Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DNS is up!
- To: tlug@example.com
- Subject: Re: DNS is up!
- From: Matt Doughty <mdoughty@example.com>
- Date: Fri, 1 Jun 2001 17:28:57 +0900
- Content-Disposition: inline
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain; charset=us-ascii
- In-Reply-To: <F11vgGVc2xeNVU7kNWx0001a13c@example.com>; from jean_christian@example.com on Fri, Jun 01, 2001 at 08:12:14AM -0000
- References: <F11vgGVc2xeNVU7kNWx0001a13c@example.com>
- Reply-To: tlug@example.com
- Resent-From: tlug@example.com
- Resent-Message-ID: <XcGorD.A.jRF.fJ1F7@example.com>
- Resent-Sender: tlug-request@example.com
- User-Agent: Mutt/1.2.4i-jp0
On Fri, Jun 01, 2001 at 08:12:14AM -0000, Jean-Christian Imbeault wrote: > >Reality check: assuming that you are, in fact, designing and building >this > >for a production environment ... do you _really_ think it's a >good idea to > >be discussing at this level of detail in a public forum? > > Point well taken. But this is a DNS server for a local LAN. It shouldn't be > accessible from the Internet. It's behind a firewall and on a private LAN > using private IP addresses. None of the entries I will be putting in this > DNS server will be registered anywhere. > > True that my knowledge of security is very low but I thought that this was > enough to make any information I gave out pretty much useless. Umm... this is actually completely untrue. You see you are relying on the theory that a firewall plus a private address makes you invulnerable. This is patently false. If your network is connected to internet in anyway. Which I was under the impression it is rather directly connected since you can talk to the ISP DNS servers directly then you are vulnerable to an attack. (see below) > > How is someone going to get in? None of the domains I gave are registered > anywhere and all the IPs are in the private range. You give out information that lets people know how you layout your internal network. This lets people know what they would be dealing with once they got on the inside. All it takes is someone getting inside a box that is dual homed ie the FW, and you just made things easier for them. > > But if I am in fact sayign too much please let me know! (and if possible let > me know why just so I can understand my blunder and hopefully learn from > it). Its rather simple never give out more information than you have to. You may think you are safe, but the more information you give out the more risks you open yourself to. Consider all open forums to have potential lurking black hats. rule of thumb: speak in abstractions(no ips etc) and only ask questions when you have exhausted all other information sources. //Matt
- References:
- Re: DNS is up!
- From: "Jean-Christian Imbeault" <jean_christian@example.com>
- Re: DNS is up!
- Prev by Date: Re: DNS is up!
- Next by Date: Re: DNS forward question
- Prev by thread: Re: DNS is up!
- Next by thread: Re: RedHat Disk Dangers? [was: Linux and ADSL]
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |