[397] in Zephyr_Comments
proposal to help catch the twits sending zfakes
daemon@ATHENA.MIT.EDU (John T Kohl)
Fri Nov 10 09:30:39 1989
Date: Fri, 10 Nov 89 09:30:21 -0500
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: zephyr-comments@ATHENA.MIT.EDU
I had an idea for an easy way to help track down the people who are
abusing zephyr with fake names and addresses.
The servers have available to them the source IP address of all the
packets it receives.
The clients (zwgc) only see either the server's address or the sender's
address *as stored in the notice*, so that a malicious client can send a
fake address and the client can't tell the real source.
I propose modifying the Zephyr servers to spit out a log message if the
address in the notice doesn't match the source address. This solution
is attractive because it is simple to implement and doesn't require any
protocol modifications.
When someone starts abusing zephyr, then operations could check the logs
and discover which machine the offensive notices are coming from, and
hopefully this would allow someone to prosecute the offender.
Comments?
John
