I got this with netstat -tnlp, what is this service? tcp 0 0 :::113 :::* LISTEN 310/in.identd
Raul Gutierrez Segales writes:
I got this with netstat -tnlp, what is this service?
tcp 0 0 :::113 :::* LISTEN 310/in.identd
I am not sure what good it is, but I have read plenty of bad stuff about it involving security. Potential hackers can use it to possibly fingerprint your machine. Fingerprinting will let them know which exploits work and which don't. What I read said to keep the port open (don't block at firewall) but, don't start the daemon. Hope this helps.
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
Back in the days when computers were in locked rooms with a (trusted?)
sys admin, some degree of network security was possible by asking a
connecting computer, which user is using port 123, hence checking the
IDENTity. Now days, the security benefit is nil. The ident daemon
has been abused to discover user names, computer OS and version, and
other information useful to a cracker. All of this information is
obtainable other ways, but why make it easy for them.
Dropping ident connections at the firewall protects the system's
privacy. Most FTP servers still do check ident on a connection
request. If the firewall drops the ident connect, eventually the FTP
server will timeout. Most will grant the connection request anyway.
However if the firewall, rejects the ident connection, or the OS
rejects the ident connection because the port is closed, the FTP
server immediately makes it's decision.
As Raul says, not blocking the port at the firewall and not running
the ident daemon is one solution. (One quibble, the port is not open,
no process has opened it. In fact, the port is closed.) Having the
firewall drop the packet (the DENY action in ipchains) into the great
bit bucket is another, but it slows FTP downloads. The solution I use
is to reject the connection request at the firewall (the REJECT
action). Another is to configure the ident daemon to not reveal
private information. How depends on what you deem private and the
specific ident daemon you are running.
HTH,
Jeffrey
Quoting Jesse Marlin
Raul Gutierrez Segales writes:
I got this with netstat -tnlp, what is this service?
tcp 0 0 :::113 :::* LISTEN 310/in.identd
I am not sure what good it is, but I have read plenty of bad stuff about it involving security. Potential hackers can use it to possibly fingerprint your machine. Fingerprinting will let them know which exploits work and which don't. What I read said to keep the port open (don't block at firewall) but, don't start the daemon. Hope this helps.
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
participants (3)
-
Jeffrey Taylor
-
Jesse Marlin
-
Raul Gutierrez Segales