Svoboda | Graniru | BBC Russia | Golosameriki | Facebook

To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

How to transfigure the Wikipedia

Would you like Wikipedia to always look as professional and up-to-date? We have created a browser extension. It will enhance any encyclopedic page you visit with the magic of the WIKI 2 technology.

Try it — you can delete it anytime.

Install in 5 seconds
4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
Great Wikipedia has got greater.
.
Leo
Newton
Brights
Milds

Ident protocol

From Wikipedia, the free encyclopedia

Ident
Communication protocol
PurposeIdentification
Developer(s)Michael C. St. Johns at US Department of Defense
IntroductionFebruary 1993; 31 years ago (1993-02)
Based onRFC 931
OSI layerApplication layer (Layer 7)
Port(s)TCP/113
RFC(s)RFC 1413
Internet protocol suite
Application layer
Transport layer
Internet layer
Link layer

The Ident Protocol (Identification Protocol, Ident), specified in RFC 1413, is an Internet protocol that helps identify the user of a particular TCP connection. One popular daemon program for providing the ident service is identd.

YouTube Encyclopedic

  • 1/3
    Views:
    676
    1 234
    2 657
  • 08 Cisco Access Control List: Configuracion de ACL "Extended" Parte 3/3
  • 06 Cisco Access Control List: Configuracion de ACL "Extended" Parte 1/3
  • 34- CCNA 200-301 | Access Control List (ACL)

Transcription

Function

The Ident Protocol is designed to work as a server daemon, on a user's computer, where it receives requests to a specified TCP port, generally 113. In the query, a client specifies a pair of TCP ports (a local and a remote port), encoded as ASCII decimals and separated by a comma (,). The server then sends a response that identifies the username of the user who runs the program that uses the specified pair of TCP ports, or specifies an error.

Suppose host A wants to know the name of the user who is connecting to its TCP port 23 (Telnet) from the client's (host B) port 6191. Host A would then open a connection to the ident service on host B, and issue the following query: 

6191, 23

As TCP connections generally use one unique local port (6191 in this case), host B can unambiguously identify the program that has initiated the specified connection to host A's port 23, should it exist. Host B would then issue a response, identifying the user ("stjohns" in this example) who owns the program that initiated this connection and the name of its local operating system: 

6193, 23 : USERID : UNIX : stjohns

But if it would turn out that no such connection exists on host B, it would instead issue an error response: 

6195, 23 : ERROR : NO-USER

All ident messages should be delimited by an end of line sequence consisting of the carriage return and linefeed characters (CR+LF).[1]

Usefulness of ident

Dialup hosts or shared shell servers often provide ident to enable abuse to be tracked back to specific users. In the case that abuse is handled on this host the concern about trusting the ident daemon is mostly irrelevant. Spoofing of the service and privacy concerns can be avoided by providing varying cryptographically strong tokens instead of real usernames.

If abuse is to be handled by the administrators of the service that users connect to using the ident providing host, then the ident service must provide information identifying each user. Usually it is impossible for the administrators of the remote service to know whether specific users are connecting via a trustable server or from a computer they themselves control. In the latter case the ident service provides no reliable information.

The usefulness of Ident for proving of a known identity to a remote host is limited to circumstances when:

  • The user connecting is not the administrator of the machine. This is only likely for hosts providing Unix shell access, shared servers using a suEXEC-like construction and the like.
  • One trusts the administrators of the machine and knows their user policy. This is most likely for hosts in a common security domain such as within a single organization.
  • One trusts that the machine is the machine it claims to be and knows that machine. This is only easily arranged for hosts on a local area network or virtual network where all hosts on the network are trusted and new hosts cannot easily be added due to physical protection. On remote and normal local networks false ident replies can be accomplished by ip spoofing and, if DNS is used, by all kinds of DNS trickery. The ident daemon may provide cryptographically signed replies which, if they can be confirmed, solves these last, but not the first, concerns.
  • There exist no intermediate obstacles to connecting to identd such as firewall, NAT, or proxy (such as if you were using ident with Apache httpd). These are common occurrences when going between security domains (as with public HTTP or FTP servers).

Security

The ident protocol is considered dangerous because it allows crackers to gain a list of usernames on a computer system which can later be used for attacks. A generally accepted solution to this is to set up a generic/generated identifier, returning node information or even gibberish (from the requesters point of view) rather than usernames. This gibberish may be turned into real usernames by the ident administrator, when he or she is contacted about possible abuse, which means the usefulness for tracking abuse is preserved.

Uses

Ident is important on IRC as a large number of people connect to IRC from a server shared by multiple users, often using a bouncer. Without Ident there would be no way to ban a single user without banning the entire host. The server administrator may also use this information to identify the abusive user.

On most IRC networks, when the server fails to get an Ident response it falls back to the username given by client, but marks it as "not verified", usually by prefixing with a tilde; e.g., ~josh. Some IRC servers even go as far as blocking clients without an ident response,[2] the main reason being that it makes it much harder to connect via an "open proxy" or a system where you have compromised a single account of some form but do not have root (on Unix-like systems, only root can listen for network connections on ports below 1024).

However, Ident provides no additional authentication when the user is connecting directly from their personal computer, on which they have enough privileges to control the Ident daemon as well.[1]

See also

References

  1. ^ a b Johns, Michael (February 1993). Identification Protocol. IETF. doi:10.17487/RFC1413. RFC 1413. Retrieved 1 April 2013.
  2. ^ "News für IRCNet-Nutzer bei T-Online". german IRCnet opers. Retrieved 2011-12-26.

Further reading

This page was last edited on 6 June 2024, at 05:56
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.
Contact WIKI 2
Introduction
Terms of Service
Privacy Policy