From owner-freebsd-chat Tue Nov 21 12: 7:54 2000 Delivered-To: freebsd-chat@freebsd.org Received: from epicsol.org (epicsol.org [209.100.173.7]) by hub.freebsd.org (Postfix) with ESMTP id 5621B37B4C5 for ; Tue, 21 Nov 2000 12:07:52 -0800 (PST) Received: (from jnelson@localhost) by epicsol.org (8.9.3/8.9.3) id OAA90752; Tue, 21 Nov 2000 14:07:51 -0600 (CST) (envelope-from jnelson) Date: Tue, 21 Nov 2000 14:07:51 -0600 (CST) From: Jeremy Nelson Message-Id: <200011212007.OAA90752@epicsol.org> To: freebsd-chat@freebsd.org Subject: Re: Is any efnet server still running? X-Newsgroups: freebsd.chat In-Reply-To: <200011211848.LAA28165@usr08.primenet.com> Organization: Damage, org. Cc: Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Terry Lambert wrote: >[Requiring ident to use irc is] a security precaution, and is unlikely to >be relaxed, so long as the administrator remains sane. > >The point of ident is to hold the machine administrator responsible >for the actions of users on the machine, by allowing the offending >user to be reported accurately to the administrator of an offending >machine. > >Failure of the administrator to take action will result in the >machine being diked out of the IRC community. This may be true in some contexts, but the benefit of using ident in irc is actually more practical for other reasons. The script kiddies love to use the floodbots that spoof other addresses, especially addresses of people the script kiddie want to get in trouble. Some networks, like the undernet, require a PING/PONG exchange with a random value. But this value might be guessed if you try hard enough. Other networks require that you run an identd daemon because then you have the chance to validate or invalidate all connections made in your name. In the absence of an ident daemon, the server has no way of knowing whether or not the connection is actually from you, or from someone forging your ip address. It isn't technically relevant what your ident daemon returns. The only thing that is relevant is that the server has asked *you* if this is *your* connection and unless you say "yes, this is my connection", it won't let you go any further. This is the best way yet to keep dynamic IP users from crying innocence when a boatload of floodbots show up from their IP address. Jeremy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message