North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: [unisog] Collecting PTR names rather than IP addresses (Was: Re: IRC Bot list (cross posting))
On Wed, 09 Feb 2005 12:11:16 GMT, Ketil Froyn said: > > > http://www.albany.edu/~ja6447/hacked_bots8.txt > > Isn't it a good idea to collect the IP addresses rather than the ptr > name? For instance, if I were an evil person in control of the ptr > record of my own IP, I could easily make the name something like > 1-2-3-4.dsl.verizon.net, and if you didn't collect my IP, you can never > be sure you got the right details! > > Something like this is probably not very widespread (has anyone seen it > in practice?), but I still think that for tracking purposes, ptr records > are useless. IMHO. The kiddies have been doing it for *years* on IRC to make their hostnames show up as various 31337 values on a /who. In fact, if you know what you're doing you don't even need control of the PTR record - many older versions of BIND were incredibly susceptible to DNS cache poisoning.