North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Monumentous task of making a list of all DDoS Zombies.

  • From: E.B. Dreger
  • Date: Sun Feb 08 18:26:03 2004

SD> Date: Sun, 8 Feb 2004 17:43:34 -0500 (EST)
SD> From: Sean Donelan

SD> Again, why does an ISP need to spend the money and as you
SD> point out the extra hassle, to do this?  ISPs already have
SD> all the information they need to trace a subscriber from the
SD> IP address and timestamp.

I'm not sure they need to for the MAC address example.  I was
pointing out that information contained in reverse DNS could be
meaningful, but only to those who should know.

Perhaps a better example would be to s/MAC address/user id/ and
repeat the example.  Then, instead of digging through logs, one
could quickly decrypt the user ID.

SD> We made this mistake once already by having /etc/passwd files
SD> world-readable (encryption would protect the passwords).

Totally wrong analogy.  /etc/passwd was a one-way hash (useless
for this situation)...

SD> Don't repeat the mistake.  If you suspect a particular

...using crypt().  Note that I never suggested use of weak

SD> computer, know the time, how long would it take to
SD> brute-force the remaining six characters?

I can think of some frequently-encrypted data that begins with
strings like "HTTP/1.1 200 OK".  So which is a better starting
point for key recovery?

EverQuick Internet -
A division of Brotsman & Dreger, Inc. -
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
          DO NOT send mail to the following addresses :
  [email protected] -or- [email protected] -or- [email protected]
Sending mail to spambait addresses is a great way to get blocked.