Subject: Re: tcp-wrappers, tcpd, and NetBSD
To: None <current-users@NetBSD.ORG,>
From: D. J. Bernstein <>
List: current-users
Date: 04/20/1997 19:47:50
  [ from March: ]
> If you have a multiuser system and you want to trace which users are
> doing "interesting" things to the network, it would make far more
> sense to arrange for networking activity to be auditable

That's what port 113 does. Code is available for practically every
multiuser system on the Internet.

Do you have an alternative logging solution? Show us some code.

  [ local log ]
> Moreover, it would probably involve far less overhead than ident,

It's easy for you to claim that vaporware will be faster than a working
solution. But you're probably wrong anyway.

The reason is that most connections are to harmless services that don't
need an audit trail. Servers do port 113 lookups only for services that
they're worried about.

A local log will take much less work per log entry, but it will be
invoked far more often; without server input you can't safely decide
which connections should be logged.

> leaves the choice of whether to disclose the identity of
> the accused to the user's sysadmin, and has a much more dependable
> "chain of evidence".

Wrong. The most popular ident server supports encryption. Nothing is
disclosed. The chain of evidence is secure.

> Actually, Mike St. Johns publically stated that ident was a bad idea a
> number of years ago,

Dozens of sysadmins---UIUC's Joe Gross, for example---have publicly
stated that port 113 is useful _for them_.

Tens of thousands of multiuser machines are running a port 113 server
for _their own_ benefit. Port 113 appears to have risen into the top ten
protocols on the Internet, measured by traffic.

Most UNIX MTAs now do port 113 callbacks by default. Implementors are
aware of port 113 and understand why it's so popular: it's the only
available logging solution for most systems.

Why exactly should these people care about the delusions of St. Johns?

Let your users manage their own mailing lists.