For those interested in the RFC's.. :)
[RFC1032] - Stahl, M., "Domain Administrators Guide", RFC 1032, November 1987.
[RFC1033] - Lottor, M., "Domain Administrators Operations Guide", RRFC
1033, November 1987.
[RFC1034] - Mockapetris, P., "Domain Names - Concepts and Facilities", STD
13, RFC 1034, November 1987.
At 08:34 PM 7/11/00 -0400, Paul D. Robertson wrote:
>On Tue, 11 Jul 2000 [EMAIL PROTECTED] wrote:
>
> > If the information is available in DNS it can be easily extracted using
> > reverse mapping so disabling Zone Transfers doesn't really accomplish
> > anything.
>
>That assumes (a) that you consistantly apply PTR records, (b) don't rely
>on virtual hosting and (c) that all of your network numbers are easily
>enumeratable.
>
>Back when I built dual-homed sites, I used to like to BGP an address block
>from each provider under a different ASN and dual-address NICs so that one
>set of addresses would be for public stuff and a completely different
>non-published set would be for non-public stuff. I never put in reverses
>for the private block and only a very small number of people even knew the
>addresses existed (using proxies makes that pretty easy to hid from
>lusers.) The biggest problem was making sure nobody handed out the wrong
>set of Visio diagrams in meetings.
>
>Paul
>-----------------------------------------------------------------------------
>Paul D. Robertson "My statements in this message are personal opinions
>[EMAIL PROTECTED] which may have no basis whatsoever in fact."
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
