No subject

Tue Jun 4 12:17:20 MDT 2013



Unless you have a good reason for doing so, and know what you are doing,
then you should not be running such publicly accessible services. In fact,
you could probably survive quite nicely with all TCP and UDP ports below
1024 closed down, or at least not visible to outside connections (i.e.
blocked via a firewall). A couple of exceptions:

It is relatively safe, and in some cases alright, to run identd (port
113). Many mail and irc servers aren't happy without identd there. This is
the one possible exception to the "nothing below 1024" rule of thumb.
Newer versions are reasonably secure.


Security HowTo:

  8.4.  identd

  identd is a small program that typically runs out of your inetd
  server. It keeps track of what user is running what TCP service, and
  then reports this to whoever requests it.

  Many people misunderstand the usefulness of identd, and so disable it
  or block all off site requests for it. identd is not there to help out
  remote sites. There is no way of knowing if the data you get from the
  remote identd is correct or not. There is no authentication in identd

  Why would you want to run it then? Because it helps you out, and is
  another data-point in tracking. If your identd is un compromised, then
  you know it's telling remote sites the user-name or uid of people
  using TCP services. If the admin at a remote site comes back to you
  and tells you user so-and-so was trying to hack into their site, you
  can easily take action against that user. If you are not running
  identd, you will have to look at lots and lots of logs, figure out who
  was on at the time, and in general take a lot more time to track down
  the user.

  The identd that ships with most distributions is more configurable
  than many people think. You can disable it for specific users (they
  can make a .noident file), you can log all identd requests (We
  recommend it), you can even have identd return a uid instead of a user
  name or even NO-USER.

John Karns                                        jkarns at

More information about the LUG mailing list