[linux-help] Re: sendmail - delay

[Weqaar Ali Janjua <wxjanjua@xxxxxxxxxxx>]

Well about identd being a security breach:

If you read the RFC1413 it clearly states:

The Identification Protocol is not intended as an authorization or access 
control protocol. At best, it provides some additional auditing information 
with respect to TCP connections. At worst, it can provide misleading, 
incorrect, or maliciously incorrect information.

The use of the information returned by this protocol for other than auditing 
is strongly discouraged. Specifically, using Identification Protocol 
information to make access control decisions - either as the primary method 
(i.e., no other checks) or as an adjunct to other methods may result in a 
weakening of normal host security.

SO YOU SHOULD NOT USE IN PUBLIC NETWORK ENVIRONMENTS!!!

This is an explanation of one of the ways attacks can be
performed.
        First of all, this is *not* an attack against the in.identd! This is
an attack against the *protocol* used by identd. The ident protocol simply 
returns an owner of a connection originated on a remote machine. Another name 
for this protocol is auth.

auth            113/tcp         ident           # User Verification

A remote system can ask ident to return a string identifing a user owner of
a connection. For example, lets say that an attacker connects to a service
running with a super-user priviledge (it just binds a port below 1024). This
service sends a request to ID a user to ident running on a remote machine. 
If that ident is used to penetrate a system, there is nothing to prevent 
it from returning not `mickeymouse` but `micketmouse......` where .... is
an image of the machine code to be executed. If a program requring the ID
was designed to trust the response of a remote ident server ("Gee, it is the
*ident* server, why not to trust it?!?!?!" ) then it probably did not expect
anything like a bomb-code being returned.

I think that explains something!

I looked at qpops docs as well but the documentation is not really enough. 
There are many things involved in authentication not just the pop daemon,, 
tcod, inetd, identd, tcpwrapper!, IDENT is used by mostly IRC servers..I'm not 
into default installations os I dont really KNOW if u install systems as they 
r shipped but what I do is I work with tars and compile the source code for 
every software, dont use rpms, so many softwares are by default compiled 
--with-ident support.

>===== Original Message From linux-help@xxxxxxxxx =====
>On Wed, 21 Mar 2001, Sudharsha Wijesinghe wrote:
>
>> How do I disable Qpop from ident the client?
>
>Ya know... I'm not seeing where qpopper is trying to use ident.  (Having
>given the documentation and the source code a quick look-through.)  It
>might be inetd trying to do that, but I don't remember inetd getting that
>involved.
>
>I'm no expert on what does and doesn't use ident, but when I managed
>qpopper for SouthWind, we never had any problems involving timeouts caused
>by ident requests, and the majority of the clients didn't run ident
>servers.
>
>I think you may be barking up the wrong tree with this supposed solution.
>
>--
>Carl D Cravens (raven@xxxxxxxxxxx)
>Toto, I don't think we're online anymore...
>
>
>-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
>visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi

----------------------------------
A DREAM IS A GOAL WITH A DEADLINE!
Weqaar Ali Janjua
B.S.Computer Engineering
WSU
----------------------------------


-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi