On Tue, 14 Aug 2001 19:37:31 +0200 (CEST), Tamas Tevesz wrote:
>On Tue, 14 Aug 2001, Aly S.P Dharshi wrote:
>
> > >No there is not. I do not allow the outside world to see internal names.
>
>bullshit. if the ip is visible _by any means_ and i mean _by any
>means_ (and yes, that includes even http-forwarded-for's in my eyes),
>then it's no internal ip anymore.
quite. if he doesn't want to expose the names, he can always do
something simple and dumb, like
12.1.168.192.in-addr.arpa IN PTR h12.example.com
13.1.168.192.in-addr.arpa IN PTR h13.example.com
14.1.168.192.in-addr.arpa IN PTR h14.example.com
15.1.168.192.in-addr.arpa IN PTR h15.example.com
however, he's deep in security-through-obscurity, which is not a
particularly good approach to security. the ip addresses are still
there, and you don't need a successful dns lookup to go after the
actual hosts behind the ip addresses.
richard
