Is Ident required? If so, is a fake daemon preferable?

landon · Apprentice Joined: 09 Mar 2004 Posts: 159

Basically as the title suggests.

Does the absence of Ident result in delayed connections to ftp, or irc?

I've seen several articles on using a fake daemon, but at the same time, I've also seen exploit warnings on a lot of the ones suggested.

What should I consider?

adaptr · Posted: Wed Jan 19, 2005 3:33 pm Post subject:

Yes, the absence of an identd on port 113 may delay or even fault many network protocols, including SMTP, FTP and IRC.

This will vary from server to server; whether or not to insist on ident responses is usually configurable since not many people use them anymore because they are so easily faked.

Running a fake identd should do fine; it doesn't really matter what the response is.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen

landon · Apprentice Joined: 09 Mar 2004 Posts: 159

Can you recommend any in particular? Or a list of a few?

adaptr · Posted: Wed Jan 19, 2005 3:47 pm Post subject:

Erm... emerge -s identd ?

Gives me 6 results, 1 masked.

But it may be a lot easier to sidestep the problem, in one of 2 ways:

- set up which ever router handles your internet connection to provide the response, or
- configure a firewall to actually close port 113, that should give the requestor the heads up that waiting for a timeout is rather stupid...
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen

Robin79 · Posted: Wed Jun 15, 2005 6:01 pm Post subject:

So does this work on ftps? i use pftpfxp
_________________
Gentoo 2005.0
ASUS P5AD2 Deluxe MB
Intel P4 3.2GHz
PCI-E Nvidia Geforce PCX 5750
--------------------

Registered Linux User Nr # 319050 http://counter.li.org