Suggestion for improved identD

Studded Studded at san.rr.com
Wed May 20 08:08:01 UTC 1998


Troy Davis wrote:
> 
> On Tue, 19 May 1998, Ehud Gavron wrote:
> 
> > Reasoning:    Modern ``stacks'' used by end-users -- especially
> >               those on throwaway accounts, fake any identD response.
> >               This makes tracking those people tougher.
> 
> Although it was designed to give the owner of a TCP connection, identd is
> only commonly used for SMTP, IRC, and occasionally POP3.  The latter 2
> protocols are irrelevant; the former is publicly accessable and the
> latter requires a password.  So we're left with SMTP.

	If I follow the flow of your paragraph correctly, you're listing IRC in
the irrelevant category. While I am not going to attempt to convince you
otherwise, let me describe a fairly common problem we have on our
network.

	StupidUser comes onto DALnet with the address
FakeIdent at pop99.yourisp.com. They cause problems such that we need to
ban them from the network. A young and foolish IRC Operator bans
[email protected]*.yourisp.com. Well that doesn't even slow them down, they
just change the ident and reconnect. So now we need to ban
*@pop99.yourisp.com. This stops a certain percentage of users (put
bluntly, the stupid ones). However the smart ones just redial. 

	Now we need to ban *@*.yourisp.com because 'yourisp.com' doesn't have
any reliable means of identifying pops by geographical regions, or some
other way for us to limit the ban to avoid preventing access for yourisp
entirely. Not a problem you say? Well you might be right. Depends on
what percentage of your userbase uses IRC. And I do mean IRC and not
just DALnet because chances are that problem user is going to go get
yourisp banned on some more networks before they get bored. There are
some fairly large national providers that have been banned from DALnet
for a long time generating literally hundreds of e-mails to us and phone
calls to them. 

	A reliable method of identifying customers would be a huge benefit in
this situation. As I said, I'm not going to try convincing anyone that
IRC is "significant." I'm not even saying that it's worth developing
this type of ident system on a 'net-wide basis. My point is simply to
illustrate the potential value of such a system in one little corner of
the internet. A very conservative estimate would put 200,000 people on
IRC (on various IRC networks) every night. Multiply that by
approximately 4 to get the number of people who use IRC at least once a
week or more. Then consider that the size of our network has increased
12 times in the last two years and we're talking about an awful lot of
yourisp's customers who would benefit directly from us being able to ban
[email protected]*.yourisp.com. 

Just a thought,

Doug  (who would be happy to put together some more IRC-friendly
recommendations for ISP's that can actually be implemented now if anyone
is genuinely interested :)
-- 
***         Chief Operations Officer, DALnet IRC network       ***
*** Proud designer and maintainer of the world's largest Internet
***    Relay Chat server with 5,328 simultaneous connections.
*** Try spider.dal.net on ports 6662-4    (Powered by FreeBSD)



More information about the NANOG mailing list