Does anyone have a good definition of what the IDENT daemon is used for as well as how it can be exploited? NSDB doesn't go into much detail about this vulnerability. This signature was trigger by traffic coming from a NT box running Sendmail Single Switch email software with only port 25 open. Anyone aware of any benign triggers?
Ident is a protocol used to determine the owner of a process on a remote client attempting to make a connection to a local server. The server sends an Ident request to the remote client with a message containing the source port of the client connection attempt. The client's Ident server should respond with the username of the account making the connection request. Some programs, like Sendmail and IRC servers, use this as a security mechanism to verify the source of the connection. Siganture 6202 looks for an Ident request longer than 20 bytes. A request longer than this might indicate a buffer overflow attack on the remote client. But, this appears unlikely in your situation. I would need a traffic sample to determine the cause. Feel free to send traffic samples to firstname.lastname@example.org. We'd be happy to look at them for you.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...