PaulDotCom mailing list archives

DNS access from DMZ

From: mike.patterson at unb.ca (Mike Patterson)
Date: Mon, 01 Dec 2008 13:37:21 -0500

Paul Asadoorian wrote on 12/1/08 1:32 PM:

So my next idea is just to create hosts file entries in each DMZ web server.


That could work, however if I compromise any system I will be able to
see a list of all the other hosts.


Assuming your hosts file is well-maintained.  :(  Ours generally is,
but...  If you compromise any system, you could maybe just try a zone
dump.  (So don't allow that even from internal hosts, but how many do?)

You could also get the same information passively, although it'll take
longer so you're at least raising the bar.

But even if you don't know the hostnames, once you've compromised a
system on the inside, you can start to make intelligent guesses (based
on netmasks) how many others to look for.

Mike

Current thread:

DNS access from DMZ Albert R. Campa (Dec 01)
- DNS access from DMZ Paul Asadoorian (Dec 01)
  - DNS access from DMZ Mike Patterson (Dec 01)
    - DNS access from DMZ Tim Krabec (Dec 01)
    - DNS access from DMZ Albert R. Campa (Dec 01)
    - DNS access from DMZ Arch Angel (Dec 01)