nanog mailing list archives
Re: Suggestion for improved identD
From: Phil Howard <phil () charon ipal net>
Date: Tue, 19 May 1998 23:52:46 -0500 (CDT)
There isn't necessarily just a single user on the other end of a PPP connection.Perhaps I should have phrased it as "single user network connection" and not "PPP". I'm less concerned with the PPP as a protocol than as its modern usage to connect the dialup user.
And how do you tell the difference between a single user connection and multi-user connection? They both use PPP. Are you going to make all the Linux users out there have to start negotiating with their ISPs just to allow them to be on?
Many things will break if the actual user and the user that PPP intercepted identd asserts do not match.Oh?
Yup. IRC bots, for instance. They expect certain specific information to grant authority, and if the PPP server substitutes it, it can't be correct all the time on systems with two or more users since the PPP server won't know which user is on which port (without actually going to that machine to ask ... but then what's the point).
Providing such information may be a violation of confidentiality ifLogin string. e.g. username.
Dialup account id? Unfortunately this is usually also the e-mail address by just appending @isp-domain.net and thus giving out tons of addresses to spammers. I won't subject my customers to this.
Because the PPP access device cannot know, unless it also tracks all the traffic involved, what ports are in fact in use, it would have to giveIf l2 is up, it's up. That's fairly basic...
So if I request an ident on port 15421, is the PPP server going to answer it even though, there is in fact no active port 15421 on that machine? You want PPP servers to track all those SYN and RST?
I believe you misunderstand the purpose of identd. It was intended to... Nope...
So you do understand that the data wasn't intended to be trusted if you have no trust of the machine (and certainly most of them out there cannot be trusted).
Why do you want this data?My personal crusade against packet monkeys, spammers, and irresponsible admins who support them by pretending that the net is free for all to abuse.
I applaud the goals. I don't think this is a viable mechanism to achieve them. BTW, I blocked access to SMTP other than to my own servers for all my dialup non-LAN customers. I don't like abuse, and won't put up with it, either from my customers, or to them. But this identd idea is not something I will do to my customers. The cure is worse than the disease. The answer is simple. Don't trust identd responses. Just don't ask for that data and then you don't have to worry about it being forged. -- Phil Howard | no7way44 () noplace5 org ads2suck () dumbads8 com a4b3c4d5 () no0place org phil | no6spam2 () spam3mer com end3it15 () no16ads4 edu stop6it8 () dumb9ads net at | end6it02 () s0p9a9m3 edu stop2ads () nowhere8 org end8ads7 () spammer1 com ipal | no8way90 () no86ads8 net blow3me2 () dumb9ads net w5x2y2z9 () spam8mer com dot | stop1020 () spammer5 edu stop7317 () no5place net no4spam7 () anyplace com net | eat55me9 () spammer5 org no71ads8 () lame9ads net suck4it6 () dumb7ads org
Current thread:
- Re: Suggestion for improved identD, (continued)
- Re: Suggestion for improved identD Daniel Reed (May 19)
- Re: Suggestion for improved identD Troy Davis (May 19)
- Re: Suggestion for improved identD Daniel Reed (May 19)
- Re: Suggestion for improved identD Christopher Neill (May 20)
- Re: Suggestion for improved identD Dalvenjah FoxFire (May 20)
- Message not available
- Re: Suggestion for improved identD Jay R. Ashworth (May 20)
- Re: Suggestion for improved identD Dalvenjah FoxFire (May 20)
- Re: Suggestion for improved identD Daniel Reed (May 19)
- Re: Suggestion for improved identD Ehud Gavron (May 19)
- Re: Suggestion for improved identD Phil Howard (May 20)
- Re: Suggestion for improved identD Adrian Chadd (May 19)
- Re: Suggestion for improved identD Steve Sobol (May 22)
- Re: Suggestion for improved identD Adrian Chadd (May 20)
- Message not available
- Re: Suggestion for improved identD Jay R. Ashworth (May 21)
- Re: Suggestion for improved identD Paul Mansfield (May 21)
- Message not available
- Re: Suggestion for improved identD Jay R. Ashworth (May 21)