also sprach Martin Fluch (on Fri, 31 Aug 2001 01:02:58PM +0300):
> Consider the following situation: You admin a computer and some user
> tries to atack an other computer from this one. Then the admin of
> the attacked computer can tell _you_, from which user the attack was
> coming, which helps you.
read my other post on process accounting. whoever the user was, this
is information *you* need and information that *you* are responsible
for. i want to find all my malicious users, even if the remote admin,
who was just sendmail buffer overflowed doesn't know of ident.
with process accounting, i can *always* tell you who did something,
with ident i might be able to *iff* the local user didn't spoof it,
*iff* the remote admin is smart and fast enough, and *iff* ident is
allowed through some firewall situation - it might be the remote
side...
> Identd is IMHO not usefull for other systems but the one it is
> running on, but there it can be usefull.
well, except i will argue that process accounting solves this aspect
far better. any other uses?
> Martin
me too. :_)
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
--
"it appears that pl/i (and its dialects) is, or will be, the most widely
used higher level language for systems programming."
-- j. sammet
PGP signature
