Re: Port 113 Traffic

From: Zahemszky Gábor (Gabor@Zahemszky.HU)
Date: 02/05/02


Date: Tue, 05 Feb 2002 06:40:43 +0100
From: Zahemszky Gábor <Gabor@Zahemszky.HU>
To: freebsd-security@freebsd.org

On Mon, Feb 04, 2002 at 08:09:06PM -0500, Chris Thomas wrote:
> Hi folks-
>
> If i might make suggestions that will both fulfill security concerns and
> provide identd services. I ran across a program on freshmeat called
> bsidentd (http://freshmeat.net/projects/bsidentd/) which will provide a
> random auth response each time it is queried. It does not interact with
> user processes, yet prevents programs such as sendmail from hanging during
> auth query and allows services such as IRC, while at the same time
> protecting valuable information about user names.

Hi!

And what about the FBSD's inetd's builtin identd (auth) and the -g option?
man inetd:

     Currently, the only internal service to take arguments is ``auth''.
     Without options, the service will always return ``ERROR : HIDDEN-USER''.
     The available arguments to this service that alter its behavior are:

     -g Instead of returning the user's name to the ident requester,
             report a username made up of random alphanumeric characters, e.g.
             ``c0c993''. The -g flag overrides not only the user names, but
             also any fallback name, .fakeid or .noident files.

Bye,

ZGabor < Gabor at Zahemszky dot HU >

-- 
#!/bin/ksh
Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message