mailing list archives
Re: analysis of auditable port scanning techniques
From: "D. J. Bernstein" <djb () CR YP TO>
Date: Mon, 15 Jan 2001 22:01:17 -0000
Dan Harkless writes:
Theo de Raadt just informed me via email that OpenBSD fixed their identd to
only report SS_CONNECTOUT sockets in 1996.
The MTA and the FTP server and many other daemons will make outgoing TCP
connections upon request. This bogus ``fix'' does not achieve the stated
goal of keeping the daemon usernames secret. Meanwhile, it wipes out
useful logs for some portmap-style protocols. (Rare protocols, I agree.)
The correct approach is to encrypt the uid under a secret key. This has
been built into pidentd for years.
Re: analysis of auditable port scanning techniques John Ladwig (Jan 08)