[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: iptables: drop or reject?



On Sun, Oct 28, 2007 at 17:27:01 +0900,
  John Summerfield <debian herakles homelinux org> wrote:
> 
> Anyone who thinks identd provides any security at all wrt computers they 
> don't control is ignorant or stupid.
> 
> It's trivial to find (or even, at a pinch write/modify one) a fake 
> identd that will say anything one chooses; anyone implementing security 
> assuming otherwise is trusting the untrustworthy.
> 
> Besides that, DOS boxes don't normally have one.

I wasn't advocating running ident, but rather not shooting one's self in the
foot by dropping (as opposed to rejecting) ident packets if you do use services
that try to do ident lookups. This is not the same as advocating actually
running an ident server.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]