Firewall Wizards mailing list archives
Re: DNS Names for external services
From: Morty Abzug <morty+fw-wiz () frakir org>
Date: Mon, 26 Apr 2010 19:46:44 -0400
On Fri, Apr 23, 2010 at 12:20:17PM -0700, david () lang hm wrote:
Likewise, if you don't run an FTP server (or CVS, or POP3, or...), setup DNS records for those pointing to your honeypot. Use it to respond in anyway you see fit for defense of your network (blocking the IP, etc).
What happens when one of your legit users says "I wonder if we have an FTP server?" and tries ftp.$YOURCOMPANY.com just to see if it answers?
if your server is locked down, nothing (other than an additional failed login)
Re-read above. GP advocated setting up a honeypot on well-known names that *blocks* the source IP. The problem with this is that if $legit_user of your company/organization says 'hey, I see "ftp.$mycompany.com" resolves' and tries it, you will block $legit_user's source IP. - Morty _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- DNS Names for external services Behm, Jeff (Apr 13)
- Re: DNS Names for external services Paul D. Robertson (Apr 13)
- Re: DNS Names for external services Carson Gaspar (Apr 14)
- Re: DNS Names for external services Bruce B. Platt (Apr 14)
- Re: DNS Names for external services Frank Knobbe (Apr 22)
- Re: DNS Names for external services Morty (Apr 23)
- Re: DNS Names for external services david (Apr 26)
- Re: DNS Names for external services Morty Abzug (Apr 27)
- Re: DNS Names for external services Frank Knobbe (Apr 27)
- Re: DNS Names for external services Paul D. Robertson (Apr 27)
- Re: DNS Names for external services R. DuFresne (Apr 27)
- Re: DNS Names for external services Andre Lima (Apr 26)
- Re: DNS Names for external services Dave Piscitello (Apr 27)
- Re: DNS Names for external services Paul D. Robertson (Apr 13)
- Re: DNS Names for external services Dave Piscitello (Apr 22)
- Re: DNS Names for external services Paul Melson (Apr 22)
- Re: DNS Names for external services Kent Crispin (Apr 14)