|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Suggestion for improved identD
On Tue, 19 May 1998, Ehud Gavron wrote: > Reasoning: Modern ``stacks'' used by end-users -- especially > those on throwaway accounts, fake any identD response. > This makes tracking those people tougher. Although it was designed to give the owner of a TCP connection, identd is only commonly used for SMTP, IRC, and occasionally POP3. The latter 2 protocols are irrelevant; the former is publicly accessable and the latter requires a password. So we're left with SMTP. An example SMTP header: Received: from evilspammer (207-172-189-146.s67.as3.plb.erols.com [207.172.189.146]) by smtp2.erols.com (8.8.8/8.8.5) with SMTP id XAA19893 for <[email protected]>; Mon, 18 May 1998 23:34:27 -0400 (EDT) In common implementations*, "evilspammer" will be the identd reply. Since it's easily forgable, simply disregard it and go by the IP address (and hostname, if shown). * = abnormal Received headers may be harder to interpret but if a site hasn't upgraded their SMTPd in that long, they're not going to upgrade for this. > Methods: 1: identD v2, new port, intercepted by access devices > which support it. > 2: modification to hosts requirement RFCs, making > access devices responsible for intercepting identD > requests to their PPP clients. > 3: a security RFC ``suggesting'' 1 or 2 Assuming this change was meant to ease spam tracking, all current SMTP daemons would have to be modified to use the new protocol and port. Existing access devices would also need to be patched/upgraded or, if that wasn't possible, the identd v2 request wouldn't be intercepted and would still be answered by the client. Then we're back to square one. Since some hosts would have identd v2 disabled and there would be a large number of users not running v2 daemons, replies would need to be optional and no services could depend on them. As such, nobody would bother. At least on this ISP, there are a number of intensely private users who, if they noticed, would probably complain. They complained about the NNTP-Posting-Host header in NNTP until it was removed. I doubt the concerns of oz.net users are particularly unique and since identd v2 would be "suggested", many/most ISPs would disable it. IMO, this would be a decent size headache with little benefit. I'm sure I'll be corrected if I'm wrong. > p.s. new beta traceroute at ftp.aces.com cd pub/software/traceroute/beta Thanks. Cheers, Troy Davis
|