[unisog] New DISS Security Model

H. Morrow Long morrow.long at yale.edu
Thu Jun 1 03:23:50 GMT 2006

I bet they just do the double lookup trick:

1.	Look up the IP #.  See if it resolved to a PTR record with a .COM  
domain ending.
2.	Look up the .COM domain host name and see if it resolves to the  
original IP #.

They could do something trickier such as look up the IP's net block  
in whois to see if the
IP belongs to an educational institution.


On May 31, 2006, at 11:02 PM, Marty Hoag wrote:
> marchany at vt.edu wrote:
>> ... DISS will continue to allow users from .mil, .gov and
>> .com domains to access these applications; given the IP address  
>> contains a
>> true .mil, .gov or .com. ...
>     Huh? How does an IP address "contain" a true .com domain? Do they
> mean the PTR goes back to a .com? I mean, we ".edu" domain folks could
> certainly define a .com host name in the same IP address space. But
> maybe I'm missing something.
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list