This article is about the Internet protocol. For the jargon contraction used in the broadcasting world, see station identification or Television ident.

The Ident Protocol, specified in RFC 1413, is an Internet protocol that helps identify the user of a particular TCP connection. One popular daemon program for providing the ident service is identd. For other senses of this word, see protocol. ... Station identification is the practice of any type of radio station identifying itself, typically with a callsign. ... A television ident visually identifies the network or station presenting a television programme. ... For other senses of this word, see protocol. ... The Transmission Control Protocol (TCP) is a virtual circuit protocol that is one of the core protocols of the Internet protocol suite, often simply referred to as TCP/IP. Using TCP, applications on networked hosts can create connections to one another, over which they can exchange streams of data. ... A telecommunication circuit is defined as follows: The complete path between two terminals over which one-way or two-way communications may be provided. ... In Unix and other computer multitasking operating systems, a daemon is a computer program that runs in the background, rather than under the direct control of a user; they are usually instantiated as processes. ...

How Ident Works

The Ident Protocol is designed to work as a server daemon, on a user's computer, where it receives requests to a specified port, generally 113. The server will then send a specially designed response that identifies the username of the current user. In Unix and other computer multitasking operating systems, a daemon is a computer program that runs in the background, rather than under the direct control of a user; they are usually instantiated as processes. ... It has been suggested that this article or section be merged into Computer port (software). ...

Usefulness of Ident

Ident is considered useful due to the fact that it is able to distinguish the name of the person most likely to make a connection to the requesting server, which can then be used as identification for abuse control and/or general reporting purposes. This is useful because on most operating systems more than one user can be logged in at a time. The protocol is of no help for users where the source of abuse is the computer administrator. To some extent the trustworthiness of the ident can be determined by seeing if the reverse DNS hostname is a typical ISP host (e.g. user12345.dsl.myisp.com) or a hostname more likely to be of a server. In computing, an operating system (OS) is the system software responsible for the direct control and management of hardware and basic system operations. ... The domain name system (DNS) stores and associates many types of information with domain names, but most importantly, it translates domain names (computer hostnames) to IP addresses. ... An Internet service provider (abbr. ...

Security

Filtering the ident port will often cause timeout delays when connecting to servers. Unless you are determined to leave your system totally invisible to the Internet it is best to either run an ident server or to leave the port cleanly rejecting connections using a firewall. It is possible to set up your system to filter ident connections from all systems you haven't made a connection to recently but this can be tricky to set up and few people bother. Please wikify (format) this article or section as suggested in the Guide to layout and the Manual of Style. ...

The ident protocol is considered dangerous because it allows hackers to gain a list of usernames on a computer system which can later be used for attacks. A generally accepted solution to this is to setup a generic/generated identifier, returning node/hop IDs or Kerberos tickets, rather than usernames. The term Hackers can refer to several things: Hacker - a type of person interested in exploration, usually of a computer or electrical engineering background. ... Note: to create a user account for Wikipedia, go to the login page. ... To meet Wikipedias quality standards, this article may require cleanup. ... A node is a device that is connected as part of a computer network. ... In telecommunication, the term hop has the following meanings: 1. ... Identification when dealing with information (specifically data stored in databases) is the capability to find, retrieve, report, change, or delete specific data without ambiguity. ... Kerberos is a computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. ...

On Unix-like systems the identd service is generally either started from inetd/tcpd, xinetd or itself linked against libwrap, allowing TCP Wrapper filter rules to be set on some hosts (or entire subnets): A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification. ... inetd is a daemon on many Unix systems that manages Internet services. ... The correct title of this article is xinetd. ... Figure of the linking process, where object files and static libraries are assembled into a new library or executable. ... libwrap is a free software program library that implements generic TCP Wrapper functionality for network service daemons to use (rather then, or in addition to, their own host access control scheme). ... TCP Wrapper is a host-based network ACL system written by Dr. Wietse Venema, used to filter otherwise (yet) unauthenticated network access to Internet protocol services run on (Unix-like) operating systems such as Linux or BSD. Allowing host or subnetwork IP adresses, names and/or ident query replys, to... The word subnetwork (usually shortened to subnet) has two related meanings. ...

