Subject: Re: tcp-wrappers, tcpd, and NetBSD
To: None <current-users@NetBSD.ORG>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: current-users
Date: 03/16/1997 18:14:49
>> [...] a (real) pidentd [...]
> Pardon my ignorance, but what is pidentd?
The name of one common implementation of the RFC1413 protocol (or at
least something close to it). The name gets used generically to
describe any RFC1413 daemon.
>> As for the remark that NetBSD's sendmail should come with use of
>> ident disabled, I strongly disagree.
> Given that the answer given to an ident request _cannot_ be trusted -
> as several folk have demonstrated, what it the point? Its just
> another avenue for being attacked.
The answer cannot be trusted by the asker - but then, it shouldn't be.
It should be treated as an opaque token to be pushed back to the site
that generated it if-and-when a complaint is made.
As for what the point is, well, if your site is attacked from mine, and
you complain to me, presumably you would prefer that I take some
action. If you don't tell me what my pidentd returned for the
connection in question, as I remarked earlier, about all I can do is
wish you luck; our system is far too big for me to do anything useful
with anything less than at least a half dozen connects when all I have
to go on is timestamps (more if you aren't NTP-synced) - but if you can
hand me back that token, I can use it to guide my search for more
evidence and can likely do something useful with as little as a single
complaint.
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B