Hi David, on Tue, 07 Mar 00 at 08:26:23 you wrote...
>Can someone please shed some light as to the subject of closing the ident
>port in Genesis, ie what it's about, how important is it and, more
>importantly, how to go about it?
I can't see what all the fuss is about personally. As long as there
aren't any big security holes in the ident server included with Genesis,
(and I've not heard anything to suggest that), I don't really see the
problem.
For those who don't know, the ident port is a standard port which allows
remote computers to request authentication of which user on a computer is
using a particular network connection. For example when you connect to
IRC the IRC server often requests the username of the person opening the
connection. There's nothing sinister, nonstandard or unusual in all of
this. It's generally fairly meaningless on a single-user system like
AmigaOS anyway, but that's no reason to disable it.
If you really want to close the ident port, go to:
Genesis Prefs
Database
Inetd
Then select the "ident" service and untick "Enabled". The same applies
for any other services either set up by default in Genesis or which have
been added subsequently by programs.
(or for those who don't like GUIs, edit AmiTCP:db/inetd.conf and put a #
at the start of the ident line)
I can't think of any particularly good reason to do this though, although
admittedly if you're not connecting to services that need it then equally
there's no problem with having it closed.
Disabling the port in the way I suggested above simply stops the ident
server included with Genesis running, it won't stop other programs (e.g.
AmIRC) running their own ident server. If you were mega paranoid and
wanted to stop that too you'd have to fiddle with the access controls, but
I'd say that unless you know what you're doing and have a good reason to
do it, there's absolutely no reason to go that far. (Disabling ident in
AmIRC too, or blocking access to the port with Genesis would, for example,
mean you weren't allowed to connect to certain IRC servers and/or
initiating a connection to them would take longer than usual)
Always be cautious of any "security checks" - unless you understand enough
about networking for the results to be meaningful, it's more likely that
such things will just lead to paranoia and scaremongering. Of course,
network security is a serious issue, but much less important if you're
only using a dialup service than it is to someone running a permanent
server with a 24/7 Internet connection. If you are using Genesis on such
a server, then yes you might want to consider more closely which ports are
really needed and close anything unnecessary just to be safe. But it's
best to do this with informed judgement rather than as the result of
"security checks" where you don't understand the output.
_____________________________________________________________
NetConnect mailing list. To unsubscribe, send an 'unsubcribe'
message to <[EMAIL PROTECTED]>
