Re: Monumentous task of making a list of all DDoS Zombies.

From: E.B. Dreger (eddy+public+)
Date: Sun Feb 08 2004 - 18:23:48 EST

SD> Date: Sun, 8 Feb 2004 17:43:34 -0500 (EST)
SD> From: Sean Donelan

SD> Again, why does an ISP need to spend the money and as you
SD> point out the extra hassle, to do this? ISPs already have
SD> all the information they need to trace a subscriber from the
SD> IP address and timestamp.

I'm not sure they need to for the MAC address example. I was
pointing out that information contained in reverse DNS could be
meaningful, but only to those who should know.

Perhaps a better example would be to s/MAC address/user id/ and
repeat the example. Then, instead of digging through logs, one
could quickly decrypt the user ID.

SD> We made this mistake once already by having /etc/passwd files
SD> world-readable (encryption would protect the passwords).

Totally wrong analogy. /etc/passwd was a one-way hash (useless
for this situation)...

SD> Don't repeat the mistake. If you suspect a particular

...using crypt(). Note that I never suggested use of weak

SD> computer, know the time, how long would it take to
SD> brute-force the remaining six characters?

I can think of some frequently-encrypted data that begins with
strings like "HTTP/1.1 200 OK". So which is a better starting
point for key recovery?


EverQuick Internet -
A division of Brotsman & Dreger, Inc. -
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
          DO NOT send mail to the following addresses :
   -or-  -or- 
Sending mail to spambait addresses is a great way to get blocked.

Hosted Email Solutions

Invaluement Anti-Spam DNSBLs

Powered By FreeBSD   Powered By FreeBSD