[150220] in North American Network Operators' Group
Re: DNS Attacks
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Sun Feb 19 07:00:28 2012
In-Reply-To: <CAMhuimisRngM_0si_fdWRhcxA-YOMASyzi4XHm-zOE-_uM0+2Q@mail.gmail.com>
From: "Patrick W. Gilmore" <patrick@ianai.net>
Date: Sun, 19 Feb 2012 11:59:22 +0000
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 19, 2012, at 10:59, Ken Gilmour <ken.gilmour@gmail.com> wrote:
> On Feb 18, 2012 10:24 PM, "Robert Bonomi" <bonomi@mail.r-bonomi.com> wrote:
>>
>> Even better, nat to a 'bogon' DNS server -- one that -- regardless of the
>> query -- returns the address of a dedicated machine on your network set up
>> especially for this purpose.
>
> What happens when the client sends a POST from a cached page on the end
> user's machine? E.g. if they post login credentials. Of course, they'll get
> the error page, but then you have confidential data in your logs and now
> you have to protect highly confidential info, at least if you're in europe.
It is possible to configure the web server not to log POSTed info.
--
TTFN,
patrick
