[lug] open port

D. Stimits stimits at idcomm.com
Fri Mar 29 22:37:39 MST 2002


Sean Reifschneider wrote:
> 
> On Fri, Mar 29, 2002 at 09:39:24PM -0700, D. Stimits wrote:
> >Most of the time I wouldn't consider that a "minor" possibility, but I
> >feel identd is rather well made. I simply reiterate that the benefit in
> 
> Yeah, I used to feel the same way about BIND and NTP...

BIND, NTP, and many other services are not security services. They're
designed to give out something. While one could argue that identd gives
out something, it only confirms what is already known. The identd daemon
is a security feature, whereas very very few others are such. I wouldn't
even consider ssh a security feature, I consider it a less risky way of
giving out access. Identd is entirely a way to deny access. I have not
heard of any nightmare stories yet for identd, whereas almost everything
else I've heard of at least one horror story. Apache seems to be rather
well made, but then there are all the modules and options that sometimes
get broken (recent php is one example). I wouldn't be arguing at all if
identd was used as a way to allow things, and some may argue that it is,
but I have never heard of anyone being dumb enough to remove passwords
and depend only on identd...it has always been in addition, not as a
substitute, such as ssh being a substitute for telnet. I see it as an
additional restriction rather than a substitute or means of extra
access.

D. Stimits, stimits at idcomm.com

> 
> Sean
> --
>  Peppermint Patty gets a DSL line in "YOU'D TELL ME IF YOU WERE IN A GERMAN
>  SCHEISSE VIDEO WOULDN'T YOU, CHARLIE BROWN"
> Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug



More information about the LUG mailing list