[16994] in North American Network Operators' Group
Suggestion for improved identD
daemon@ATHENA.MIT.EDU (Ehud Gavron)
Tue May 19 18:51:10 1998
Date: Tue, 19 May 1998 15:36:43 -0700 (MST)
From: Ehud Gavron <GAVRON@ACES.COM>
To: nanog@merit.edu
Cc: GAVRON@ACES.COM
Suggestion: PPP access devices intercept identD requests
and return the authenticated access string.
Reasoning: Modern ``stacks'' used by end-users -- especially
those on throwaway accounts, fake any identD response.
This makes tracking those people tougher.
Methods: 1: identD v2, new port, intercepted by access devices
which support it.
2: modification to hosts requirement RFCs, making
access devices responsible for intercepting identD
requests to their PPP clients.
3: a security RFC ``suggesting'' 1 or 2
Thoughts appreciated, as are comments, flames, blames, and anything
of some content.
Ehud
gavron@aces.com
p.s. new beta traceroute at ftp.aces.com cd pub/software/traceroute/beta