Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
User Journal

Journal Wakko Warner's Journal: Identd must die. 7

So anyway, I was on IRC the other day (as I am often wont to do), and, as I was being banned from the network for not running "identd", I thought to myself: "Why do we still use this???"

Can anyone come up with a valid reason why, in 2002, ident is still considered by some people to be a necessary and valuable component of the Internet? Most people use Windows for everything, and Windows has no identity service. Most UNIX folks I know disable it for security reasons. I've disabled ident lookup on the IRC servers I admin, and have encouraged others on my network to do the same. Why on earth do people still insist we all run it in order to connect to and utilize their network services? Is it still 1993 in some part of the world?

This discussion has been archived. No new comments can be posted.

Identd must die.

Comments Filter:
  • Is there a reason that I got a message that you had this journal, then it wasn't there, then there's another message from two minutes later that you had this journal, and that link worked? Were you doing some editing and saved it as a new journal??
    • Yah, I messed up the link the first time I posted it, so I tried again.

      - A.P.
      • You can just edit previous journal without deleting them. It's a common thing to leave the old URL in (for bad links) and post an UPDATE!! at the bottom so those who are returning know that you did stuff, and those that are new to your story can see there's been revisions.
  • This was like Deja-Deja-Vu for me. First it was the Ask Slashdot submission, which I posted for tomorrow, then there were the two messages. So I've re-read this same question some 5 times, today (don't try to add, there are instances that I didn't mention) and I'm worried I'm losing my mind.

    Ahhhh, such are the dangers of being a Slashdot Editor. Careful reading that submissions bin. It might rot your brain!

    At any rate, in a vein attempt to remain on topic and drag some order into this post, I have also wondered why people assume that running IDENTD means that you are suddenly verifiable. Daemons that fake an ident responses have been around for years and if you are a NAT user, you HAVE to use one of those puppies to connect. I fell off of EFNet years ago because of this silly rule. I even earned a collection of K-lines for it.

    I think such IRC admins suffer from a false sense of security. The only thing an IDENT response means, these days, is that your server is probably good at faking it.

    • DALnet says they use it because, if you're bouncing your connection off a Wingate server, you're not gonna give a valid IDENT response -- but how many open Wingates are left out there? 3 or 4? This is the only valid reason I've heard for requiring IDENT, and it's rapidly becoming a non-issue. Open-proxy checking effectively deals with this issue, anyway.

      A bunch of my friends run fake-ident servers, for various reasons (including security -- if you're gonna be forced to use IDENT, why not at least give out invalid usernames?)

      Thanks for posting it though. :)

      - A.P.
  • Well, I admin an IRC server. It doesnt require you to have ident running, but if you don't, you have to wait a *long* time before it will let you connect. A couple things that server operators get from ident are:

    1) Ability to block hacked or otherwise abusive accounts from shell access providers. A *LOT* of crap comes out of these people, and since they are on from a terminal on a large multiuser machine with properly configured ident, they are blockable more easily.

    2) Helps prevent spoofing attacks and flooding. Really, it does. Running the abnormally long delay on a user who fails to respond to ident queries prevents the vast majority of ddos tools and whatnot that communicate through IRC from getting on the network unless, of course, they run their own ident server. And, although they are less common than they were 9 years ago on IRC, spoofing and collision attacks are reduced by requiring ident and setting good limits on connection rates and whatnot.

    Here's how it boils down for me: The IRC server wanting an ident response is sort of like ID'ing a 40 year old bald man when he tries to buy some beer. Obviously, the guy is old enough to buy beer, but if he shows you his ID, you can gain another small piece of information that can teach you more about the guy, which may or may not be important depending on what you are trying to do.

    Get it? Hope that makes some sense.


Nothing ever becomes real till it is experienced -- even a proverb is no proverb to you till your life has illustrated it. -- John Keats