North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Suggestion for improved identD

  • From: Derek Balling
  • Date: Fri May 22 14:12:21 1998

>    What I don't understand is why you can't just present the IP
>    address, and the time of the mis-behavior to the network owners;
>    they should be able to identify the responsible person from the
>    dial-up authentication (RADIUS or other) logs.  Even if there is a
>    complete network behind the dial-up (or ISDN or whatever), there
>    *had* to be an authentication of some sort to establish the
>    connection, or they have bigger problems that will not be solved
>    by a "better IDENT".  At worst, they can delegate the problem to
>    whoever authenticated: "Find and solve the problem before we allow
>    any of your connections.  If this cuts off several people that's
>    *your* problem.  Its your subnet and your account.  You are
>    responsible for it.  Fix it."

I think the answer to this question is that a LOT of ISP admins don't have
the time to handle the flood of complaints that would come about from
IRC-based complaints. This is why many of the larger ISP's at some point in
time get banned from IRC servers in general... As an example, there are
plenty of Netcom users who have made "general IRC attacks" (channel
takeovers, nuking users, etc.) and Netcom is banned, as a whole, from a
number of servers (or at least was several years ago when last I used IRC).
Complaints to Netcom would generally go unanswered because when it came to
having time to deal with complaints, IRC ones - which generally come down
to a he-said,she-said situation, go ignored. A user can produce "a log of
what happened", but give me 10 minutes with vi and I can produce an IRC log
that says the Pope pronounced Jesus a pagan wizard. 

Not that I personally care about IRC Servers' demands (I personally
consider them a good idea turned into a hideous waste of bandwidth), but
their concern is real, from their point-of-view, and the network admins
they need to deal with generally are unresponsive because of the very
nature of IRC.