°Û °Û ÞÜ ±Û °Û °Û ÜÛÛ ÛÜ ±Û ²Û°ÛÛÛÛß°Û ÜÜÜ ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û °Û ÛÛ ° ÛÛ±Û ±Û ÛÛ ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß °Û°ÛÛÛ ÛÛ ° ÛÛ±Û ±Û ÛÛ ±Û °Û±Û °ÛÜ °ÜÛßßÛ°Û °Û ßÛ ÛÛß °ÛÛÛ ßÛÛÜ°ÛßÛÛÛÛß±Û °ÛÛÛß°ÛÜÜÛ²°Û °Û Outbreak Magazine Issue #7 - Article 8 of 16 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' - - - - - - - - - - - - - - - the uselessness and dangers of identd by: antimatt3r Jun 6 2002 - - - - - - - - - - - - - - - The identification protocol (also knows as 'auth' on *nix systems) is specified by RFC1413. This protocol in my opinion is useless and potentially dangerious. The objective of this text is to inform you of the uselessness and insecurities and make you wonder why the hell someone integrated this protocol into the Internet. Okay the first thing is that its rediciolusly pointless. The first fundamental assumption behnd this protocol is that computers are multi-user timesharing systems with secured operating systems. So if someone is running windows you've already got that one falsified. The second is that the computer user and the computer admin are different people. This isint such a bad assumption, because most of us dont log in as root on *nix and start running our everyday routine. But, on windows, most of us have our user account set as the administrator. The third and final assumption is that the systems admin is trustworthy. This is about the most brilliant one of them all. The upshot of these assumptions is that when recieving an ident response you can trust the data that identifies a user who is trying to use a network service on your server, because the admin on the other side who is watching over his system and users with an eagle eye will readily and happily identify his users to you, because you asked. Once again, the majority of computer systems on the Internet violate ALL the assumptions, becuase they are running windows which are single user, not secure at all and have the user and admin as the same person. As for the admin being trustworthy who knows. The data that any computer will return has no bona fides or other utility other than as a random string or bits which may or may not relate in any way to the user of the system. Even the author of RFC1413 says that the protocol cant be used for anything real ( section 6). The reason that the identification protocol is dangerous is that there are some server admins who seem to believe that ident has some utility, because they require it to use their services. (dalnet admins) These people are deluding themselves, lulling themselves into a completeley false sense of security - they believe that with ident they have an audit trail which they can use to grab users who abuse their services. As the protocol description above demonstrates, this is the assumption of a fool. For the final part of this text I would like to talk about why dalnet requires that you give a ident response. When connecting to dalnet you get the 'checking ident' signal and then usually ident response comes through, if there is no ident response, you/we get akilled. If you whois someone on dalnet and they have a ~ in front of their hostname (eg. ~antimatt3r@suckme.net) their ident was not verified. It seems that dalnet dosent really care if people send fake ident responses because if you look on http://kline.dal.net/exploits/unixident.htm they supply a 'fakeident' RPM package. So now not only is the dalnet hierarchy fucking dumb, but they are supplying tools to evade the rules that the have put in place. If your stuck without ident working, make sure your auth port is uncommented in /etc/inetd.conf and try fowarding ports 5990 thru 6000 as well as 113 if your on a routed intranet. If your using mIRC its in options - connect - idnetd. EOF