[unisog] no-ip.com etc.
Alex.Schumann at oregonstate.edu
Fri Oct 24 23:05:09 GMT 2003
> I'm am still curious what others may be doing
> about detecting/controlling host's use of dynamic DNS
> client apps? I suppose this is a bottom of the barrel
> issue for most-- but--hey not one to lose an opportunity
> and turn this initially misguided post around to something
> somewhat productive....
We have a similar policy against doing that here.. However I have never understood it. What is to stop someone from registering your IP who isn't you? Its sort of like trying to make other websites not link to your website, or trying to keep someone from posting your phone number on bathroom walls. You really have no control over what other party's do with their dns servers/webpages/markers, and while your IP may be registered to you in ARPA the string itself does not belong to you (in the copyright/trademark sense.) It seems a bit screeched to charge the student, you'd be hard pressed to even prove it was them who did it (not that anyone else would.. But they could..)
Further.. Why do you care? If you don't want any services to be hosted, don't open any ports. I know many people who use dyndns.org simply so they can terminal service to their computer if they need info from it while away. This is against your policy? If you are only worried about them hosting warez sites, you can easily identify that with bandwidth monitoring.
Where is the rub? (:
I.S. Developer/Administrator ZZZzz |\ _,,,---,,_
-Housing & Dining Services z /,`.-'`' -. ;-;;,_.
-Residential Network zz|,4- ) )-,_. ,\ ( `'-'
Oregon State University '---''(_/--' `-'\_)
From: Ben Curran [mailto:bdc1 at humboldt.edu]
Sent: Friday, October 24, 2003 3:30 PM
To: Peter Moody; unisog at sans.org
Cc: unisog at sans.org
Subject: Re: [unisog] no-ip.com etc.
The dynamic IP service can't/won't allow anyone to circumvent existing
inbound/outbound port blocks to smtp or others (SYN) if correctly configured. :-)
I think I hit <send> too soon, after the "shock and awe" of finding some tunnled
Gnutella clients getting around ACL's and coincidentally querying campus DNS for
no-ip.com hosts, and seeing that our very own campus students are also using no- ip.com to register their IP addy's. My apologies for the knee jerk, but sometimes I just
get too protective!
But since "we're" on the subject----I'm am still curious what others may be doing
about detecting/controlling host's use of dynamic DNS client apps? I suppose this is
a bottom of the barrel issue for most-- but--hey not one to lose an opportunity and
turn this intially misguided post around to something somewhat productive....
On 24 Oct 2003 at 12:13, Peter Moody wrote:
> I'm a little confused. How does a student registering their ip
> address with a dynamic dns provider allow them to circumvent your smtp
> do you mean inbound smtp or outbound smtp?
> On Fri, 2003-10-24 at 11:48, Ben Curran wrote:
> > What are others doing about the management of students registering
> > for off-campus dynamic DNS services that permit them to circumvent
> > campus restrictions to port 25, and hosting servers? Services such
> > as no-ip.com, DynDNS.org or TZO.com I suppose could be managed at
> > the DNS level, but how about at the router acl level?
> Peter Moody <peter at ucsc.edu>
> Information Security Administrator 831/459.5409
> Communications and Technology Services. http://mustard.ucsc.edu/pubkey
> UC, Santa Cruz. :wq
Humboldt State University
Telecommunications & Network Services
Phone: 707.826.5000 fax: 707.826.6161
pgp key-- 2048/1024, 0x619015B2
More information about the unisog