Journal Wakko Warner's Journal: Identd must die. 7
Can anyone come up with a valid reason why, in 2002, ident is still considered by some people to be a necessary and valuable component of the Internet? Most people use Windows for everything, and Windows has no identity service. Most UNIX folks I know disable it for security reasons. I've disabled ident lookup on the IRC servers I admin, and have encouraged others on my network to do the same. Why on earth do people still insist we all run it in order to connect to and utilize their network services? Is it still 1993 in some part of the world?
double post? (Score:1)
Re:double post? (Score:1)
- A.P.
Re:double post? (Score:1)
A.P. Likes to Mess Wif Me Mind (Score:2)
Ahhhh, such are the dangers of being a Slashdot Editor. Careful reading that submissions bin. It might rot your brain!
At any rate, in a vein attempt to remain on topic and drag some order into this post, I have also wondered why people assume that running IDENTD means that you are suddenly verifiable. Daemons that fake an ident responses have been around for years and if you are a NAT user, you HAVE to use one of those puppies to connect. I fell off of EFNet years ago because of this silly rule. I even earned a collection of K-lines for it.
I think such IRC admins suffer from a false sense of security. The only thing an IDENT response means, these days, is that your server is probably good at faking it.
Re:A.P. Likes to Mess Wif Me Mind (Score:2)
A bunch of my friends run fake-ident servers, for various reasons (including security -- if you're gonna be forced to use IDENT, why not at least give out invalid usernames?)
Thanks for posting it though.
- A.P.
One valid reason (Score:2)
1) Ability to block hacked or otherwise abusive accounts from shell access providers. A *LOT* of crap comes out of these people, and since they are on from a terminal on a large multiuser machine with properly configured ident, they are blockable more easily.
2) Helps prevent spoofing attacks and flooding. Really, it does. Running the abnormally long delay on a user who fails to respond to ident queries prevents the vast majority of ddos tools and whatnot that communicate through IRC from getting on the network unless, of course, they run their own ident server. And, although they are less common than they were 9 years ago on IRC, spoofing and collision attacks are reduced by requiring ident and setting good limits on connection rates and whatnot.
Here's how it boils down for me: The IRC server wanting an ident response is sort of like ID'ing a 40 year old bald man when he tries to buy some beer. Obviously, the guy is old enough to buy beer, but if he shows you his ID, you can gain another small piece of information that can teach you more about the guy, which may or may not be important depending on what you are trying to do.
Get it? Hope that makes some sense.
~GoRK