[Mailman-Users] Slow delivery

Christopher X. Candreva chris at westnet.com
Fri Mar 9 15:48:45 CET 2007

On Fri, 9 Mar 2007, Brad Knowles wrote:

> So Phil says that he runs a trustworthy IDENT server on his box. 
> Fine.  But plenty of spammers, phishers, and other nefarious types 
> out there will try to use IDENT as another vector to exploit for use 
> in breaking into your system, or for tricking you into believing 
> whatever lies they want you to believe.

This is a common misconception of what IDENT is/was for.  IDENT was not 
intended to provide reliable authentication, as to who owned a connection. 
Rather, IDENT was a way of providing information such that a sysadmin could 
figure out later which of their own users had done something bad, or had 
their account compromised.

People then started using it this way, possibly due to the inclusion in tcp 
wrappers, but as I recall it wasn't the original purpose.

In other words, as the recipient I have no reason to trust the string. But 
if I am on the reciving end of an attack from a multi-user machine and am 
reporting it to the owner of the machine, I would give them the IDENT data I 
capture so they can better track what happened on their machine.
And even on a non-multi user machine, it could help narrow down what process 
was compromised.

There was at least one IDENT server that would return a seemingly random 
string, that could be decrypted by the sysadmin to know what the account was 
without divulging the actual name to the outside.

Chris Candreva  -- chris at westnet.com -- (914) 948-3162
WestNet Internet Services of Westchester

More information about the Mailman-Users mailing list