/etc/hosts.allow

identd authd: .intranet.lan, mail.isp.tld, ssh.isp.tld, irc.isp.tld, ftp.isp.tld

On denied requests the default timeout is 5 seconds. However since it is the 'protected' machine waiting to become a client to some other service, most probably, one wants to disable this timeout. Using something similar to the following: An intranet is a private computer network that uses Internet protocols, network connectivity, and possibly the public telecommunication system to securely share part of an organizations information or operations with its employees. ... Local area network scheme A local area network (LAN) is a computer network covering a local area, like a home, office, or group of buildings[1]. Current LANs are most likely to be based on switched IEEE 802. ... Wikipedia does not yet have an article with this exact name. ... An Internet service provider (abbr. ... A top-level domain (TLD) is the last part of which Internet domain names consist of. ... To meet Wikipedias quality standards, this article or section may require cleanup. ... IRC redirects here. ... FTP or file transfer protocol is used to connect two computers over the Internet so that the user of one computer can transfer files and perform file commands on the other computer. ... In computing, a client is a system that accesses a (remote) service on another computer by some kind of network. ...

/etc/hosts.deny

identd authd: ALL: twist( /bin/true & )

Uses

Ident is important on IRC as a large number of people connect to IRC servers via bouncers which either serve multiple users or are hosted on shared servers. Some users also use clients on Unix shells. Without ident there would be no way to ban a single user of a bouncer from a channel or network without banning the entire bouncer. It's also needed when complaining to the bouncer operator so they can identify which user is causing trouble. When an IRC server fails to get an identd response it has to fall back on the username given by the client. Ircds usually prefix usernames obtained directly from the client software with ~ (tilde) to indicate that they are not ident usernames and may be faked by the user (although with modern single-user home computers, the ident username itself may be set to whatever the user wants and is often returned by the same IRC client as the rest of the client information). Some IRC servers even go so far as blocking clients without an ident response, the main reason being that it makes it much harder to connect via an "open proxy" or a system where you have compromised a single account of some form but do not have root. IRC redirects here. ... Bounce, often abbreviated as BNC, is used to relay traffic and connections in computer networks. ... A Unix shell, also called the command line, provides the traditional user interface for the Unix operating system. ... An open proxy is a proxy server which is accessible by any Internet user. ... On many computer operating systems, superuser is the term used for the special user account that is controlled by the system administrator. ...

Special identds are used by those running large numbers of bouncers or a single bouncer that supports multiple users to allow bouncer usernames to be returned rather than simply the name of the user account on the system the bouncer is running under. The best known of these is probably oidentd.

See also

• Internet Relay Chat (IRC)
• File Transfer Protocol (FTP)
• Simple Mail Transfer Protocol (SMTP)
• Network News Transfer Protocol (NNTP)
• Secure Shell (SSH)

IRC redirects here. ... FTP or file transfer protocol is used to connect two computers over the Internet so that the user of one computer can transfer files and perform file commands on the other computer. ... Simple Mail Transfer Protocol (SMTP) is the de facto standard for e-mail transmissions across the Internet. ... The Network News Transfer Protocol or NNTP is an Internet application protocol used primarily for reading and posting Usenet articles, as well as transferring news among news servers. ... To meet Wikipedias quality standards, this article or section may require cleanup. ...

References

• RFC 912 - Authentication Service
• RFC 931 - Authentication Server
• Daniel J. Bernstein: TAP - INTERNET DRAFT 1992
• Daniel J. Bernstein: Why TAP? A White Paper, draft 3 920820
• RFC 1413 - Identification Protocol
• RFC 1414 - Identification MIB
• Peter Eriksson: TAPvsIDENT 3 Nov 1993
• Damien Doligez: Why encrypt ident/TAP replies? 1994.02.22

Daniel Julius Bernstein (sometimes known simply as djb; born October 29, 1971) is a professor at the University of Illinois at Chicago, a mathematician, a cryptologist, and a programmer. ... 1992 (MCMXCII) was a leap year starting on Wednesday. ... Daniel Julius Bernstein (sometimes known simply as djb; born October 29, 1971) is a professor at the University of Illinois at Chicago, a mathematician, a cryptologist, and a programmer. ... 1993 (MCMXCIII) was a common year starting on Friday of the Gregorian calendar and marked the Beginning of the International Decade to Combat Racism and Racial Discrimination (1993-2003). ... Damien Doligez is a French academic and programmer. ... 1994 (MCMXCIV) was a common year starting on Saturday of the Gregorian calendar, and was designated as the International Year of the Family and the International Year of the Sport and the Olympic Ideal by United Nations. ...

External links

• "IDENT is pointless and potentially dangerous", Erik Fair
• "IDENT is not of use to servers", Russell Nelson - A response to the above article.