Educause Security Discussion mailing list archives

Re: firewall holes for particular machines

From: Chris Green <cmgreen () UAB EDU>
Date: Wed, 13 May 2009 10:55:37 -0500

There's also the old issue where DNS PTR records are controlled by the owner of the IP Block and not the owner of the 
domain. 2 actually requires a reverse lookup and then another forward lookup to validate that the domain is legit. This 
issue crops up commonly now days with webapps that reinvent ACLs.

-----Original Message-----

2. If the firewall were to check the DNS name for each and every request,
besides slowing your network to a crawl, how easy would it be to spoof and
change the DNS response to the Firewall and therefore manipulate the rules
or even poison the cache of your DNS servers?

Current thread:

firewall holes for particular machines Kevin Shalla (May 13)
- <Possible follow-ups>
- Re: firewall holes for particular machines Chris Schenk (May 13)
- Re: firewall holes for particular machines Brian Kaye (May 13)
- Re: firewall holes for particular machines Di Fabio, Andrea (May 13)
- Re: firewall holes for particular machines F.M. Taylor (May 13)
- Re: firewall holes for particular machines Kevin Wilcox (May 13)
- Re: firewall holes for particular machines Chris Green (May 13)
- Re: firewall holes for particular machines David Gillett (May 13)
- Re: firewall holes for particular machines Gary Flynn (May 13)
- Re: firewall holes for particular machines Megan Carney (May 13)
- Re: firewall holes for particular machines leo song (May 14)
- Re: firewall holes for particular machines Zach Jansen (May 14)
- Re: firewall holes for particular machines Kevin Wilcox (May 14)
- Re: firewall holes for particular machines Megan Carney (May 14)
- Re: firewall holes for particular machines Jason Frisvold (May 15)