How does Ident work?

4

2

I am having a hard time understanding how the ident protocol works. I came across a summary of how it works at Wikipedia however don't quite follow what it means

The Ident Protocol is designed to work as a server daemon, on a user's computer, where it receives requests to a specified port, generally 113. In a query, a client specifies a pair of ports (a local and a remote port). The server will then send a specially designed response that identifies the username of the user who runs the program that uses the specified pair of ports.

For example I assume that every OS has an ident server running. If so where does it receive an ident request to a specified port? In that query it states the client specifies a part of ports? Which is the client and which is the server?

PeanutsMonkey

Posted 2011-08-20T06:12:48.747

Reputation: 7 780

Answers

4

where does it receive an ident request to a specified port?

The Ident server listens on TCP port 113.

In that query it states the client specifies a part of ports? Which is the client and which is the server?

The client initiates the connection, the server accepts it. In this case, your computer is the Ident server since it runs the Ident daemon and listens for connections, and the IRC server is the Ident client since it initiates the Ident connection. (IRC is pretty much the only protocol left that uses Ident.)

The RFC example says:

<port-on-server> , <port-on-client> : <resp-type> : <add-info>

6193, 23 : USERID : UNIX : stjohns

Here port-on-client is the remote side (Telnet server acting as Ident client), and port-on-server is your computer (acting as Ident server).

user1686

Posted 2011-08-20T06:12:48.747

Reputation: 283 655

Thanks. So does it mean if I want to connect to an IRC service, I need to have an ident server running on my PC? If so when I connect to an IRC server/service I take it it would attempt to connect to the ident server on my PC? – PeanutsMonkey – 2011-08-20T07:36:10.157

Yes, that's right. (Except Ident is very rarely required, most networks consider it optional.) – user1686 – 2011-08-20T08:05:29.103

… but they'll nonetheless hang for a minute or so at connection time whilst they time out trying to talk to a nonexistent ident server. ☺ – JdeBP – 2011-08-20T23:39:07.203

@JdeBP: Not if your computer correctly rejects the TCP connection attempts. (Often firewalls drop them quietly instead of TCP RST.) – user1686 – 2011-08-21T06:04:15.203

1

Amazingly, we live in a world where people like Steve Gibson give top marks for computers that do not exhibit any such correct behaviour. ☺

– JdeBP – 2011-08-22T01:22:53.860

(In other "news", your network is secure if it's behind a NAT, and breaking PMTUD by blocking all ICMP packets is the new hot thing in computer security.) – user1686 – 2011-08-22T01:34:34.943

@grawity - What is PMTUD? In the case of ident being rarely required, what purpose does it serve? – PeanutsMonkey – 2011-08-22T01:56:55.813

@Peanuts: The comment was not related to Identd. (PMTUD is Path MTU Discovery.) – user1686 – 2011-08-22T09:30:03.617

1

I've lived in a Gibsonian world at at least one job. IRC users whose network administrators are likewise Gibsonians simply have to learn to love the long wait for the NOTICE AUTH :*** No Ident response message. Interestingly, the conclusion that Steve Gibson's notions of stealth ports are "a little bit nutty" and "fearmongering" currently wins the popular vote. That doesn't help those sentenced to live with Gibsonians, though. ☺

– JdeBP – 2011-08-23T23:32:06.117

Asked: 2011-08-20T06:12:48.747

Viewed: 10 257 times

Active: 2012-07-18T13:49:33.710