On Fri, 7 Dec 2001 Valdis.Kletnieksat_private wrote: > No, No, No! > > Port 113 AUTH is *not* an authentication protocol. <snip> > It was a string that *later*, if there was a problem, you would give > back to me, the sysadmin of the *source* machine, and from that, > I would hopefully have an idea which of my users I needed to beat > the snot out of. So... it's a protocol that gives me a piece of information that is meant to be mapped to a username? Well, that's kinda the definition of "authentication protocol" that I was think of. Is it your assertion that it's not an authentication protocol because the information isn't immediately usable? I understand that there are options to provide some sort of hash instead of the direct info, but I've never seen it used. Here's what I pulled off the wire when I connected to an IRC server: ADDR HEX ASCII 0000: 00 10 67 00 97 63 00 c0 f0 57 71 e1 08 00 45 00 | ..g..c..Wq...E. 0010: 00 4b 49 fa 40 00 80 06 52 fb 40 a7 8b 3a c6 ba | .KI.@...R@..:.. 0020: cb 1b 00 71 08 2e 0a 20 e5 1c 6d 4e be 73 50 18 | ...q... ..mN.sP. 0030: 22 2b d8 0c 00 00 33 37 33 37 2c 20 36 36 36 37 | "+....3737, 6667 0040: 20 3a 20 55 53 45 52 49 44 20 3a 20 55 4e 49 58 | :USERID : UNIX 0050: 20 3a 20 72 79 61 6e 0d 0a | : ryan.. Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Dec 07 2001 - 20:47:41 PST