How does Ident work?

Question

I am having a hard time understanding how the ident protocol works. I came across a summary of how it works at Wikipedia however don't quite follow what it means

The Ident Protocol is designed to work as a server daemon, on a user's computer, where it receives requests to a specified port, generally 113. In a query, a client specifies a pair of ports (a local and a remote port). The server will then send a specially designed response that identifies the username of the user who runs the program that uses the specified pair of ports.

For example I assume that every OS has an ident server running. If so where does it receive an ident request to a specified port? In that query it states the client specifies a part of ports? Which is the client and which is the server?

score 4 · Accepted Answer · answered Aug 20 '11 at 06:27

4

where does it receive an ident request to a specified port?

The Ident server listens on TCP port 113.

In that query it states the client specifies a part of ports? Which is the client and which is the server?

The client initiates the connection, the server accepts it. In this case, your computer is the Ident server since it runs the Ident daemon and listens for connections, and the IRC server is the Ident client since it initiates the Ident connection. (IRC is pretty much the only protocol left that uses Ident.)

The RFC example says:

<port-on-server> , <port-on-client> : <resp-type> : <add-info>

6193, 23 : USERID : UNIX : stjohns

Here port-on-client is the remote side (Telnet server acting as Ident client), and port-on-server is your computer (acting as Ident server).

answered Aug 20 '11 at 06:27

u1686_grawity

452,512

Thanks. So does it mean if I want to connect to an IRC service, I need to have an ident server running on my PC? If so when I connect to an IRC server/service I take it it would attempt to connect to the ident server on my PC? – PeanutsMonkey Aug 20 '11 at 07:36
Yes, that's right. (Except Ident is very rarely required, most networks consider it optional.) – u1686_grawity Aug 20 '11 at 08:05
… but they'll nonetheless hang for a minute or so at connection time whilst they time out trying to talk to a nonexistent ident server. ☺ – JdeBP Aug 20 '11 at 23:39
@JdeBP: Not if your computer correctly rejects the TCP connection attempts. (Often firewalls drop them quietly instead of TCP RST.) – u1686_grawity Aug 21 '11 at 06:04
1

Amazingly, we live in a world where people like Steve Gibson give top marks for computers that do not exhibit any such correct behaviour. ☺ – JdeBP Aug 22 '11 at 01:22
(In other "news", your network is secure if it's behind a NAT, and breaking PMTUD by blocking all ICMP packets is the new hot thing in computer security.) – u1686_grawity Aug 22 '11 at 01:34
@grawity - What is PMTUD? In the case of ident being rarely required, what purpose does it serve? – PeanutsMonkey Aug 22 '11 at 01:56
@Peanuts: The comment was not related to Identd. (PMTUD is Path MTU Discovery.) – u1686_grawity Aug 22 '11 at 09:30
1

I've lived in a Gibsonian world at at least one job. IRC users whose network administrators are likewise Gibsonians simply have to learn to love the long wait for the NOTICE AUTH :*** No Ident response message. Interestingly, the conclusion that Steve Gibson's notions of stealth ports are "a little bit nutty" and "fearmongering" currently wins the popular vote. That doesn't help those sentenced to live with Gibsonians, though. ☺ – JdeBP Aug 23 '11 at 23:32

How does Ident work?

1 Answers1