<plugin_id>152</plugin_id>
<plugin_name>identd detection</plugin_name>
<plugin_family>Enumeration</plugin_family>
<plugin_created_date>2004/09/06</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/13</plugin_updated_date>
<plugin_version>1.1</plugin_version>
<plugin_changelog>Corrected the plugin structure and added the accuracy values in 1.1</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>113</plugin_port>
<plugin_procedure_detection>open|sleep|send 0,0\n|sleep|close|pattern_exists ERROR</plugin_procedure_detection>
<plugin_detection_accuracy>90</plugin_detection_accuracy>
<plugin_comment>This plugin was written with the ATK Attack Editor.</plugin_comment>
<bug_affected>identd service</bug_affected>
<bug_not_affected>Other services</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>The remote host is running an ident (also known as 'auth') daemon. The 'ident' service provides sensitive information to potential attackers. It mainly says which accounts are running which services. This helps attackers to focus on valuable services (thoseowned by root).</bug_description>
<bug_solution>The server should be deactivated or de-installed if not necessary. Under Unix systems, comment out the 'echo' line in /etc/inetd.conf and restart the inetd process. Try to prevent unwanted connection attempts by filtering traffic with firewalling.</bug_solution>
<bug_fixing_time>Approx. 15 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>Low</bug_severity>
<bug_popularity>8</bug_popularity>
<bug_simplicity>7</bug_simplicity>
<bug_impact>3</bug_impact>
<bug_risk>5</bug_risk>
<bug_nessus_risk>Low</bug_nessus_risk>
<bug_check_tool>Most well-known security scanners are able to do a similar check.</bug_check_tool>
<source_cve>CAN-1999-0629</source_cve>
<source_nessus_id>10021</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.computec.ch</source_misc>