On Fri, Aug 31, 2001 at 12:11:11PM +0200, Martin F Krafft wrote: > > > identd is a horrible concept and elicits shrieks among > > > the security conscious. i do understand that you need it for this and > > > > Would you mind explaining that statement? > > it's in my other post. ident is an easy way to establish whether e.g. > named is running as root so as to properly target attacks.
Not if configured appropriately. Good identds don't allow reverse ident scanning anymore. > it tells you the uid. for root, that's 'root' and that's pretty damn > sensitive information right there... Agreed, leaking UIDs is serious. Which is why modern identds support returning crypted uids which can only be decoded by the originating server admin. -- Colin Phipps PGP 0x689E463E http://www.netcraft.com/
