Re: DNS Names for external services

[Frank Knobbe <frank () knobbe us>]

On Tue, 2010-04-13 at 17:30 -0400, Bruce B. Platt wrote:
> I agree. I also support using non eponymous names.  Rather than
> vpnserver.company.com, something like bart.company.com can be remembered,
> but does not immediately tell anyone what the machine might do.  So a little
> obscurity may help.
>
> Or, make the server as impregnable as possible first, Then give it a name
> people can remember, then watch to see if people try to bust in or
> compromise it.


Or, use "bart" for your legitimate VPN, and point "vpn" to a honeypot
that screams loudly when tickled. That way you are actually deriving a
benefit from it rather than just obscurity. Likewise, if you don't run
an FTP server (or CVS, or POP3, or...), setup DNS records for those
pointing to your honeypot. Use it to respond in anyway you see fit for
defense of your network (blocking the IP, etc).

Regards,
Frank





-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards