Firewalls: Re: living with reverse DNS lookups

Firewalls
(January 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: living with reverse DNS lookups
From:	Alexander Dupuy <dupuy @ cs . columbia . edu>
Date:	Wed, 26 Jan 94 19:44:44 EST
To:	smb @ research . att . com
Cc:	p-pomes @ uiuc . edu, firewalls @ greatcircle . com
In-reply-to:	Your message of Mon, 17 Jan 94 11:25:32 EST
Reply-to:	dupuy @ cs . columbia . edu

> Yes and no.  The DNS data is a potent source of information for
> industrial espionage.  It's also useful to hackers for target selection.

Of course, things like hostnames already leak out every day (have you looked at
the Received: headers on mail?) so it's not clear that DNS is really opening
you up that much.  The only information that serves no functional purpose and
gives crackers useful information is the DNS HINFO data (although similar
information is often available in Received: headers as well).  Of course, with
hostnames like mac1, joes-pc, etc. the HINFO data isn't giving away anything
too obvious either.

A question - how many people who install separate DNS external and internal
servers also modify the MTA on the bastion host to strip out all Received:
headers on outgoing mail?  I suspect that very few do this.

@alex

Follow-Ups:

Re: living with reverse DNS lookups
From: tom_limoncelli @ Warren . MENTORG . COM (Tom Limoncelli)
Re: living with reverse DNS lookups
From: Christopher Klaus <cklaus @ shadow . net>

Indexed By Date	Previous:	Re: TALK - any known problems with allowing access from the outside From: woycke @ mitre . org (Daniel W. Woycke)
Indexed By Date	Next:	Re: living with reverse DNS lookups From: Christopher Klaus <cklaus @ shadow . net>
Indexed By Thread	Previous:	Re: living with reverse DNS lookups From: langston @ isi . com (Richard Langston x247)
Indexed By Thread	Next:	Re: living with reverse DNS lookups From: Christopher Klaus <cklaus @ shadow . net>