[unisog] no-ip.com etc.

Schumann, Alex Alex.Schumann at oregonstate.edu
Fri Oct 24 23:05:09 GMT 2003


> I'm am still curious what others may be doing 
> about detecting/controlling host's use of dynamic DNS
> client apps? I suppose this is a bottom of the barrel
> issue for most-- but--hey not one to lose an opportunity
> and turn this initially misguided post around to something
> somewhat productive....

We have a similar policy against doing that here.. However I have never understood it. What is to stop someone from registering your IP who isn't you? Its sort of like trying to make other websites not link to your website, or trying to keep someone from posting your phone number on bathroom walls. You really have no control over what other party's do with their dns servers/webpages/markers, and while your IP may be registered to you in ARPA the string itself does not belong to you (in the copyright/trademark sense.) It seems a bit screeched to charge the student, you'd be hard pressed to even prove it was them who did it (not that anyone else would.. But they could..)

Further.. Why do you care? If you don't want any services to be hosted, don't open any ports. I know many people who use dyndns.org simply so they can terminal service to their computer if they need info from it while away. This is against your policy? If you are only worried about them hosting warez sites, you can easily identify that with bandwidth monitoring.

Where is the rub? (:

       Alex Schumann              
                                  
     I.S. Developer/Administrator   ZZZzz    |\      _,,,---,,_
     -Housing & Dining Services          z   /,`.-'`'    -.  ;-;;,_.
     -Residential Network                 zz|,4-  ) )-,_. ,\ (  `'-'
     Oregon State University               '---''(_/--'  `-'\_) 
     http://uhds.oregonstate.edu  
     http://uhds.oregonstate.edu/resnet

-----Original Message-----
From: Ben Curran [mailto:bdc1 at humboldt.edu] 
Sent: Friday, October 24, 2003 3:30 PM
To: Peter Moody; unisog at sans.org
Cc: unisog at sans.org
Subject: Re: [unisog] no-ip.com etc.


Oops.

The dynamic IP service can't/won't allow anyone to circumvent existing 
inbound/outbound port blocks to smtp or others (SYN) if correctly configured. :-) 

I think I hit <send> too soon, after the "shock and awe" of finding some tunnled 
Gnutella clients getting around ACL's and coincidentally querying campus DNS for  
no-ip.com hosts, and seeing that our very own campus students are also using no- ip.com to register their IP addy's. My apologies for the knee jerk, but sometimes I just 
get too protective!

But since "we're" on the subject----I'm am still curious what others may be doing 
about detecting/controlling host's use of dynamic DNS client apps? I suppose this is 
a bottom of the barrel issue for most-- but--hey not one to lose an opportunity and 
turn this intially misguided post around to something somewhat productive....


Ben Curran


  On 24 Oct 2003 at 12:13, Peter Moody wrote:

> I'm a little confused.  How does a student registering their ip 
> address with a dynamic dns provider allow them to circumvent your smtp 
> restrictions?
> 
> do you mean inbound smtp or outbound smtp?
> 
> 
> On Fri, 2003-10-24 at 11:48, Ben Curran wrote:
> > What are others doing about the management of students registering 
> > for off-campus dynamic DNS services that permit them to circumvent 
> > campus restrictions to port 25, and hosting servers? Services such 
> > as no-ip.com, DynDNS.org or TZO.com I suppose could be managed at 
> > the DNS level, but how about at the router acl level?
> 
> -- 
> Peter Moody                             <peter at ucsc.edu>
> Information Security Administrator      831/459.5409
> Communications and Technology Services. http://mustard.ucsc.edu/pubkey 
> UC, Santa Cruz. :wq


-- ¥«¤»§«¤»¥««¤»§«¤»¥«¤»§«¤»¥
Network Specialist
Humboldt State University 
Telecommunications & Network Services 
Phone: 707.826.5000 fax: 707.826.6161 
pgp key-- 2048/1024, 0x619015B2
ldap://keyserver.pgp.com
¥«¤»§«¤»¥««¤»§«¤»¥«¤»§«¤»¥



More information about the unisog mailing list