[17094] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Suggestion for improved identD

daemon@ATHENA.MIT.EDU (Adrian Chadd)
Thu May 21 01:24:40 1998

Cc: nanog@merit.edu
To: Jon Lewis <jlewis@inorganic5.fdt.net>
In-reply-to: Your message of "Thu, 21 May 1998 00:23:01 -0400."
             <Pine.LNX.3.95.980521001838.723L-100000@tarkin.fdt.net> 
Date: Thu, 21 May 1998 13:19:41 +0800
From: Adrian Chadd <adrian@creative.net.au>

Jon Lewis writes:
>On Tue, 19 May 1998, Ehud Gavron wrote:
>
>> Suggestion:	PPP access devices intercept identD requests
>> 		and return the authenticated access string.
>> 
>> Thoughts appreciated, as are comments, flames, blames, and anything
>> of some content.
>
>Not every dialup connection is a single end luser on a win95 box.  What
>about ISDN connections where there's a whole network of real computers and
>different users (on each computer)?  How does the NAS decide which
>connections to intercept for and which not to?  Even if you knew the
>username, what good will it do you 1000 miles away?  Those providers who
>care can fine the user if you tell them the IP and time of day.  Those who
>don't care won't care if you tell them "I was spammed by
>abc123@yournets.net".

Its more of blocking services.

When I implemented the forced ident setup, if a user had a static IP, then
the ident was passed through. Only if they were a dynamic IP dialup client
would the ident be forced.

The idea here is not to provide a username. Its to provide a method of
identifying a dialup user, in a way that doesn't change with each login.
Since most things already query ident, then why not go this path and make
ident 'trusted' on dynamic IP NAS connections?

Adrian



home help back first fref pref prev next nref lref last post