[27751] in North American Network Operators' Group
Re: Here we go again
daemon@ATHENA.MIT.EDU (Dan Hollis)
Fri Mar 10 19:46:00 2000
Date: Fri, 10 Mar 2000 16:43:52 -0800 (PST)
From: Dan Hollis <goemon@sasami.anime.net>
To: Scott Solmonson <scosol@speedera.com>
Cc: "Eric A. Hall" <ehall@ehsco.com>, nanog@merit.edu
In-Reply-To: <38C991FC.9BB396D1@speedera.com>
Message-ID: <Pine.LNX.4.10.10003101642030.17789-100000@anime.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 10 Mar 2000, Scott Solmonson wrote:
> Dan Hollis wrote:
> > I was thinking the exact same thing. The DoS'er would end up DoS'ing
> > themselves.
> Since when does "same source address" mean "same client"?
> Ya- start redirecting everyone to an AOL proxy...
Referrer != forwarded-for.
When we are talking about redirecting, we are talking about redirecting to
the DoS'ers page. Not their client.
> And all these depend on being able to identify "authentic" users-
Nope
> I don't think that's going to happen-
> If the client is coded correctly you won't be able to tell at all-
Huh? The client is netscape or IE. I dont know of any way for javascript
to override the headers the browser client sends.
-Dan
