On Mon, 14 Feb 2005 12:50:17 +0000, Ketil Froyn <kfroyn@gnr.com> wrote:
On Mon, 2005-02-14 at 11:29 +0200, Gadi Evron wrote:
Isn't it a good idea to collect the IP addresses rather than the ptr name? For instance, if I were an evil person in control of the ptr record of my own IP, I could easily make the name something like 1-2-3-4.dsl.verizon.net, and if you didn't collect my IP, you can never be sure you got the right details!
You are right, people can change it to be whatever they like, potentially.
What if they wanted to change the IP?
Think about what you said, and you will see why you are wrong.
I wouldn't collect the contents of an A record, if that's what you mean. I meant that it would be better to collect the IP of whoever is connected to the irc server directly, eliminating the entire, possibly misleading, step of DNS lookups. Faking that IP is more difficult.
Agreed. I always store the original IP. If the PTR record matches with the A record (aka "paranoid DNS") then I additionally store the hostname from the A record, and permit the connection to go through. But no matter what, always store the original IP. It's just four more bytes (sixteen for IPng), and TCP is more difficult to spoof than DNS. Kevin Kadow