Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Fwbuilder-discussion] Should FW have DNS name?

from [ted creedon] Network Security [Permanent Link]
Subject: RE: [Fwbuilder-discussion] Should FW have DNS name?
Date: Tue, 13 Jun 2006 10:27:34 -0700 
One must remember that the hackers use automated software that is primarily
fixed IP based.

I have several routable DHCP IP addresses that are not in DNS and each
firewall is scanned about the same way.

tedc

-----Original Message-----
From: fwbuilder-discussion-bounces@lists.sourceforge.net
[mailto:fwbuilder-discussion-bounces@lists.sourceforge.net] On Behalf Of Sam
Baskinger
Sent: Tuesday, June 13, 2006 8:16 AM
To: Nigel Stepp
Cc: Bob Radvanovsky; firewalls@securityfocus.com;
fwbuilder-discussion@lists.sourceforge.net; Ralph Forsythe; Bill Smith
Subject: Re: [Fwbuilder-discussion] Should FW have DNS name?

Steve Bellovin, Bill Cheswick, and Angelos Keromytis put together a
paper talking about how worms in IPv6 land would have several good
heuristics by which to find targets.

http://www.sagecertification.org/publications/login/2006-02/pdfs/bellovin.pd
f

I agree with Nigel if we constrain ourselves to IPv4, but hiding key
servers by not defining a DNS entry might be of greater gain when our
address space becomes more sparsely populated and quite intractable to
exhaustively scan.

Btw, just to be full about disclosure 'n such, Bill Cheswick works for
Lumeta Corporation as do I. Hope you like the paper! :)

Sam


Nigel Stepp wrote:

Ralph Forsythe wrote:

I think even something like 'goaway.domain.com' isn't necessarily good,
since in an effort to hide what it is, you've still told them it's
something they want to play with.


One must remember, however, that anyone looking to break into your
network will probably not be looking at hostnames a priori anyway.
Things will most likely start with a scan of an IP block, then
traceroute or similar will tell you what's up front.

As others have said, an A record for your firewall should be perfectly
safe.  I even think a PTR record would do little to no harm.

You still have to make sure your firewall is secure, of course; but no
more than if you didn't have a name in DNS.





_______________________________________________
Fwbuilder-discussion mailing list
Fwbuilder-discussion@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  problem with nac l2 ip configuration, nac
Next by Date:  Copy private key VPN 3030, Angel Alonso Párrizas
Previous by Thread:  Re: Should FW have DNS name?, Sam Baskinger
Next by Thread:  Should FW have DNS name?, Bill Smith
Indexes:  [Date] [Thread] [Top] [All Lists]