[1861] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Services not required?

daemon@ATHENA.MIT.EDU (John \"E.R.\" Jasen)
Sun Jun 14 05:17:55 1998

Date: Thu, 11 Jun 1998 01:19:24 -0400 (EDT)
From: "John \"E.R.\" Jasen" <jjasen1@umbc.edu>
cc: linux-security@redhat.com
In-Reply-To: <199806091335.JAA05134@alcove.wittsend.com>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

On Tue, 9 Jun 1998, Michael H. Warfield wrote:
> John \"E.R.\" Jasen enscribed thusly:
> > Ummm ... A lot of sites are set to interrogate your identd server when you
> > access them for (mail|ftp|telnet|etc). It makes a good first defense
> > against various 'badness'.
> 
> 	Identd aka auth is spoofable / forgeable on a box you have control.
> For that reason, nobody generally "relies" on it, even though there are
> plenty of services which inquire upon it.  The biggest problem is making
> sure you return SOMETHING for it.  If you don't want to run it, make sure
> you return an ICMP port unreachable or some such.

identd/auth is a great start to catching all the people who make stupid or
'newbie' mistakes while committing badness. [People just discovering how
to forge mail come to mind.]

--
"Frankly, Agent Mulder, alien abduction is the more believable option."
			Agent Skinner, X-Files, 3/09/98 [paraphrase] 
-- John E. Jasen  // DNRC Ambassador to Earth \\  jjasen1@umbc.edu --
-- My views are those of the DNRC only. Prepare to be domesticated --

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post