Re: [Full-disclosure] Re: router naming

From: Damian Gerow (dgerow_at_afflictions.org)
Date: 09/03/05

  • Next message: Gerald Holl: "Re: [Full-disclosure] SSH Bruteforce blocking script"
    Date: Sat, 3 Sep 2005 12:54:18 -0400
    To: full-disclosure@lists.grok.org.uk
    
    

    Thus spake luka.research (luka.research@gmail.com) [02/09/05 11:53]:
    : >How about using FIPS-55.
    : > Thanks
    :
    : In my modest opinion I think that with approach like FIPS-55 you can spread
    : precious information .to attackers.
    :
    : e.g: "wich is the major link that connect two city ? ...ok let to see the
    : router name... mhhh interesting..."

    And using a naming scheme that incorporates the cities makes it much, much
    easier to administer. I'd say keep the city names, and secure the router.
    Probably more secure than giving it an obscure name, and leaving it
    unsecured. But this is that pesky secure vs. functional issue that's really
    up to the person making the decision.

    (There are dozens of other options: publish an obscure name in public DNS,
    use a normal name in private DNS, and use a CNAME/TXT/whatever RR in
    internal DNS to map the two...)

    And if you're going to publish LOC records, why not publish HINFO records as
    well?
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Gerald Holl: "Re: [Full-disclosure] SSH Bruteforce blocking script"

    Relevant Pages

    • Re: Confuse about Secure dynamic update
      ... I confuse about secure dyamic update because only authorize ... > clients could register DNS records. ...
      (microsoft.public.win2000.dns)
    • what is a secure dynamic update (dns)
      ... secure dynamic updates and that the owner of the dns record is the computer ... Is that the whole story or is there something else to a 'secure dynamic' ... Why are active directory integrated zones required? ...
      (microsoft.public.windows.server.active_directory)
    • Re: XP can not register using secure updates?
      ... They have set-up an authoritative sub-domain for us called ba.byu.edu which point to our four DNS servers. ... What boggles my mind is that even though the GPO specifies Secure updates only, it only updates DNS if the DNS server accepts secure and insecure updates. ... The question that I have now is this: I've set up the DNS servers to accept only Secure updates to the the DNS. ...
      (microsoft.public.windows.server.dns)
    • Re: Credentials for DDNS registration
      ... who registers the NICs in DNS) to register the adapter IPs in our AD ... Secure DNS updates are authenticated by Kerberos. ... Instead of the website you're using, I suggest to use OEx (Outlook Express ... This is a direct link to the Microsoft Public ...
      (microsoft.public.windows.server.networking)
    • Re: MS DHCP Server and BIND DDNS
      ... I've done some testing and it does work, provided that the dns suffix ... of the machine matches the BIND zone. ... Option 081 is default on Microsoft DHCP. ... btw- BIND does NOT support Microsoft Secure Updates. ...
      (microsoft.public.windows.server.dns)