North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Monumentous task of making a list of all DDoS Zombies.

  • From: E.B. Dreger
  • Date: Sun Feb 08 16:26:40 2004

SD> Date: Sun, 8 Feb 2004 02:01:29 -0500 (EST)
SD> From: Sean Donelan

SD> Instead of Doubleclick tracking users with Cookies, they
SD> would be able to track the unique computers from the MAC
SD> address in the reverse DNS record over time.

A MAC address is six octets.  Append time past Epoch when IP was
assigned; that's another four octets.  Append six random octets.
Encrypt.  Make hostname-friendly using %x equivalent.

One now has 32 characters that contain the MAC address and time
the DHCP lease (or whatever) began, yet are meaningless to those
who lack the key.  Consider periodically changing the six random
octets to protect users with long DHCP leases.

It's extra hassle, but one can clearly have tracking _and_
protect user privacy.

That leaves the issue of users changing MAC address to evade
detection.  However, the aforementioned DNS issues have no
bearing on this problem, which is a separate topic.

EverQuick Internet -
A division of Brotsman & Dreger, Inc. -
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
          DO NOT send mail to the following addresses :
  [email protected] -or- [email protected] -or- [email protected]
Sending mail to spambait addresses is a great way to get blocked.