Monumentous task of making a list of all DDoS Zombies.
E.B. Dreger
eddy+public+spam at noc.everquick.net
Sun Feb 8 23:23:48 UTC 2004
SD> Date: Sun, 8 Feb 2004 17:43:34 -0500 (EST)
SD> From: Sean Donelan
SD> Again, why does an ISP need to spend the money and as you
SD> point out the extra hassle, to do this? ISPs already have
SD> all the information they need to trace a subscriber from the
SD> IP address and timestamp.
I'm not sure they need to for the MAC address example. I was
pointing out that information contained in reverse DNS could be
meaningful, but only to those who should know.
Perhaps a better example would be to s/MAC address/user id/ and
repeat the example. Then, instead of digging through logs, one
could quickly decrypt the user ID.
SD> We made this mistake once already by having /etc/passwd files
SD> world-readable (encryption would protect the passwords).
Totally wrong analogy. /etc/passwd was a one-way hash (useless
for this situation)...
SD> Don't repeat the mistake. If you suspect a particular
...using crypt(). Note that I never suggested use of weak
crypto.
SD> computer, know the time, how long would it take to
SD> brute-force the remaining six characters?
I can think of some frequently-encrypted data that begins with
strings like "HTTP/1.1 200 OK". So which is a better starting
point for key recovery?
Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist at brics.com -or- alfra at intc.net -or- curbjmp at intc.net
Sending mail to spambait addresses is a great way to get blocked.
More information about the NANOG
mailing list