Firewall Wizards mailing list archives

Re: DNS Names for external services

From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 27 Apr 2010 18:07:30 -0400 (EDT)

On Mon, 26 Apr 2010, Morty Abzug wrote:

Re-read above.  GP advocated setting up a honeypot on well-known names
that *blocks* the source IP.  The problem with this is that if
$legit_user of your company/organization says 'hey, I see
"ftp.$mycompany.com" resolves' and tries it, you will block
$legit_user's source IP.


That's not a problem in my book.  Now perhaps your acceptable usage policy 
allows users to connect to anything they can dream up- but every single 
one I've ever written says what resources my users can use, and if they're 
on a fishing trip and they get shut out, then I'm not going to lose any 
sleep over it.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
           Moderator: Firewall-Wizards mailing list
           Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

DNS Names for external services Behm, Jeff (Apr 13)
- Re: DNS Names for external services Paul D. Robertson (Apr 13)
  - Re: DNS Names for external services Carson Gaspar (Apr 14)
  - Re: DNS Names for external services Bruce B. Platt (Apr 14)
    - Re: DNS Names for external services Frank Knobbe (Apr 22)
    - Re: DNS Names for external services Morty (Apr 23)
    - Re: DNS Names for external services david (Apr 26)
    - Re: DNS Names for external services Morty Abzug (Apr 27)
    - Re: DNS Names for external services Frank Knobbe (Apr 27)
    - Re: DNS Names for external services Paul D. Robertson (Apr 27)
    - Re: DNS Names for external services R. DuFresne (Apr 27)
    - Re: DNS Names for external services Andre Lima (Apr 26)
    - Re: DNS Names for external services Dave Piscitello (Apr 27)
- Re: DNS Names for external services Paul Melson (Apr 14)
  - Re: DNS Names for external services Dave Piscitello (Apr 22)
    - Re: DNS Names for external services Paul Melson (Apr 22)
- Re: DNS Names for external services Henri Salo (Apr 14)
  - Re: DNS Names for external services Kent Crispin (Apr 14)
- Re: DNS Names for external services Jim Seymour (Apr 14)
  - Re: DNS Names for external services John Morrison (Apr 14)

(Thread continues...)