[lug] open port

Peter Hutnick peter at fpcc.net
Fri Mar 29 16:46:34 MST 2002


On Friday 29 March 2002 03:37 pm, D. Stimits wrote:

> Ident isn't really authentication, it's only real purpose is
> anti-spoofing. 

> It's archaic and weak, but I don't think it is a risk,
> it is a help.

First, I'd consider it a personal favor if you would trim your replies.

The problem with your argument is that that you grant that it is weak.  I 
assert that people rely on it.  The logical conclusion is that it is 
therefore a risk.

To draw a parallel, it is like telnet.  It can be used to good effect in some 
situations, but for the most part it is more of a liability than an asset.  
The simplest policy is to not use it.

-Peter




More information about the LUG mailing list