North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting))

  • From: Adam Jacob Muller
  • Date: Fri Feb 11 23:05:00 2005


Not possible with most modern IRCD's since they check forward and reverse dns.
So for example if your address is:
1.2.3.4
and that resolves to:
1-2-3-4.dsl.verizon.net
the ircd make sure that:
1-2-3-4.dsl.verizon.net
resolves back to
1.2.3.4

it's a simple and elegant solution that basically stops spoofing of this nature, on IRC anyway....


Adam

On Feb 11, 2005, at 10:45 AM, Ketil Froyn wrote:


http://www.albany.edu/~ja6447/hacked_bots8.txt
Isn't it a good idea to collect the IP addresses rather than the ptr
name? For instance, if I were an evil person in control of the ptr
record of my own IP, I could easily make the name something like
1-2-3-4.dsl.verizon.net, and if you didn't collect my IP, you can never
be sure you got the right details!

Something like this is probably not very widespread (has anyone seen it
in practice?), but I still think that for tracking purposes, ptr records
are useless. IMHO.

Ketil



!DSPAM:420cd46b173571891151301!