Security Incidents mailing list archives
Re: "Authentication" attempts??
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 26 Mar 2001 13:34:38 -0500
On Sun, 25 Mar 2001 22:21:55 PST, Peter Moody <peter.moody () LUTRIS COM> said:
While I don't have an exchange server running, I've seen a lot of connection attempts to the auth or ident daemon (port 113) to various machines inside my dmz (all of which get blocked by the pix fw). I have come to the conclusion that a lot of mail servers employ this very basic form of authentication.
Please note this about port 113 "authentication". It's *NOT* authentication. The intent of the 'ident' service is so a mail/IRC/whatever server can contact the host originating the connection, and get an *identifying* token back. It is *not* intended to be used for authentication. It's intended that if there is a problem, *you* (as the mail/IRC/whatever admin) can give that token *BACK TO* the admin of the machine orginating the connection, and from that token, the admin will hopefully know which of his users to beat the snot out of. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
_bin
Description:
Current thread:
- "Authentication" attempts?? Los, Ralph (Mar 25)
- Re: "Authentication" attempts?? Peter Moody (Mar 26)
- Re: "Authentication" attempts?? Valdis Kletnieks (Mar 26)
- Re: "Authentication" attempts?? Chris Ess (Mar 26)
- <Possible follow-ups>
- Re: "Authentication" attempts?? Portnoy, Gary (Mar 26)
- Re: "Authentication" attempts?? Peter Moody (Mar 26)