[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] SquidGuard client requests



Petre and Darryl,

Thanks for the suggestions!

We have too many groups to feasibly run different app servers.
Ident(d) might be a solution; I'll investigate it.

Again, many thanks,
-Dave

PS.  Does anyone run identd, and what's your experience? Do you feel
compromised by it's insecurities (as Darryl has pointed out)?

On Fri, 2005-11-18 at 14:53 -0600, Darryl Palmer wrote:
> 
> On 11/18/05, David Neimeyer <admin bookpeople com> wrote: 
>         I'm hoping to get some clarification:
>         
>         Whether or not you are running a transparent proxy or not,
>         there is no 
>         way, outside of local apps, for ltsp clients to make unique
>         address
>         requests to squid/squidGuard?
>  
> Ident(d) may work for you.  Squid can use ident for identification,
> and if you are running it on your LTSP server then the TCP connections
> are identified by the correct user ids.
>  
> I have to add that Ident is not safe
> 1) It can easily be spoofed.
> 2) Transmits valid user ids so it can make it easier for someone to
> hack your system.
> 3) May be vulnerable to buffer over/under run attacks
>  
> So if you do use Ident make sure that your LTSP server is on an
> intranet that is protected by a firewall, also make sure you don't
> broadcast ident responses to people outside of your intranet or people
> you don't trust.
>  
> Darryl Palmer
> 
>  
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
-- 
David Neimeyer
BookPeople, Inc.
Systems Administrator
603 N. Lamar
Austin, TX  78703
800-853-9757 x 402


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]