On Wed, 17 Nov 1999, Torsten Behle wrote:
Do I need to have the ident daemon on port 113 running? That port is currently open on the external interface on my firewall.
No. None of the usual services depends on the ident daemon.
This is not totally correct. I had port 113 disabled (&logged) a long time. I got denys during FTP transfers nethertheless FTP worked. But there are some FTP-Servers, which need the port open, else no connection will be made.
ident requests are probably most common in Internet Relay Chat servers (many EFnet servers and channels require ident responses now), but I'd not think it a big stretch of imagination for ftp servers to require something like ident in order to defeat crap like bouncing.
I think the question also involved: If *yes*, how secure is it? (And: If *not secure*, is there a way to secure it?) Does anyone have information on that?
Secure? If you mean if its secure against remote intrusion, it is secure (at least, I haven't heard of any remote exploits against the identd daemon on any platform). The nature of the beast is more along the lines of the fingerd daemon, which a potential cracker might use to gather information about your system-- e.g., nmap has an ident information gathering switch (-I). Ultimately, identd is (I think) a daemon best run only on end-user/workstation boxes; in the interest of security, just about any server does not need identd running.