Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting))

Adam Jacob Muller adam at gotlinux.us
Sat Feb 12 04:00:22 UTC 2005


Not possible with most modern IRCD's since they check forward and 
reverse dns.
So for example if your address is:
	1.2.3.4
and that resolves to:
	1-2-3-4.dsl.verizon.net
the ircd make sure that:
	1-2-3-4.dsl.verizon.net
resolves back to
	1.2.3.4

it's a simple and elegant solution that basically stops spoofing of 
this nature, on IRC anyway....


Adam

On Feb 11, 2005, at 10:45 AM, Ketil Froyn wrote:

>
>>> http://www.albany.edu/~ja6447/hacked_bots8.txt
>
> Isn't it a good idea to collect the IP addresses rather than the ptr
> name? For instance, if I were an evil person in control of the ptr
> record of my own IP, I could easily make the name something like
> 1-2-3-4.dsl.verizon.net, and if you didn't collect my IP, you can never
> be sure you got the right details!
>
> Something like this is probably not very widespread (has anyone seen it
> in practice?), but I still think that for tracking purposes, ptr 
> records
> are useless. IMHO.
>
> Ketil
>
>
>
> !DSPAM:420cd46b173571891151301!
>




More information about the NANOG mailing list