Firewalls: Re: living with reverse DNS lookups

Firewalls
(January 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: living with reverse DNS lookups
From:	wadlow @ tw . com (Tom Wadlow)
Date:	Thu, 27 Jan 94 08:16:06 PST
To:	dupuy @ cs . columbia . edu
Cc:	firewalls @ greatcircle . com

    Date: Wed, 26 Jan 94 19:44:44 EST
    From: Alexander Dupuy <dupuy @
 cs .
 columbia .
 edu>

    > Yes and no.  The DNS data is a potent source of information for
    > industrial espionage.  It's also useful to hackers for target selection.

    Of course, things like hostnames already leak out every day (have you looked at
    the Received: headers on mail?) so it's not clear that DNS is really opening
    you up that much.

Sure it does.  It makes the information about hostnames *vastly* cheaper to
get.  If somebody's got to find it by extracting it from mail headers, they've
got to do a lot more work to get hostnames (and more still to get
IP addresses).  If the same information is available via DNS, you're
delivering it to them at wholesale prices.  --Tom

Indexed By Date	Previous:	Re: living with reverse DNS lookups From: tom_limoncelli @ Warren . MENTORG . COM (Tom Limoncelli)
Indexed By Date	Next:	Re: living with reverse DNS lookups From: Brent Chapman <brent @ mycroft . GreatCircle . COM>
Indexed By Thread	Previous:	Re: living with reverse DNS lookups From: tom_limoncelli @ Warren . MENTORG . COM (Tom Limoncelli)
Indexed By Thread	Next:	Re: living with reverse DNS lookups From: Brent Chapman <brent @ mycroft . GreatCircle . COM>