One recurring theme I've seen within this thread is that running identd poses a security threat. However, I haven't seen any real examples of it. For the benefit of those that are really interested in the "WHY," I wanted to offer you the following information.
When I was tinkering with identd last winter, I realized it's possible to identify most MTAs without performing header analysis if the host is running identd. This was accomplished by manually connecting to port 25 of the host, then in another connection issuing an ident request to the system. By issuing the request, I was able to determine the following: 1) users that had installed qmail, following djb's guidelines to the tee. When issuing the request, identd would respond to the request letting the issuer know that the user of the email server is qmail. 2) users that had installed postfix, following Wietse's guidelines to the tee. When issuing the request, identd would respond to the request letting the issuer know that the user of the email server is postfix. 3) The same of course, applies to sendmail, user varying by operating system. Of course, there are much easier ways of getting this information without making the noise required to use identd, such as searching mailing list posts, or just googling. The point, of course, is that identd will leak information about any processes that allow interactive connections from remote hosts. I thought this was a new issue, but after talking with Lane Davis (some of you may recognize him as Merc), he pointed me to a post made several years ago by David Goldsmith. Here is an URL to the original post: http://www.securityfocus.com/archive/1/4314/1996-02-07/1996-02-13/0 This can of course be extended to other services run on the system, such as POP, HTTP, and the like. So, any of you wondering about the WHY should have a little more information that's useful in making an informed decision about this particular service. Cheers, Hal Flynn Symantec Corp. "....You guys are the Marine's doctors; There's no better in the business than a Navy Corpsman...." -- Lieutenant General Lewis B. "Chesty" Puller, U.S.M.C.
