|
Security Incidents
mailing list archives
Re: "Authentication" attempts??
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 26 Mar 2001 13:34:38 -0500
On Sun, 25 Mar 2001 22:21:55 PST, Peter Moody <peter.moody () LUTRIS COM> said:
While I don't have an exchange server running, I've seen a lot
of connection attempts to the auth or ident daemon (port 113) to various
machines inside my dmz (all of which get blocked by the pix fw).
I have come to the conclusion that a lot of mail servers employ
this very basic form of authentication.
Please note this about port 113 "authentication". It's *NOT* authentication.
The intent of the 'ident' service is so a mail/IRC/whatever server can contact
the host originating the connection, and get an *identifying* token back.
It is *not* intended to be used for authentication. It's intended that if
there is a problem, *you* (as the mail/IRC/whatever admin) can give that
token *BACK TO* the admin of the machine orginating the connection, and
from that token, the admin will hopefully know which of his users to beat the
snot out of.
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
| 
Intro
