[Plug-security] Is it appropriate for anonymous proxy servers to surreptitiously run IDENT?

Samizdatt plug-security@lists.PLUG.phoenix.az.us
Fri, 30 Nov 2001 23:16:32 -0500 

I wasn't airing a grievance, in fact, I wasn't aware that I had one. I purposefully refrained from mentioning any specific anonymous proxy because, as I stated in my original post, I'm entirely ignorant about the operation of anonymous proxy servers. Also, I had no way of knowing that you owned the "unknown host" sending SYN packets to my port 113 because you don't have a DNS name for its IP address, and I'm not clairvoyant.

I just wanted to know if it was common practice to implement IDENT on an anonymous service, as I couldn't find any detailed information about it on the 'net. You'll have to admit, it is a bit disconcerting to discover that an "unknown host" is querying your PC for information in behalf of an anonymous proxy - especially if you don't know that the owner of the "unknown host" is also the owner of the anonymous proxy. I'd just give the "unknown host" a DNS name to avoid this type of issue, but that's just me. There may in fact be a very good reason from hiding the identity of the "unknown host" doing the IDENT lookups, but being unfamiliar with anonymous proxy servers, I have no way of knowing if it is correct to do so.

You mentioned yourself that you implemented IDENT because you received quite a number of attacks. I'd just like to know if other anonymous proxy administrators also implement IDENT. You have snort, an excellent IDS, already installed, but you feel that you also need to run IDENT, which is entirely your choice. I'm interested in how the majority of other anonymous proxy administrators are handling the same issues.

In my opinion, you have a great deal of courage to operate an anonymous proxy in these times where anyone standing up for the right to privacy seems to be fair game for the police & intelligence agency's wrath. I take my hat off to you. :)

Maybe the unintentional tone of my post & emails ruffled your feathers, but I had no intention of being mean spirited. Maybe I'm just a bit too curious, and a bit too discourteous in my writing style, but I'm fairly good natured in person - if just a tad bit too paranoid. ;)

Have a good weekend!


"J.Francois" wrote:
> 
> If you have an issue with the security practices of MagusNet Public Proxy, say so.
> 
> I run IDENTD because of the incredible number of attacks I get, you looked
> at my IDS logs and saw them yourself.
> Those are filtered based on conversation I had with list members here.
> Check the PLUG archives.
> Also look at http://www.magusnet.com/magusnet-policy.txt
> and you will see that the logs are NOT kept.
> 
> This is also an inappropriate forum for airing your grievence.
> Apparently you were not happy that my ISP sided with me.
> Also, I do not run any OS that will handle an .EXE so your
> link is invalid.
> 
> If you were in any way familiar with IDENTD you would know that it is not
> a great way to collect data as the client can send back anything they want.
> 
> On Fri, Nov 30, 2001 at 05:08:10PM -0500, Samizdatt wrote:
> > Is it appropriate for anonymous proxy servers to surreptitiously run IDENT, which basically attempts to collect as much information as possible from the host computer making the request through the anonymous proxy? Why do a IDENT check at all? Isn't anonymity the point of using a proxy server in the first place?
> 
> --
> Jean Francois - JLF Sends...
> "Tell them we are not Gods, but SysAdmins, which is the next best thing."
> 
> _______________________________________________
> Plug-security mailing list  -  Plug-security@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-security

-- 
***NOTE***
This entire message is confidential, and protected by copyright. If you are not the intended recipient, you are hereby notified that any review, dissemination or archiving of this message is strictly prohibited.
**********