[2937] in bugtraq
Re: identd hole?
daemon@ATHENA.MIT.EDU (Rob Quinn)
Tue Jul 16 14:02:47 1996
Date: Tue, 16 Jul 1996 07:35:49 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Rob Quinn <rquinn@sprint.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.GSO.3.94.960715174751.15407A-100000@dazed.nol.net> from
"Brett L. Hawn" at Jul 15, 96 05:57:36 pm
> Lately I've heard rumours about this 'identd' hole in RFC1413
It's been a while since I looked at it, but won't identd actually tell you
about any connection on the machine and who owns it? Maybe he's using that
in some way to follow you around and find out what machines you are connecting
to.
> Then today I had someone claim they had the root password on my machine at
> home. So I telnetted in, changed it
Are you sure he doesn't have root on your machine at work, or a machine on the
same net? If he was snooping the net as you telnet'ed home, you were just
re-opening the door to him. Heck, maybe he didn't have the root password at
all until you telneted in and changed it.
--
| It must be true, Rob Quinn |
| I saw it (703)904-2125 |
| on tv. rquinn@sprint.net |
| Sprint Corporate Security |
