Re: Port 113 security
From: Axel Beckert - ecos gmbh (beckert@ecos.de)
Date: 03/17/03
- Previous message: Axel Beckert - ecos gmbh: "Re: Local security scanner"
- In reply to: Curt Hastings: "Re: Port 113 security"
- Next in thread: Hal Flynn: "Re: Port 113 security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Mar 2003 19:52:09 +0100 From: Axel Beckert - ecos gmbh <beckert@ecos.de> To: Curt Hastings <curt@ips.edu>
Hi!
Am Fri, Mar 14, 2003 at 01:22:00PM -0500, Curt Hastings schrieb:
> You might be interested in OpenBSD's identd -- the -h option in particular.
>
> [man identd]
>
> -h Hide the actual information about the user by providing an opaque
> token instead. This token is entered into the local system logs
> so that the administrator can later discover who the real user
> was.
>
> This does permit some information to leak out, but it opaque. Here is a log entry.
>
> Mar 12 01:31:35 tokyo identd[8970]: request for (45724,25) from localhost.ips.edu
> Mar 12 01:31:35 tokyo identd[8970]: token txjyl7b0xtvamk8fpsdx == uid 25 (smmsp)
>
> It might be possible to port this to Linux, but I haven't checked.
There is a bunch of identds for Linux. E.g. pidentd with activated
DES support has also such a feature that cryptographically ensures,
that only the local root is able to see who owned the connection in
question.
Here's the list of identds available for Debian GNU/Linux 3.0:
bidentd - Bisqwit's identd
gidentd - RFC1413 compliant IPv4/IPv6 ident daemon
mdidentd - ident daemon that permits fake identd
midentd - identd replacement with masquerading support.
nullidentd - small, fast identd daemon
oidentd - Replacement ident daemon
pidentd - TCP/IP IDENT protocol server.
pidentd-des - TCP/IP IDENT protocol server with DES support.
For details on these packages see http://packages.debian.org/
Kind regards, Axel Beckert
-- -------------------------------------------------------------- Axel Beckert ecos electronic communication services gmbh IT-Securitylösungen * dynamische Webapplikationen * Consulting Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz E-Mail: beckert@ecos.de Voice: +49 6133 939-220 WWW: http://www.ecos.de/ Fax: +49 6133 939-333 -------------------------------------------------------------- | | | Besuchen Sie uns auf der CeBIT vom 12. - 19. März 2003 | | Messe Hannover * Halle 17 * Stand F 36 | | http://www.cebit.de/ | | | --------------------------------------------------------------
- Previous message: Axel Beckert - ecos gmbh: "Re: Local security scanner"
- In reply to: Curt Hastings: "Re: Port 113 security"
- Next in thread: Hal Flynn: "Re: Port 113 security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
