On Tue, 11 Jul 2000 [EMAIL PROTECTED] wrote:
> If the information is available in DNS it can be easily extracted using
> reverse mapping so disabling Zone Transfers doesn't really accomplish
> anything.
That assumes (a) that you consistantly apply PTR records, (b) don't rely
on virtual hosting and (c) that all of your network numbers are easily
enumeratable.
Back when I built dual-homed sites, I used to like to BGP an address block
from each provider under a different ASN and dual-address NICs so that one
set of addresses would be for public stuff and a completely different
non-published set would be for non-public stuff. I never put in reverses
for the private block and only a very small number of people even knew the
addresses existed (using proxies makes that pretty easy to hid from
lusers.) The biggest problem was making sure nobody handed out the wrong
set of Visio diagrams in meetings.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
