[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security on Dial-up Systems



On Sat, 2 Aug 1997, Gilad Ben-Yossef wrote:

> > True. For people around here who wouldn't like to disclose real usernames
> > in their system when connecting to IRC, I would recommend finding and
> > installing 'Fake Identd', like I will as soon as I reinstall my Linux :)
> 
> man indetnd - there is an option there (-n i believe to not reveal user
> names (but rather use numbers).

But most IRC servers refuse to honor this kind of 'username' (again RFC
specification, I'd guess).

Let's see...
Yes. It is against RFC 1413. That RFC doesn't state that the response
should consist of a username - it merely states that the response should
be something unique that identifies the user on that machine.

I return 'ircuser' for all queries on ports 6660-6669, and port 7000
(which are common IRC ports).

The identd protocol is really quite useless these days. It wasn't designed
for a situation where every user as a machine of his own, and can
determine what his ident will say. I think it is only a matter of time
until they will come up with an ident-like protocol that queries your ISP.

                                                   Nimrod


Follow-Ups: References: