[4364] in WWW Security List Archive
Re: Access Logfile Question
daemon@ATHENA.MIT.EDU (Christopher Petrilli)
Tue Feb 11 18:26:54 1997
Date: Tue, 11 Feb 1997 14:21:00 -0500
To: dmurray@pdssoftware.com, Anton J Aylward <anton@the-wire.com>
From: petrilli@uol.com (Christopher Petrilli)
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
At 11:28 AM 2/10/97 -0500, David Murray wrote:
>I can't remember where I saw it, but I recently read an
>interesting article about mis-uses of DNS. Several backbone
>organizations put such detail into their host (and gateway and
>router) names, that using nslookup, it possible to physically map
>their network. Not many companies are willing to publish such vital
>corporate information, yet this is a perfectly reasonable and
>accepted policy for DNS. Personally, I don't feel the need to
>publish host names for every PC we have connected to the Internet.
>Is this wrong? I don't know. Can I ftp to uunet? No, but there are
>other mirrors with the same information. While reverse lookup may be
>reasonable, its not common.
I will only say that it's simply something to try and make sure people are
who they say they are. Having said THAT, the solution I use is to assign
nonsense names ot everything, or names which are obvious, like:
155.0.55.1 -> H-155-0-55-1.bigcompany.com
What could anyone gain from THAT?
Chris
--
| Christopher Petrilli http://www.uol.com
| petrilli@uol.com
