[unisog] no-ip.com etc.

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Oct 24 19:23:01 GMT 2003


On Fri, 24 Oct 2003 11:48:04 PDT, Ben Curran <bdc1 at humboldt.edu>  said:
> What are others doing about the management of students registering for off-campus 
> dynamic DNS services that permit them to circumvent campus restrictions to port 25, 
> and hosting servers? Services such as no-ip.com, DynDNS.org or TZO.com I 
> suppose could be managed at the DNS level, but how about at the router acl level?

If the fact that they happen to have a nameserver entry someplace else is
breaking your campus restriction on port 25, there's something else wrong.

Of course, if they're using dyndns.org to register their hosts, what will happen
is they can then receive *INBOUND* mail directly to their machine, so they can
be the semi-stable 'userid at foo-whatever.dyndns.org' rather than the unstable
'userid at my.dhcp.addr.edu'.  It certainly doesn't make any actual difference
if you're filtering inbound and/or outbound 25.

Are you sure they're not instead tunnelling (ssh or whatever) on some other
port to some other place, and bypassing the restriction that way?

Or are they just doing SMTP AUTH on 587 to some other site's mail server
(like AUTH and 587 were designed for?)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20031024/2e12ee56/attachment-0003.bin


More information about the unisog mailing list