[ale] identd : privacy concerns

Peter.Wan at cc.gatech.edu Peter.Wan at cc.gatech.edu
Sat Jan 9 17:26:07 EST 1999


On Jan 9,  4:44pm, Joe Bayes wrote:
} Subject: [ale] identd : privacy concerns
} 
} Seeing some unknown hostnames in my system logs inspired me to read up
} on identd. As I understand it, identd allows anyone who knows the
} local and remote ports of a TCP connection to find out the username of
} the process which is running that connection. 
} 
} I don't see a real use for this service, other than web sites
} collecting email addresses to spam. RFC 1413 states that, "The use of
} the information returned by this protocol for other than auditing is
} strongly discouraged." Somehow I don't think the spammers feel too
} discouraged about this.
} 
} Can anyone give me a legit and necessary use of identd, or some other
} reason why I shouldn't disable it? 
} 
} thanks,
} 
} --joe
}-- End of excerpt from Joe Bayes

Hi Joe, the 'identd' output should only be used by the system that
provides it (so remote systems would be providing you with the info in
case something needs to be tracked down about a connection from your
site).  Of course, the info can be abused so newer versions of 'identd'
can be configured to return the UID that is running the process, or an
encrypted login name; if you configure it this way, remote systems
won't be able to use the info, and can only return it to you for
handling ("my web site was hacked by user 1413 on your system, tell
them to stop").  Version 2.8.3 of 'identd' has the -C (encrypted login
names) and -n (numeric user identification) to do this.
	Peter






More information about the Ale mailing list