Lars O.Grobe sagte:

Hi!

We have dhcp-logs. But the dhcp-log shows just the local ip, while the (maybe attacked) server will only see the gateways external ip. So we would have to log ALL connections made from ANY client on the gateway, so that we could see the local addresses. This is not possible because of privacy concerns. So we need a way allowing the gateway to tell the server the original ip (or hostname or registred user) of the machine (in a hoshed format) if necessary. The only mechanism for that is afaik identd.

Hi, you could use pimpd, which is not quite what you want (its nothing but an application proxy for ident (of sorts), but it keeps logsfiles which host was contacted by which inside host. freshmeat has a link. if you want an improved version that has support for a .fakeident files inside an users homedir, let me know (I mailed a diff to the original author of pimpd but until now he ignored it). bye, MH

CU Lars.

Dana Hudes:

...

identd isn't encrypted and isn't reliable it is easily spoofed. DHCP logs would be more reliable...

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

-- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt!

Lars O.Grobe sagte:

Hi!

We have dhcp-logs. But the dhcp-log shows just the local ip, while the (maybe attacked) server will only see the gateways external ip. So we would have to log ALL connections made from ANY client on the gateway, so that we could see the local addresses. This is not possible because of privacy concerns. So we need a way allowing the gateway to tell the server the original ip (or hostname or registred user) of the machine (in a hoshed format) if necessary. The only mechanism for that is afaik identd.

Hi, you could use pimpd, which is not quite what you want (its nothing but an application proxy for ident (of sorts), but it keeps logsfiles which host was contacted by which inside host. freshmeat has a link. if you want an improved version that has support for a .fakeident files inside an users homedir, let me know (I mailed a diff to the original author of pimpd but until now he ignored it). bye, MH

CU Lars.

Dana Hudes:

...

identd isn't encrypted and isn't reliable it is easily spoofed. DHCP logs would be more reliable...

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

-- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt!