Suggestion for improved identD

Adrian Chadd adrian at creative.net.au
Thu May 21 05:19:41 UTC 1998


Jon Lewis writes:
>On Tue, 19 May 1998, Ehud Gavron wrote:
>
>> Suggestion:	PPP access devices intercept identD requests
>> 		and return the authenticated access string.
>> 
>> Thoughts appreciated, as are comments, flames, blames, and anything
>> of some content.
>
>Not every dialup connection is a single end luser on a win95 box.  What
>about ISDN connections where there's a whole network of real computers and
>different users (on each computer)?  How does the NAS decide which
>connections to intercept for and which not to?  Even if you knew the
>username, what good will it do you 1000 miles away?  Those providers who
>care can fine the user if you tell them the IP and time of day.  Those who
>don't care won't care if you tell them "I was spammed by
>abc123 at yournets.net".

Its more of blocking services.

When I implemented the forced ident setup, if a user had a static IP, then
the ident was passed through. Only if they were a dynamic IP dialup client
would the ident be forced.

The idea here is not to provide a username. Its to provide a method of
identifying a dialup user, in a way that doesn't change with each login.
Since most things already query ident, then why not go this path and make
ident 'trusted' on dynamic IP NAS connections?

Adrian





More information about the NANOG mailing list