Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: identd hole?

Re: identd hole?

From: Rob Quinn <rquinn_at_sprint.net>
Date: Tue, 16 Jul 1996 07:35:49 -0400

> Lately I've heard rumours about this 'identd' hole in RFC1413

 It's been a while since I looked at it, but won't identd actually tell you
about any connection on the machine and who owns it? Maybe he's using that
in some way to follow you around and find out what machines you are connecting
to.

> Then today I had someone claim they had the root password on my machine at
> home. So I telnetted in, changed it

 Are you sure he doesn't have root on your machine at work, or a machine on the
same net? If he was snooping the net as you telnet'ed home, you were just
re-opening the door to him. Heck, maybe he didn't have the root password at
all until you telneted in and changed it. 

--
| It must be true,                                               Rob Quinn |
| I saw it                                                   (703)904-2125 |
| on tv.                                                 rquinn_at_sprint.net |
|                                                Sprint Corporate Security |
Received on Jul 16 1996
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos