Security Incidents mailing list archives

Re: "Authentication" attempts??

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Mon, 26 Mar 2001 13:34:38 -0500

On Sun, 25 Mar 2001 22:21:55 PST, Peter Moody <peter.moody () LUTRIS COM>  said:

While I don't have an exchange server running, I've seen a lot
of connection attempts to the auth or ident daemon (port 113) to various
machines inside my dmz (all of which get blocked by the pix fw).
I have come to the conclusion that a lot of mail servers employ
this very basic form of authentication.


Please note this about port 113 "authentication".  It's *NOT* authentication.

The intent of the 'ident' service is so a mail/IRC/whatever server can contact
the host originating the connection, and get an *identifying* token back.
It is *not* intended to be used for authentication.  It's intended that if
there is a problem, *you* (as the mail/IRC/whatever admin) can give that
token *BACK TO* the admin of the machine orginating the connection, and
from that token, the admin will hopefully know which of his users to beat the
snot out of.
--
                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Attachment: _bin
Description:

Current thread:

"Authentication" attempts?? Los, Ralph (Mar 25)
- Re: "Authentication" attempts?? Peter Moody (Mar 26)
  - Re: "Authentication" attempts?? Valdis Kletnieks (Mar 26)
- Re: "Authentication" attempts?? Chris Ess (Mar 26)
- <Possible follow-ups>
- Re: "Authentication" attempts?? Portnoy, Gary (Mar 26)