[4324] in WWW Security List Archive
Re: Access Logfile Question
daemon@ATHENA.MIT.EDU (David Murray)
Mon Feb 10 14:15:36 1997
From: "David Murray" <dmurray@pdssoftware.com>
To: Anton J Aylward <anton@the-wire.com>
Date: Mon, 10 Feb 1997 11:28:48 -0500
Reply-To: dmurray@pdssoftware.com
CC: www-security@ns2.rutgers.edu
In-reply-to: <3.0.32.19970209090940.0097b98c@the-wire.com>
Errors-To: owner-www-security@ns2.rutgers.edu
> There are many services, UUNET's FTP server being just one of them, which
> will perform
> reverse DNS to validate requests. If this fails you're out. Tough -
> that's there policy.
> The code for this is simple. Many other sites implement this policy. I
> think its perfectly
> reasonable and recommend it. If someone can't identify themselves they
> MAY be a crook.
> They may also be idiots who don't know what they're doing.
>
I can't remember where I saw it, but I recently read an
interesting article about mis-uses of DNS. Several backbone
organizations put such detail into their host (and gateway and
router) names, that using nslookup, it possible to physically map
their network. Not many companies are willing to publish such vital
corporate information, yet this is a perfectly reasonable and
accepted policy for DNS. Personally, I don't feel the need to
publish host names for every PC we have connected to the Internet.
Is this wrong? I don't know. Can I ftp to uunet? No, but there are
other mirrors with the same information. While reverse lookup may be
reasonable, its not common.
David N. Murray | PDS
Sr. Software Analyst | 670 Sentry Parkway
610/828-4294 | Blue Bell, PA 19422
dmurray@pdssoftware.com |
