[K12OSN] SquidGuard client requests
David Neimeyer
admin at bookpeople.com
Sat Nov 19 14:35:17 UTC 2005
Petre and Darryl,
Thanks for the suggestions!
We have too many groups to feasibly run different app servers.
Ident(d) might be a solution; I'll investigate it.
Again, many thanks,
-Dave
PS. Does anyone run identd, and what's your experience? Do you feel
compromised by it's insecurities (as Darryl has pointed out)?
On Fri, 2005-11-18 at 14:53 -0600, Darryl Palmer wrote:
>
> On 11/18/05, David Neimeyer <admin at bookpeople.com> wrote:
> I'm hoping to get some clarification:
>
> Whether or not you are running a transparent proxy or not,
> there is no
> way, outside of local apps, for ltsp clients to make unique
> address
> requests to squid/squidGuard?
>
> Ident(d) may work for you. Squid can use ident for identification,
> and if you are running it on your LTSP server then the TCP connections
> are identified by the correct user ids.
>
> I have to add that Ident is not safe
> 1) It can easily be spoofed.
> 2) Transmits valid user ids so it can make it easier for someone to
> hack your system.
> 3) May be vulnerable to buffer over/under run attacks
>
> So if you do use Ident make sure that your LTSP server is on an
> intranet that is protected by a firewall, also make sure you don't
> broadcast ident responses to people outside of your intranet or people
> you don't trust.
>
> Darryl Palmer
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
--
David Neimeyer
BookPeople, Inc.
Systems Administrator
603 N. Lamar
Austin, TX 78703
800-853-9757 x 402
More information about the K12OSN
mailing list