North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [unisog] Collecting PTR names rather than IP addresses (Was: Re: IRC Bot list (cross posting))

  • From: Valdis.Kletnieks
  • Date: Wed Feb 09 12:05:43 2005

On Wed, 09 Feb 2005 12:11:16 GMT, Ketil Froyn said:
> > >
> Isn't it a good idea to collect the IP addresses rather than the ptr
> name? For instance, if I were an evil person in control of the ptr
> record of my own IP, I could easily make the name something like
>, and if you didn't collect my IP, you can never
> be sure you got the right details!
> Something like this is probably not very widespread (has anyone seen it
> in practice?), but I still think that for tracking purposes, ptr records
> are useless. IMHO.

The kiddies have been doing it for *years* on IRC to make their hostnames show
up as various 31337 values on a /who.  In fact, if you know what you're doing
you don't even need control of the PTR record - many older versions of BIND
were incredibly susceptible to DNS cache poisoning.

Attachment: pgp00002.pgp
Description: PGP signature