nanog mailing list archives
Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (crossposting))
From: Kevin <kkadow () gmail com>
Date: Mon, 14 Feb 2005 07:21:39 -0600
On Mon, 14 Feb 2005 12:50:17 +0000, Ketil Froyn <kfroyn () gnr com> wrote:
On Mon, 2005-02-14 at 11:29 +0200, Gadi Evron wrote:Isn't it a good idea to collect the IP addresses rather than the ptr name? For instance, if I were an evil person in control of the ptr record of my own IP, I could easily make the name something like 1-2-3-4.dsl.verizon.net, and if you didn't collect my IP, you can never be sure you got the right details!You are right, people can change it to be whatever they like, potentially. What if they wanted to change the IP? Think about what you said, and you will see why you are wrong.I wouldn't collect the contents of an A record, if that's what you mean. I meant that it would be better to collect the IP of whoever is connected to the irc server directly, eliminating the entire, possibly misleading, step of DNS lookups. Faking that IP is more difficult.
Agreed. I always store the original IP. If the PTR record matches with the A record (aka "paranoid DNS") then I additionally store the hostname from the A record, and permit the connection to go through. But no matter what, always store the original IP. It's just four more bytes (sixteen for IPng), and TCP is more difficult to spoof than DNS. Kevin Kadow
Current thread:
- Re: IRC Bot list (cross posting), (continued)
- Re: IRC Bot list (cross posting) william(at)elan.net (Feb 08)
- Re: IRC Bot list (cross posting) Scott Weeks (Feb 08)
- Message not available
- Re: [unisog] Collecting PTR names rather than IP addresses (Was: Re: IRC Bot list (cross posting)) Valdis . Kletnieks (Feb 09)
- Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting)) Ketil Froyn (Feb 11)
- Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting)) bmanning (Feb 11)
- Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting)) Gadi Evron (Feb 14)
- Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting)) Adam Jacob Muller (Feb 11)
- Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting)) Gadi Evron (Feb 14)
- Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (crossposting)) Gadi Evron (Feb 14)
- Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (crossposting)) Ketil Froyn (Feb 14)
- Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (crossposting)) Kevin (Feb 14)
- Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (crossposting)) Gadi Evron (Feb 14)
- Re: Collecting PTR names or IP addresses (Was: Re: IRC Bot list (cross posting)) bmanning (Feb 11)
- RE: IRC Bot list (cross posting) Bill Nash (Feb 08)
- Re: IRC Bot list (cross posting) Gadi Evron (Feb 09)
- Re: IRC Bot list (cross posting) Michael Loftis (Feb 09)
- Re: IRC Bot list (cross posting) Gadi Evron (Feb 09)
- RE: IRC Bot list (cross posting) Bill Nash (Feb 09)