On Thu, 11 Jun 1998, Blair Craft wrote:
> As I understand identd, it allows someone from a remote computer to find out
> who owns processes running on my computer. I am curious to know if this has
> recently been used to gather information that would be useful to someone
> trying to exploit a machine?
I've heard rumors about people exploiting identd before, but nothing
solid. Make sure it's running as nobody and not as root so at least it
can't be directly exploited. Set up process accounting if you're worried
so you can see if they do manage to get ident to do something weird.
> Then I got to todays log entries and I found someone that purports to be
> from Finland doing much the same thing. This activity was logged for 10
> minutes.
Well, it could be any number of things. ident requests turn up when you
least expect them and are not, in and of themselves, harmful. What was
the process they were examining? Some sites generate ident lookups
whenever they are contacted. So maybe someone on your site is bad and is
bouncing spam off of them. Maybe someone on your site is doing something
strange with a web page hosted there. Maybe there is an infinite loop.
(those are bad :) ).
In any case, 99% of ident lookups are automatically generated. So you
should look for what service might be producing them, rather than worrying
about bad guys (tm).
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
