[Mailman-Users] Slow delivery
Christopher X. Candreva
chris at westnet.com
Fri Mar 9 15:48:45 CET 2007
On Fri, 9 Mar 2007, Brad Knowles wrote:
> So Phil says that he runs a trustworthy IDENT server on his box.
> Fine. But plenty of spammers, phishers, and other nefarious types
> out there will try to use IDENT as another vector to exploit for use
> in breaking into your system, or for tricking you into believing
> whatever lies they want you to believe.
This is a common misconception of what IDENT is/was for. IDENT was not
intended to provide reliable authentication, as to who owned a connection.
Rather, IDENT was a way of providing information such that a sysadmin could
figure out later which of their own users had done something bad, or had
their account compromised.
People then started using it this way, possibly due to the inclusion in tcp
wrappers, but as I recall it wasn't the original purpose.
In other words, as the recipient I have no reason to trust the string. But
if I am on the reciving end of an attack from a multi-user machine and am
reporting it to the owner of the machine, I would give them the IDENT data I
capture so they can better track what happened on their machine.
And even on a non-multi user machine, it could help narrow down what process
There was at least one IDENT server that would return a seemingly random
string, that could be decrypted by the sysadmin to know what the account was
without divulging the actual name to the outside.
Chris Candreva -- chris at westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester
More information about the Mailman-Users