lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: Reverse dns (whether you want it or not)

"TheGesus" wrote in message news:5e70f65305031013083747d7b@...l.gmail.com...
> On this subject (marginally), last year we moved a rather large CIDR
> block from one ISP to another.
>
> The new ISP took it upon themselves to give *ALL* our unused IP
> addresses a bogus reverse lookup in the (general) format of
>
> 10.20.30.40.abc.domain.com
>
> No one asked them to do this (or, at least if they did, they won't
> admit to it), and none of the reverse lookups can be looked up
> "forwardly".
>
> Is this a common practice?  It doesn't seem like a good idea, but the
> ISP insisted it was a "value-added" service.  In my opinion, a dead
> address should remain dead.

  It's common.  ISPs don't want to have to update their DNS records with
every single client that logs on or off their network, that would be a lot
of churn and general overhead for no great purpose.

  Plus it's always good to avoid leaking information.  If a lot of those
machines have firewalls that block ping etc, to present a 'stealthed' low
attack profile to the world, it would be a shame to give away the
information about which IPs were genuinely dead and which were firewalled
off but had live machines behind them to anyone who wanted to look it up in
the DNS.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