nanog mailing list archives
Re: Suggestion for improved identD
From: Adrian Chadd <adrian () creative net au>
Date: Wed, 20 May 1998 10:41:38 +0800
Ehud Gavron writes:
Suggestion: PPP access devices intercept identD requests and return the authenticated access string. Reasoning: Modern ``stacks'' used by end-users -- especially those on throwaway accounts, fake any identD response. This makes tracking those people tougher. Methods: 1: identD v2, new port, intercepted by access devices which support it. 2: modification to hosts requirement RFCs, making access devices responsible for intercepting identD requests to their PPP clients. 3: a security RFC ``suggesting'' 1 or 2 Thoughts appreciated, as are comments, flames, blames, and anything of some content.
I've done this for a couple of internet providers in Western Australia. Either by using transparent proxying under Linux (one used a Linux term server..), or a route-map to a *nix box on a Cisco. There are a few privacy issues too - if you want to see who is online, you just send out ident requests to all dialup lines, and the 'real' idents are returned. One Perth ISP fixed this by using a hash of the username. That fixes IRC bans (so they can just ban *!*hash@*isp.com.au ) .. and if someone wants to track a user down, they ring the ISP and hand over the hash. Adrian
Current thread:
- Re: Suggestion for improved identD, (continued)
- Re: Suggestion for improved identD Daniel Reed (May 19)
- Re: Suggestion for improved identD Christopher Neill (May 20)
- Re: Suggestion for improved identD Dalvenjah FoxFire (May 20)
- Message not available
- Re: Suggestion for improved identD Jay R. Ashworth (May 20)
- Re: Suggestion for improved identD Dalvenjah FoxFire (May 20)
- Re: Suggestion for improved identD Daniel Reed (May 19)
- Re: Suggestion for improved identD Ehud Gavron (May 19)
- Re: Suggestion for improved identD Phil Howard (May 20)
- Re: Suggestion for improved identD Adrian Chadd (May 19)
- Re: Suggestion for improved identD Steve Sobol (May 22)
- Re: Suggestion for improved identD Adrian Chadd (May 20)
- Message not available
- Re: Suggestion for improved identD Jay R. Ashworth (May 21)
- Re: Suggestion for improved identD Paul Mansfield (May 21)
- Message not available
- Re: Suggestion for improved identD Jay R. Ashworth (May 21)