[4329] in WWW Security List Archive
Re: Access Logfile Question
daemon@ATHENA.MIT.EDU (Paul Flores)
Mon Feb 10 19:16:22 1997
Date: Mon, 10 Feb 1997 15:40:25 -0600 (CST)
From: Paul Flores <pflores@phoenix.net>
To: David Murray <dmurray@pdssoftware.com>
cc: Anton J Aylward <anton@the-wire.com>, www-security@ns2.rutgers.edu
In-Reply-To: <199702101628.LAA27086@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 10 Feb 1997, David Murray wrote:
> > There are many services, UUNET's FTP server being just one of them, which
> > will perform
> > reverse DNS to validate requests. If this fails you're out. Tough -
> > that's there policy.
> > The code for this is simple. Many other sites implement this policy. I
> > think its perfectly
> > reasonable and recommend it. If someone can't identify themselves they
> > MAY be a crook.
> > They may also be idiots who don't know what they're doing.
> >
>
> I can't remember where I saw it, but I recently read an
> interesting article about mis-uses of DNS. Several backbone
> organizations put such detail into their host (and gateway and
> router) names, that using nslookup, it possible to physically map
> their network. Not many companies are willing to publish such vital
> corporate information, yet this is a perfectly reasonable and
> accepted policy for DNS. Personally, I don't feel the need to
> publish host names for every PC we have connected to the Internet.
> Is this wrong? I don't know. Can I ftp to uunet? No, but there are
> other mirrors with the same information. While reverse lookup may be
> reasonable, its not common.
>
What is wrong with setting the reverse DNS to = the IP address? No information
is given out then, and you still have access to everything.
Paul
"Show me an Ethernet collision and I'll show you a network that
could do with one user fewer" --BOFH
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMv+Vu1+1EJlsVhPxAQGZHAQAlby+WQSldWOWKQBkX1B8xdNkUypw0922
/E25mNiqzR0ecOa1n0xfGPmLLEGQe/0lAdY2o64907Kd27/AwFlDyfE1yugoprrk
puPlRAqM9juSZ6us7zptYLSWKWkEE/AEZHAdklXa+BaY4gQDz0XA6gfGabWh3/Y9
NzkQlDmBi+g=
=2BhE
-----END PGP SIGNATURE-----
