[K12OSN] SquidGuard client requests

David Neimeyer admin at bookpeople.com
Sat Nov 19 14:35:17 UTC 2005

Petre and Darryl,

Thanks for the suggestions!

We have too many groups to feasibly run different app servers.
Ident(d) might be a solution; I'll investigate it.

Again, many thanks,

PS.  Does anyone run identd, and what's your experience? Do you feel
compromised by it's insecurities (as Darryl has pointed out)?

On Fri, 2005-11-18 at 14:53 -0600, Darryl Palmer wrote:
> On 11/18/05, David Neimeyer <admin at bookpeople.com> wrote: 
>         I'm hoping to get some clarification:
>         Whether or not you are running a transparent proxy or not,
>         there is no 
>         way, outside of local apps, for ltsp clients to make unique
>         address
>         requests to squid/squidGuard?
> Ident(d) may work for you.  Squid can use ident for identification,
> and if you are running it on your LTSP server then the TCP connections
> are identified by the correct user ids.
> I have to add that Ident is not safe
> 1) It can easily be spoofed.
> 2) Transmits valid user ids so it can make it easier for someone to
> hack your system.
> 3) May be vulnerable to buffer over/under run attacks
> So if you do use Ident make sure that your LTSP server is on an
> intranet that is protected by a firewall, also make sure you don't
> broadcast ident responses to people outside of your intranet or people
> you don't trust.
> Darryl Palmer
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
David Neimeyer
BookPeople, Inc.
Systems Administrator
603 N. Lamar
Austin, TX  78703
800-853-9757 x 402

More information about the K12OSN mailing list