Table of Contents

fauxident  

Summary

A simple, faked ident daemon.

Overview

fauxident is a small Python script that will act as an extremely naive ident server, answering all ident requests with a consistent response -- either an ERROR or a USERID response. This can be advantageous on systems where running a true identd is unavailable, where it would be a security risk, or when masquerading firewalls are in use, where multiple machines are involved behind the firewall and running a proper ident system is not an option.

Getting the software

The current version of fauxident is 1.2.1.

The latest version of the software is available in a tarball here: http://www.alcyone.com/software/fauxident/fauxident-latest.tar.gz.

The official URL for this Web site is http://www.alcyone.com/software/fauxident/.

Requirements

fauxident requires Python 2.x or greater and a Unix or Unix-like operating system.

License

This code is released under the GPL.

Introduction

An ident server is intended to get information on correlations between client and server ports on a machine, and connect them to the user involved with using it. ident is used implicitly by some other services; for instance, many IRC servers check for ident responses from connecting clients, and some in fact will reject clients which do not have an ident server running.

The intent of this program is to allow users who cannot otherwise run identd servers (either for security or network topology reasons) to set up something that will respond, albeit trivially, with an ident response. Note that the server does understand the ident protocol enough to be able to detect, and response with the proper error messages to, malformed queries.

The fauxident.py program should be run from the command line. By default it will act as a daemon. Also, since it binds to port 113 by default, root access is required. Any server that is already bound to port 113, of course, will prevent fauxident.py from running.

Invocation

The following command line options alter the behavior of the program as follows:

-V/--version
Print the version of the program and exit.
-p/--port (port)'
Bind to the specified port. Defaults to 113 (which requires root access).
-a/--address (IP address)'
Bind to the specified interface. By default all interfaces are used.
-f/--foreground
Keep the program in the foreground (and stdout/stderr open); by default, if the server can be created, the script will daemonize itself.
-r/--realm (realm)
In a valid response, the realm in which the reponse takes place. By default this is UNIX.
-u/--user (user)
In a valid response, the user associated with the realm. By default this is user. This can also be a comma-separated list of names, of which a random one will be chosen for each connection.
-m/--permute
In a valid response, randomly shuffle the letters of the user name before responding.
-s/--suffix (length)
In a valid response, append a random number of the specified number of digits (padded to the left with zeroes) to the end of the user response.
-e/-E/--error (error)
Cause the specified error to be the response for otherwise valid queries, if that should be so desired. The response should be one of INVALID-PORT, NO-USER, HIDDEN-USER, or UNKNOWN-ERROR. (Other responses are allowed, but have no meaning according to the RFC.)
-N/--no-user
Shortcut for -e NO-USER.
-H/--hidden-user
Shortcut for -e HIDDEN-USER.

Sample usage

By default the server will start in the background and bind to the standard port and respond to all queries as if the port pair were owned by the user user in the realm 'UNIX':

        ./fauxident.py

An alternate interface and/or port can be chosen:

        ./fauxident.py -a 10.0.0.1 -p 8113

Different realms and user names can be chosen. For instance, to have the server respond as nobody under the realm OTHER, use:

        ./fauxident.py -r OTHER -u nobody

Multiple names can be specified, separated by commas (with no intervening spaces), and one will be selected randomly each time:

        ./fauxident.py -u larry,curly,moe

The -m option can be include which causes the user to be randomly permuted (the letters shuffled) each time the name is generated (but before the suffix, if any, is appended):

        ./fauxident.py -u noname -m

Additionally, the -s option can be used to specify a suffixed random number (padded with zeroes) of the given length in each response:

        ./fauxident.py -u resu -s 4

This last example will respond each time with a different randomized name with a four-digit suffixed random number, e.g., resu3759.

One can also configure the server to always respond with errors:

        ./fauxident.py -N
        ./fauxident.py -H

Wish list

  • This obviously could eventually be turned into a full-fledged, or perhaps under limited control, identd service.

References

  • RFC 1413.

Release history

  • 1.2.1; 2003 Oct 21. User name permuting was accidentally on by default; corrected missing -m entry in usage information.

  • 1.2; 2003 Sep 27. Add -m option to permute user names in responses.

  • 1.1; 2002 Dec 7. Allow multiple user names to be chosen randomly from; include support for suffixed random number of given length; change to -V option for version information; improve documentation.

  • 1.0.1; 2002 Oct 15. Bugfix to reject large input buffers from the client, preventing a highly unlikely but possible DOS attack.

  • 1.0; 2002 Aug 14. Initial release.

Author

This module was written by Erik Max Francis. If you use this software, have suggestions for future releases, or bug reports, I'd love to hear about it.

Version

Version 1.2.1 $Date: 2003/10/21 $ $Author: max $

Modules and Packages   

fauxident

A faux identd server.


Table of Contents

This document was automatically generated on Tue Oct 21 20:10:13 2003 by HappyDoc version 2.1