> sites of users that I have on the machine (i.e- ~debian-isp). I was > wondering how they are finding out which users that I have on the machine > and was wondering if I could be running services that pose a security > problem. I only have the following open: > > Port State Protocol Service > 21 open tcp ftp > 22 open tcp ssh > 25 open tcp smtp > 80 open tcp http > 113 open tcp auth > 443 open tcp https > 515 open tcp printer > 3306 open tcp mysql > 6000 open tcp X11 > > I had a question as to the function of 'auth'. > I am not quite sure what this does. If someone could give me a heads up. > Any advice appriciated.
Auth servers are used to determine the "owner" of a specific connection, more commonly known as identity servers, and essentially useless. Some IRC servers use them to make sure you're not IRC'ing as root. Some network scanners use ident to determine what services are running as root, to aid them in a system compromise. If you need to run identity/auth services at all, use one that can be configured to return useless information like (*shameless plug*) ident2 at http://netgraft.com/ You can probably safely disable it, though. -MB
