The Ident FAQ
There are many users who seem to have problems with IDENT when connecting to DALnet. This page is maintained by the DALnet Exploits Team to provide as much help as we are able to in resolving these problems. We'd ask all users to take the time to read through the FAQ if they are at all unsure of what ident is, why we require it and what to do to enable it from your system.|
We regret that we can't offer detailed advice for all possible combinations of hardware & software but there are simply too many possibilities for us to even try to do this. Where we are aware of a specific problem we will post details of it and any possible solutions here. If you've encountered a problem with a specific setup and solved it please let us know so we can pass on the solution to other users who have the same problem.
1: What is Ident?
2: Why do I need Ident on my PC?
3: I switched ISP now I'm banned, help.
4: What does "Closing Link: Autokilled for [Exp/ident] enable ident in your client" mean?
5: I use a Router to access the internet, how do I make ident work with it?
6: What about Proxy Servers?
7: Internet Connection Sharing?
8: I have ident switched on, don't use ICS or a proxy and don't have a firewall but I'm still autokilled, why?
9: I'm behind a firewall, what can I do?
10: Isn't ident insecure?
1 : What is Ident?
Ident originates from UNIX machines, where it is used to discover the account name that the user logged in with. It's principal advantage for IRC users is that a properly set ident will make it harder for you to be 'blamed' for the actions of other users. This is particularly important for those who connect via shell acounts, bouncers or similar multi-user gateways - such machines will normally have an ident server which is maintained by the system administrator. DALnet server send an ident query to the IP address of any client as part of the initial connection sequence, if no response is received a tilde (~) is inserted into the user's address immediatly after the exclamation mark (email@example.com). Full details of the ident protocol can be found in RFC9??
2 : Why do I need Ident on my PC?
DALnet uses ident to help control abusive users, especially clones. Since most people who are attempting to evade bans or launch clones either have no ident response or are unable to change their ident response, we can use it to make bans, k-lines and autokills effective against only the person who is abusing our service. In particular, it's very difficult to spoof IP addresses or 'bounce' your connection through a trojanised PC and still have a valid ident response. Unlike EFnet, we do not insist all users run ident to use our service. Some servers may have a policy of allowing only clients which run ident, however this is a decision made by each server's admin and is not a formal requirement of DALnet. If you have difficulties connecting to DALnet because you cannot run ident and the message you receive when you are disconnected is K-LINED (as opposed to autokilled), try using another server.
3 : I switched ISP, now I'm banned, help.
While we don't insist all users run ident, those connecting from some ISP's will require to. These are generally large ISP's, especially those offering cable or DSL services as these accounts seem to be more prone to abuse than dial-up accounts are. If you have switched from dial-up to cable or DSL and now find you must run ident it is probable that all users of your new ISP will require to do so. Instructions for setting up ident on common platforms are available from the menu on the left. You should also note that Cable/DSL Routers, proxy servers and ICS (Internet Connection Sharing) can cause problems with ident, check with your supplier for further information on configuring your particular hardware or software correctly.
4 : What does "Closing Link: Autokilled for [Exp/ident] enable ident in your client" mean?
This message simply indicates that you are required to run ident to connect to DALnet. It does not mean you have been banned from the network, it simply means that you must have a valid ident response to connect. This often occurs when you are using large ISP's (AOL, Netvision, @home, Earthlink, UUnet etc.). It is more likely to happen if you are using a cable modem or DSL connection, although some dial-up users may also experience this issue. Instructions on how to set up ident on common platforms are available from the menu on the left.
5 : I use a router or LAN to connect to the internet, how do I make Ident work with it?
This depends on how your LAN is set up. If each machine on your LAN has a real IP address (visible to the internet) then all you need to do is ensure that port 113 is open on your router and each machine runs an IRC client with built in ident server. If you have only a single IP address and your router performs NAT (network address translation), you will need to designate one PC on your network to run an ident server and create a static mapping on your router to direct all traffic on port 113 to that machine. The method of doing this varies from router to router, please contact your vendor's technical support team for detailed advice.
6 : What about Proxy Servers?
If you run a local proxy server (wingate, Socks4 or Socks5) you will need to ensure that the machine running the proxy also has an ident server installed and working. It needs to receive and respond to requests from the internet on port 113. Running an ident server on the client PC's will not work, they connect VIA the proxy which will intercept any ident requests sent from the servers to your network. If you have difficulty doing this, please contact your vendor's technical support department for assistance. If you are forced to connect via a public proxy or one supplied by your ISP and it does not support ident, you will need to contact the administrator of that system for help.
7 : Internet Connection Sharing?
Microsoft's ICS (internet connection sharing) does not officially support ident but can be made to work. Send an email with [exp/ics] as a subject to firstname.lastname@example.org for full instructions.
8 : I have Ident switched on, don't use ICS or a proxy and don't have a firewall but I'm still autokilled, why?
Some ISP's, for reasons best known only to themselves, block ident requests. Most notably this includes some sections of AOL, although even AOL support seem unsure as to why. If you are sure everything on your side if configured correctly, all we can suggest is to contact your ISP's technical support department and ask them to investigate. It's also possible that the DALnet server you are trying to connect to is under heavy load and unable to process your ident reply. It may be worth your while trying several servers to eliminate this possibility.
9 : I'm behind a firewall, what can I do?
If you have access to the firewall configuration, open port 113 (TCP) and allow connections inbound and outbound. Users of Zone Alarm may need to grant their IRC client rights to 'act as a server' in order for ident to work properly. If you do not have access to the firewall (You are on a corporate or educational LAN) you will need to contact your system administrator for assistance.
10 : Isn't Ident insecure?
Some Sysadmins believe ident is insecure. It does give out valid usernames, however if you have a reasonably secure system with a properly defined security policy this is a minor risk. Ident itself does not pose a security risk to the system which runs it providing the version being run is current. As with all software, it should be updated if and when necessary. Truly paranoid sysadmins may wish to investigate fakeidentd (see Unix Ident on the menu) which allows you to mask valid usernames while still returning working ident responses.
Tip of the day
Make sure your nick's email address is still valid so you'll be able to recover your password if needed. /NickServ HELP SET EMAIL