ident
Dec 11 14:32:49 li3-194 identd[11257]: request_thread: read(10, …, 1023) failed: Connection reset by peer
Dec 11 14:33:28 li3-194 identd[11263]: request_thread: read(9, …, 1023) failed: Connection reset by peer
Dec 11 14:34:08 li3-194 identd[11266]: request_thread: read(9, …, 1023) failed: Connection reset by peer
Dec 11 14:35:48 li3-194 identd[11275]: request_thread: read(9, …, 1023) failed: Connection reset by peer
Dec 11 14:37:12 li3-194 identd[11282]: request_thread: read(9, …, 1023) failed: Connection reset by peer
Dec 11 14:38:13 li3-194 identd[11290]: request_thread: read(9, …, 1023) failed: Connection reset by peer
Is this the effect of having 300 in your tcp timeout time?
-Ashen
6 Replies
Requiring ident doesn't block them all, but does block most of them. Most insecure proxies used for abuse on IRC (flood attacks, etc) don't have ident either and are blocked for the same purpose.
I don't block them simply because its easier to deny them access to the network by akilling them. May have to eventually though if it gets bad enough. Most 'major' networks do require ident however. Dalnet is a good example. Most of them DO check for ident though, but if you don't have it, after a few seconds pause, will let you on, but put a ~ in front of your hostmask to indicate ident failed.
@U:
Alot of them do, not including mine-because alot of the spambots and other fodder (ddos botnets) use servers that don't have ident installed, simply because they are hijacked connections.
Well, that makes a little sense, I guess, but only for a little while. It won't be long before the bots start responding to ident requests.
> Most of them DO check for ident though, but if you don't have it, after a few seconds pause, will let you on, but put a ~ in front of your hostmask to indicate ident failed.
That, OTOH, is completely pointless. The contents of an ident response are meaningless. I can make the ident service on my machine say anything I want it to. The ident protocol was invented when people didn't have their own internet connections and run their own services. Nowadays, it don't mean diddly squat.
I guess the reason why it works is because most of the bad stuff comes from boxes that have been exploited, and the installation of ident on that box would likely draw attention to the fact its been exploited perhaps….. who knows.
I don't personally do it on my network because I don't think it stops much, but some networks do. They have various reasons, I guess.
this? I get it on pretty much any irc server I connect to… surely it's a bug some
where in my system, rather then all the other servers all being broken?
-Ashen
The problem was I'd set the identd to return 'OTHER' instead of 'UNIX'
as the O/S, and most irc networks don't like this, so they started giving my
identd the cold shoulder.
A simple edit of /etc/identd.conf and service identd restart
fixed it.
-Ashen