As part of Cyber-Security Awareness month, one of our readers sent us an extract from their firewall logs. The events of interest where a regular pattern of internal hosts making DNS requests to a few hosts at iana.org.
So in other words, thousands of outbound DNS Requests to internet hosts that aren't in any DNS or DHCP configuration inside the organization. What gives? While reverse DNS zones have great applications for penetration testers, they are also *very* desirable for a lot of "legit" reasons:
What other "sysadmin" uses do you routinely use reverse DNS for? Please let us know using our comment form.
=============== |
Rob VandenBrink 577 Posts ISC Handler Oct 18th 2013 |
Thread locked Subscribe |
Oct 18th 2013 8 years ago |
Create empty rDNS zones for bogons that you *aren't* using as well, thus being a good netizen and not making useless DNS queries to the root servers.
http://www.team-cymru.org/Services/Bogons/ |
Anonymous |
Quote |
Oct 18th 2013 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!