Re: Port 113 security

From: Curt Hastings (curt@ips.edu)
Date: 03/14/03

  • Next message: Seth Arnold: "Re: Local security scanner"
    From: Curt Hastings <curt@ips.edu>
    To: focus-linux@securityfocus.com
    Date: Fri, 14 Mar 2003 13:22:00 -0500
    
    

    On Wednesday 12 March 2003 3:27 pm, Björn Eriksson wrote:
    > On Mon, Mar 10, 2003 at 02:17:53PM -0500, Peter H. Lemieux wrote:
    > > I use fakeidentd to send a standardized reply to all requests:
    > >
    > > http://hangout.de/fakeidentd/
    >
    > Version 1.2 on that page. version 1.6 had a buffer overflow vuln. I
    > think 1.7 from http://www.guru-group.fi/~too/sw/releases/identd.c is
    > more safe.

    You might be interested in OpenBSD's identd -- the -h option in particular.

    [man identd]

         -h Hide the actual information about the user by providing an opaque
                 token instead. This token is entered into the local system logs
                 so that the administrator can later discover who the real user
                 was.

    This does permit some information to leak out, but it opaque. Here is a log entry.

    Mar 12 01:31:35 tokyo identd[8970]: request for (45724,25) from localhost.ips.edu
    Mar 12 01:31:35 tokyo identd[8970]: token txjyl7b0xtvamk8fpsdx == uid 25 (smmsp)

    It might be possible to port this to Linux, but I haven't checked.

    Curt


  • Next message: Seth Arnold: "Re: Local security scanner"