Questions about unresolvable IP addresses - Page 2

View Poll Results: AO Security Poll : Make Your Vote Count!

Voters
13. You may not vote on this poll
  • Memories and Wet Dreams

    2 15.38%
  • Smelly Humans

    4 30.77%
  • Hic! I'm Drunk

    4 30.77%
  • I Have No Life

    3 23.08%
Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Questions about unresolvable IP addresses

  1. #11
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Hi frpeter...interesting post and thread. It makes for good conversation...

    1. Why then is a blanket block on unresolvable IP addresses becoming increasingly popular?
    Where are you getting your information? I'm not familiar with this being a regular practice, but consider it more of an extreme solution to a problem. Kind of like hitting a nail with a thermonuclear warhead.

    2. Any opinions as to why ISP and the like do not atleast use a resolvable in.arpa reverse resolution? Especially considering that large blocks can be written out with a simple bash script?
    Hard to say. Some government systems may intentionally not resolve. Also, and I don't know the regulations over this, but many agencies may intentionally not reverse their IP's for the purpose of client privacy and such. Hard to say.

    I think it comes down to this...blocking unresolvable IPs is an option. So is instituting a white-list, black-list, ACL, etc. But just because some folks consider it an acceptable solution for THEIR situation (and maybe these folks are championing their position for whatever reason) doesn't make it a panacea for YOUR situation. I would certainly consider it a valid option if you had a limited audience for the services being presented.

    For example, my client has an external FTP server specifically for business partners to push and pull (encrypted) data files through. There is a short list of partners who would use this. If we began to see suspicious activity, recon or probe attempts, etc. then instituting a policy like this would probably be a good initial step. Certainly not a complete response, and you have to be mindful of clients being cut off...but its an option.

    Personally, I think I have better ways to spend my time and energy actually solving the problem. My $0.02.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  2. #12
    Senior Member frpeter's Avatar
    Join Date
    Dec 2004
    Posts
    131
    Hello,

    The readings I have been doing as well as what I heard is from internet security groups and educational and government facilities. I already use this method on my email with excellent results. I have been considering this for my web servers as 99% of the harvesters are coming from unresolable IP addresses.

    I see the hits in my web logs, then a day or two later, the emails come. I have been hit with as many as 20,000 emails at once from this tatic. As a small home business, I have tried quite a few methods and definately need something to reduce my load and resources. One particular spam attack put my mail servers with a 5 day backlog of mail with a load of 268 (two hundred and sixty eight).

    Just this last week, I caught a spam company out of France attempting to break into my ftp server. Thus far, my firewall (multilayered) is holding. My greatest concern is vulernbilities on legal services.

    Thank you in advance.

  3. #13
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    you are much better off using SPF for your mail, here. it's easy to set up and you can use the GFI the page references to block.... I have found it to be very effective in the last three months of use.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #14
    Senior Member frpeter's Avatar
    Join Date
    Dec 2004
    Posts
    131
    Hello,

    I have SPF set up, now for about 4 months. MHO, this is an absolute worthless waste of my hard drive as it did and does NOTHING in stopping spam. My SPF filters register 5% of the spam I get, Blocking unresolable IP addresses stops 99% of my spam.

    As an aside on this, I log everything and check constantly to be sure that I am not blocking legal mail. This includes putting all blocked mail into a seperate folder and inspecting on a daily basis.

  5. #15
    Junior Member
    Join Date
    Feb 2004
    Posts
    7
    2. Any opinions as to why ISP and the like do not atleast use a resolvable in.arpa reverse resolution? Especially considering that large blocks can be written out with a simple bash script
    I have client who has a single domain, three sites. three DC's/ The sites are connected with vpn usung private addresses. The public ips to all three sites are not resolveable. DNS is set up this way with a bit of security in mind. Their website is hosted on a different ip and server altogether, as well as mail.

    Just one illustration.

  6. #16
    Senior Member frpeter's Avatar
    Join Date
    Dec 2004
    Posts
    131
    Hello,

    Originally posted here by bumperspoon
    I have client who has a single domain, three sites. three DC's/ The sites are connected with vpn usung private addresses. The public ips to all three sites are not resolveable. DNS is set up this way with a bit of security in mind. Their website is hosted on a different ip and server altogether, as well as mail.

    Just one illustration.
    I use masquerading to hide all my private/internal/web surfing users through a gateway. This gives me a simple reference port that I have DNS entries for while protecting my users. Why wouldn't the same work with your illustration and client?

    IMHO, watching one IP address for security issues would be easier then three. Setting up a small clustered firewall I would think would be a better solution for security as you could use IP rotation of the outbound requests.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides