North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Suggestion for improved identD
Ehud Gavron writes: >Suggestion: PPP access devices intercept identD requests > and return the authenticated access string. > >Reasoning: Modern ``stacks'' used by end-users -- especially > those on throwaway accounts, fake any identD response. > This makes tracking those people tougher. > >Methods: 1: identD v2, new port, intercepted by access devices > which support it. > > 2: modification to hosts requirement RFCs, making > access devices responsible for intercepting identD > requests to their PPP clients. > > 3: a security RFC ``suggesting'' 1 or 2 > >Thoughts appreciated, as are comments, flames, blames, and anything >of some content. I've done this for a couple of internet providers in Western Australia. Either by using transparent proxying under Linux (one used a Linux term server..), or a route-map to a *nix box on a Cisco. There are a few privacy issues too - if you want to see who is online, you just send out ident requests to all dialup lines, and the 'real' idents are returned. One Perth ISP fixed this by using a hash of the username. That fixes IRC bans (so they can just ban *!*[email protected]*isp.com.au ) .. and if someone wants to track a user down, they ring the ISP and hand over the hash. Adrian
|