[1848] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Services not required?

daemon@ATHENA.MIT.EDU (Aaron M. Ucko)
Tue Jun 9 09:48:49 1998

To: Linux Mailing Lists <linux@aiind.upv.es>
Cc: linux-security@redhat.com
From: amu@MIT.EDU (Aaron M. Ucko)
Date: 09 Jun 1998 08:49:20 -0400
In-Reply-To: Linux Mailing Lists's message of 09 Jun 1998 08:36:10 -0400
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

> Nothing to say about your advices, but encourage people to use identd
> whenever it's possible. It's always nice to know which remote user is
> trying to access your system. In case of problem you know how to point
> your finger at ;) I think it's possible to fool that service, but...

It's trivial to write a spoofing identd.  (The protocol is extremely
simple, and the IDENT server is taken at its word.)

> The best solution when you're worried with sniffers is to use as much
> encrypted services as possible (either SSH or SSL), the problem is that
> Winblows/DOS/Mac haven't got much ports of those utilities. For example, I

F-Secure wrote a (shareware?) ssh for Windows.  I think there may also
be a free port somewhere. 

Another option along these lines is Kerberos v4; a fair amount of unix
software supports it (though you need to apply patches in some cases),
and there are ktelnet and kpop clients for MacOS and Windows.
(Unfortunately, the only working Kerberized telnet client for Windows
AFAIK is a commercial product called Host Explorer.)

-- 
Aaron M. Ucko, KB1CJC <amu@mit.edu> (finger amu@monk.mit.edu)

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post