Re: [fw-wiz] identd, revisited



Here is a good identd which you can run out of inetd or xinetd.

Call it /usr/sbin/ident or whatever you want and have it run out
of the appropriate inetd.conf or xinetd configuration file. In many
cases most remove service checking in with an identd/auth server
won't even match up the socket pair with the port #s return so that
you could eliminate the read and just return '0, 0' but some services
might check. Change 'root' to whatever userid you want to return...

#!/bin/sh
read a b
echo $a $b ': USERID : UNIX :root'


- H. Morrow Long, CISSP, CISM, CEH
University Information Security Officer
Director -- Information Security Office
Yale University, ITS


ArkanoiD <ark@xxxxxxxxx> wrote:

[snip]

But what's really wrong with identd?
[snip]

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: vsftpd setup
    ... I prefer using xinetd vs. running a daemon for ... If there is indeed a security risk, I would like to know more. ... I am allowing *only* anonymous access to the ftp ...
    (comp.os.linux.setup)
  • Re: Identd DoS Attacks
    ... Subject: Identd DoS Attacks ... nothing special, just a resource exhaustion. ... I can't turn off identd so I must find a walk around. ... throw identd in xinetd and use the max_from_ip directive. ...
    (Focus-Linux)
  • Re: Linux newbie question
    ... Xinetd hides the process it starts. ... Until a connection request arrives there is no daemon ... The Linux Emporium - the source for Linux in the UK ...
    (comp.os.linux.misc)
  • Re: ftp server limit ?
    ... >would dynamically ban an ip who tried to connect more than 20 times in ... I think that you can do this with xinetd. ... Or just repeating what it was you heard". ...
    (comp.os.linux.security)