesbros .
com>
|
|
