Re: Port 113 security
From: Curt Hastings (firstname.lastname@example.org)
From: Curt Hastings <email@example.com> To: firstname.lastname@example.org Date: Fri, 14 Mar 2003 13:22:00 -0500
On Wednesday 12 March 2003 3:27 pm, Björn Eriksson wrote:
> On Mon, Mar 10, 2003 at 02:17:53PM -0500, Peter H. Lemieux wrote:
> > I use fakeidentd to send a standardized reply to all requests:
> > http://hangout.de/fakeidentd/
> Version 1.2 on that page. version 1.6 had a buffer overflow vuln. I
> think 1.7 from http://www.guru-group.fi/~too/sw/releases/identd.c is
> more safe.
You might be interested in OpenBSD's identd -- the -h option in particular.
-h Hide the actual information about the user by providing an opaque
token instead. This token is entered into the local system logs
so that the administrator can later discover who the real user
This does permit some information to leak out, but it opaque. Here is a log entry.
Mar 12 01:31:35 tokyo identd: request for (45724,25) from localhost.ips.edu
Mar 12 01:31:35 tokyo identd: token txjyl7b0xtvamk8fpsdx == uid 25 (smmsp)
It might be possible to port this to Linux, but I haven't checked.