Educause Security Discussion mailing list archives
Re: Domain Name Database and Bulldog Firewall
From: Ted Frohling - NTS <tsf () MS TELCOM ARIZONA EDU>
Date: Thu, 4 May 2006 15:25:34 -0700
Mark Wilson wrote:
I realize this is publically available information anyone can harvest. My concern is now the information is even more public and accessible. Some useful information (to a hacker) can be inferred from a DNS name.
Well yes, let's see. tsf@opus:~$ host auburn.edu auburn.edu has address 131.204.2.251 auburn.edu mail is handled by 10 im4.duc.auburn.edu. auburn.edu mail is handled by 10 im1.duc.auburn.edu. auburn.edu mail is handled by 10 im2.duc.auburn.edu. auburn.edu mail is handled by 10 im3.duc.auburn.edu. tsf@opus:~$ host 131.204.2.250 Host 250.2.204.131.in-addr.arpa not found: 3(NXDOMAIN) tsf@opus:~$ host 131.204.2.249 Host 249.2.204.131.in-addr.arpa not found: 3(NXDOMAIN) tsf@opus:~$ host 131.204.2.252 Host 252.2.204.131.in-addr.arpa not found: 3(NXDOMAIN) tsf@opus:~$ host 131.204.2.1 Host 1.2.204.131.in-addr.arpa not found: 3(NXDOMAIN) tsf@opus:~$ host 131.204.2.2 2.2.204.131.in-addr.arpa domain name pointer d1.duc.auburn.edu. What can I glean from duc.auburn.edu. Actually, don't know, but I bet by looking at your web pages, I will find a wealth of information that could be useful. The point is, this _is_ way the internet works. Now what's really scary is the penchant for county, state and city governments putting their property information on the web, using GIS so that I might be able to go to some Lee County web site and with your name find out where you live, what your house is worth, how much you paid in taxes, find out what your neighbors paid and how close you are to them with the escape routes from a nice aerial view when I want to do you harm. ted
amesbury () OITSEC UMN EDU 05/04/06 1:08 PM >>>Mark Wilson wrote:This is interesting and a bit concerning... http://tanaya.net/dns/It looks like it's DNS data and, from the very small sample I've examined, not entirely accurate data at that. My guess is that it hasn't been updated in a while. The interesting part is the fact that some RFC1918 address space (specifically 172.16.63.x) is included, suggesting that someone's RFC1918 address traffic is leaking to where it shouldn't be. Guess those egress filters aren't working quite as expected. :-) Anyway, since this appears to be information pretty much anyone could compile over time, not to mention the fact that it's DNS lookups, what about it is cause for concern? -- Alan Amesbury University of Minnesota
-- Ted Frohling (TF30-ARIN) The University of Arizona 520.621.4834 Assistant Director CCIT Room 114 tsf-at-Arizona-dot-EDU Network Technology Solutions PO Box 210073 www.Telcom.Arizona.EDU/tsf Tucson, AZ 85721-0073
Current thread:
- Domain Name Database and Bulldog Firewall Mark Wilson (May 04)
- <Possible follow-ups>
- Re: Domain Name Database and Bulldog Firewall Alan Amesbury (May 04)
- Re: Domain Name Database and Bulldog Firewall Graham Toal (May 04)
- Re: Domain Name Database and Bulldog Firewall Mark Wilson (May 04)
- Re: Domain Name Database and Bulldog Firewall Graham Toal (May 04)
- Re: Domain Name Database and Bulldog Firewall Ted Frohling - NTS (May 04)
- Re: Domain Name Database and Bulldog Firewall Jeni Li (May 04)
- Re: Domain Name Database and Bulldog Firewall Cal Frye (May 04)
- Re: Domain Name Database and Bulldog Firewall Gary Flynn (May 05)