|
|
| Author |
Message |
codemastr
Idler
Joined: 05 Feb 2004
Posts: 353
|
 Posted: May 08, 2004 10:17pm Post subject: |
 |
|
The original purpose of ident was to identify you. And, it does, to some degree. Yes, you and I can change our ident settings. But for us, we're easy to ban. You just +b *@*.yourisp.com and you are 99.9% sure the guy is gone.
Enter BNC. BNC gets around that "simply ban the ISP" idea because the domains (and even the IPs they resolve to) can be very different. So you need some way to identify these people. That's where ident comes in. Many shell providers won't let you change your ident. So if you are using them for BNC, you're stuck with the ident you were given. #1, that makes it easy to ban someone (ident@*) and #2, it lets you know what the user's account name is so the shell provider can be contacted to report AUP violations. (Many shell providers ban the use of BNCs as ban evasion tools)
Furthermore, the vast majority of attacks being launched on an IRC server come from machines that do not run identd. And there is a simple reason, they aren't IRC users! You have a guy who is running SOCKS5, and now people are using his machine for IRC. He didn't install ident because he's not using SOCKS for any type of protocol that needs ident. So it's easy to ban him. Even more so, people who download trojans and worms. How many of them use IRC for communication/control? Many. Well, again, since most of the time, the users with the worm/trojan don't use IRC, they don't have identd running. Hence, again, easy to ban.
Will it catch a few people whose ISPs won't let them run identd? Sure. But, the protection it provides outweighs that. Also, perhaps the correct thing to do is complain to your ISP, not to the IRC admins. They are the ones not letting you run ident, not the admins. Plus, I don't know about everyone else, but where I live I have a choice of about 8 different ISPs (ranging from dialup, DSL, cable, satellite, and wireless), and I live in the middle of nowhere. So I'd imagine someone in a big city could have dozens of choices. Well, this is capitalism, if you don't like the service someone is giving you, go take your business elsewhere! There are plenty of ISPs that do allow ident, so go with one of them instead. |
|
| Back to top |
|
 |
Guest
|
| Posted: May 09, 2004 1:36pm Post subject: |
|
|
identd is more of a security risk than anything useful.
I probed someone's identd port and I found out their username and all for their local machine.. same with finger... |
|
| Back to top |
|
|
Ashen
Idler
Joined: 05 Jan 2004
Posts: 285
|
| Posted: May 09, 2004 3:34pm Post subject: |
|
|
And on my shell services, and the services of other shells providers I know, the user has no control over their ident whatsoever.
Thus, a simple
/mode #channel +b *!*user@*.domain will ban exactly that user.
For windows, identd implementation is a poor joke that would be made better if mirc only allowed you to change your identd every 30 days or had any security at all.
identd on a *nix machine, however, is not something to take lightly. |
|
| Back to top |
|
|
sliq
Newbie
Joined: 02 Jan 2004
Posts: 92
Location: IRC
|
| Posted: May 10, 2004 1:26pm Post subject: ident |
|
|
| ident is a waste of connecting time. to ban it just adds on to the stress it causes in the first place. why not eliminate it and let the users connect faster and let the admins determine whether a user should be banned in the first place. |
|
| Back to top |
|
|
|
|
| |
Register
Log in
