[17094] in North American Network Operators' Group
Re: Suggestion for improved identD
daemon@ATHENA.MIT.EDU (Adrian Chadd)
Thu May 21 01:24:40 1998
Cc: nanog@merit.edu
To: Jon Lewis <jlewis@inorganic5.fdt.net>
In-reply-to: Your message of "Thu, 21 May 1998 00:23:01 -0400."
<Pine.LNX.3.95.980521001838.723L-100000@tarkin.fdt.net>
Date: Thu, 21 May 1998 13:19:41 +0800
From: Adrian Chadd <adrian@creative.net.au>
Jon Lewis writes:
>On Tue, 19 May 1998, Ehud Gavron wrote:
>
>> Suggestion: PPP access devices intercept identD requests
>> and return the authenticated access string.
>>
>> Thoughts appreciated, as are comments, flames, blames, and anything
>> of some content.
>
>Not every dialup connection is a single end luser on a win95 box. What
>about ISDN connections where there's a whole network of real computers and
>different users (on each computer)? How does the NAS decide which
>connections to intercept for and which not to? Even if you knew the
>username, what good will it do you 1000 miles away? Those providers who
>care can fine the user if you tell them the IP and time of day. Those who
>don't care won't care if you tell them "I was spammed by
>abc123@yournets.net".
Its more of blocking services.
When I implemented the forced ident setup, if a user had a static IP, then
the ident was passed through. Only if they were a dynamic IP dialup client
would the ident be forced.
The idea here is not to provide a username. Its to provide a method of
identifying a dialup user, in a way that doesn't change with each login.
Since most things already query ident, then why not go this path and make
ident 'trusted' on dynamic IP NAS connections?
Adrian