From owner-freebsd-questions@FreeBSD.ORG Wed Aug 9 07:08:49 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D923516A4DA for ; Wed, 9 Aug 2006 07:08:49 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout1.cac.washington.edu (mxout1.cac.washington.edu [140.142.32.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62EF943D45 for ; Wed, 9 Aug 2006 07:08:49 +0000 (GMT) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.9]) by mxout1.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.03) with ESMTP id k7978m2t010615 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 9 Aug 2006 00:08:49 -0700 X-Auth-Received: from [192.168.0.40] (dsl254-013-145.sea1.dsl.speakeasy.net [216.254.13.145]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.03) with ESMTP id k7978mnZ032717 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for ; Wed, 9 Aug 2006 00:08:48 -0700 Mime-Version: 1.0 (Apple Message framework v752.2) In-Reply-To: <20060808212719.L7522@ganymede.hub.org> References: <20060807003815.C7522@ganymede.hub.org> <20060808102819.GB64879@augusta.de> <20060808153921.V7522@ganymede.hub.org> <44D8EC98.8020801@utdallas.edu> <20060808201359.S7522@ganymede.hub.org> <44D91F02.90107@mawer.org> <20060808212719.L7522@ganymede.hub.org> X-Gpgmail-State: !signed Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <30502313-7B58-4FEC-8A2C-43ED071AC26F@u.washington.edu> Content-Transfer-Encoding: 7bit From: Garrett Cooper Date: Wed, 9 Aug 2006 00:13:03 -0700 To: freebsd-questions@freebsd.org X-Mailer: Apple Mail (2.752.2) X-PMX-Version: 5.2.0.264296, Antispam-Engine: 2.4.0.264935, Antispam-Data: 2006.8.8.234932 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CP_MEDIA_BODY 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __STOCK_CRUFT 0' Subject: Re: BSDstats Project v2.0 ... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2006 07:08:50 -0000 On Aug 8, 2006, at 5:30 PM, Marc G. Fournier wrote: > On Wed, 9 Aug 2006, Antony Mawer wrote: > >> On 9/08/2006 9:16 AM, Marc G. Fournier wrote: >>>> Can you tell me exactly what you do with those two pieces of >>>> data? Is there any way that information would be accessible >>>> from the internet? >>> Absolutely nothing else we do with it ... it just gives us a >>> unique key to work with ... in fact, assuming each of your >>> servers use a different IP, there is no reason you couldn't do >>> the uname trick above to hide the hostname ... >>> Unless someone breaks into the server, or database, somehow, the >>> data isn't accessible ... >> >> What if we improved upon this - if instead of storing the hostname >> and IP address, we stored a one-way hash of this information? >> OpenSSH in recent versions takes the same approach with its >> authorized_keys files... > > Could create problems long term .. one thing I will be using the > IPs to do is: > > SELECT ip, count(1) FROM systems GROUP BY ip ORDER BY count DESC; > > to look for any 'abnormalities' like todays with Armenia ... > > hashing it would make stuff like that fairly difficult ... > > ---- > Marc G. Fournier Hub.Org Networking Services (http:// > www.hub.org) > Email . scrappy@hub.org MSN . > scrappy@hub.org > Yahoo . yscrappy Skype: hub.org ICQ . 7615664 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" Yes, that's true particularly if the server's were all the same hardware type and the software was compiled at the same time. Maybe my CPUID suggestion would come in handy? Also, maybe that person from Armenia installed the script in a distribution that's included in a virtual image (vmware comes to mind), and he's loading it on a bunch of different machines behind a (virtual) NAT or something... just a thought to consider. -Garrett