Monumentous task of making a list of all DDoS Zombies.

• Previous message (by thread): Monumentous task of making a list of all DDoS Zombies.
• Next message (by thread): Monumentous task of making a list of all DDoS Zombies.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SD> Date: Sun, 8 Feb 2004 02:01:29 -0500 (EST)
SD> From: Sean Donelan


SD> Instead of Doubleclick tracking users with Cookies, they
SD> would be able to track the unique computers from the MAC
SD> address in the reverse DNS record over time.

A MAC address is six octets.  Append time past Epoch when IP was
assigned; that's another four octets.  Append six random octets.
Encrypt.  Make hostname-friendly using %x equivalent.

One now has 32 characters that contain the MAC address and time
the DHCP lease (or whatever) began, yet are meaningless to those
who lack the key.  Consider periodically changing the six random
octets to protect users with long DHCP leases.

It's extra hassle, but one can clearly have tracking _and_
protect user privacy.

That leaves the issue of users changing MAC address to evade
detection.  However, the aforementioned DNS issues have no
bearing on this problem, which is a separate topic.


Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
          DO NOT send mail to the following addresses :
  blacklist at brics.com -or- alfra at intc.net -or- curbjmp at intc.net
Sending mail to spambait addresses is a great way to get blocked.

• Previous message (by thread): Monumentous task of making a list of all DDoS Zombies.
• Next message (by thread): Monumentous task of making a list of all DDoS Zombies.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]