[67344] in North American Network Operators' Group
Re: Monumentous task of making a list of all DDoS Zombies.
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Sun Feb 8 18:24:16 2004
Date: Sun, 8 Feb 2004 23:23:48 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0402081722150.27214@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
SD> Date: Sun, 8 Feb 2004 17:43:34 -0500 (EST)
SD> From: Sean Donelan
SD> Again, why does an ISP need to spend the money and as you
SD> point out the extra hassle, to do this? ISPs already have
SD> all the information they need to trace a subscriber from the
SD> IP address and timestamp.
I'm not sure they need to for the MAC address example. I was
pointing out that information contained in reverse DNS could be
meaningful, but only to those who should know.
Perhaps a better example would be to s/MAC address/user id/ and
repeat the example. Then, instead of digging through logs, one
could quickly decrypt the user ID.
SD> We made this mistake once already by having /etc/passwd files
SD> world-readable (encryption would protect the passwords).
Totally wrong analogy. /etc/passwd was a one-way hash (useless
for this situation)...
SD> Don't repeat the mistake. If you suspect a particular
...using crypt(). Note that I never suggested use of weak
crypto.
SD> computer, know the time, how long would it take to
SD> brute-force the remaining six characters?
I can think of some frequently-encrypted data that begins with
strings like "HTTP/1.1 200 OK". So which is a better starting
point for key recovery?
Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net
Sending mail to spambait addresses is a great way to get blocked.
