Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS Names for external services

From: Morty Abzug <morty+fw-wiz () frakir org>
Date: Mon, 26 Apr 2010 19:46:44 -0400
On Fri, Apr 23, 2010 at 12:20:17PM -0700, david () lang hm wrote:


Likewise, if you don't run an FTP server (or CVS, or POP3, or...),
setup DNS records for those pointing to your honeypot. Use it to
respond in anyway you see fit for defense of your network (blocking
the IP, etc).



What happens when one of your legit users says "I wonder if we have an
FTP server?" and tries ftp.$YOURCOMPANY.com just to see if it answers?



if your server is locked down, nothing (other than an additional
failed login)


Re-read above.  GP advocated setting up a honeypot on well-known names
that *blocks* the source IP.  The problem with this is that if
$legit_user of your company/organization says 'hey, I see
"ftp.$mycompany.com" resolves' and tries it, you will block
$legit_user's source IP.

- Morty
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: