[unisog] no-ip.com etc.

Ben Curran bdc1 at humboldt.edu
Fri Oct 24 20:30:25 GMT 2003


The dynamic IP service can't/won't allow anyone to circumvent existing 
inbound/outbound port blocks to smtp or others (SYN) if correctly configured. :-) 

I think I hit <send> too soon, after the "shock and awe" of finding some tunnled 
Gnutella clients getting around ACL's and coincidentally querying campus DNS for  
no-ip.com hosts, and seeing that our very own campus students are also using no-
ip.com to register their IP addy's. My apologies for the knee jerk, but sometimes I just 
get too protective!

But since "we're" on the subject----I'm am still curious what others may be doing 
about detecting/controlling host's use of dynamic DNS client apps? I suppose this is 
a bottom of the barrel issue for most-- but--hey not one to lose an opportunity and 
turn this intially misguided post around to something somewhat productive....

Ben Curran

  On 24 Oct 2003 at 12:13, Peter Moody wrote:

> I'm a little confused.  How does a student registering their ip address
> with a dynamic dns provider allow them to circumvent your smtp
> restrictions?
> do you mean inbound smtp or outbound smtp?
> On Fri, 2003-10-24 at 11:48, Ben Curran wrote:
> > What are others doing about the management of students registering for
> > off-campus dynamic DNS services that permit them to circumvent campus
> > restrictions to port 25, and hosting servers? Services such as no-ip.com,
> > DynDNS.org or TZO.com I suppose could be managed at the DNS level, but how
> > about at the router acl level?
> -- 
> Peter Moody                             <peter at ucsc.edu>
> Information Security Administrator      831/459.5409
> Communications and Technology Services. http://mustard.ucsc.edu/pubkey
> UC, Santa Cruz.
> :wq

-- ¥«¤»§«¤»¥««¤»§«¤»¥«¤»§«¤»¥
Network Specialist
Humboldt State University 
Telecommunications & Network Services 
Phone: 707.826.5000 fax: 707.826.6161 
pgp key-- 2048/1024, 0x619015B2

More information about the unisog mailing list