 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On 3/26/2013 12:13 PM, Chris O'Connell wrote: > Hide is perhaps not the right word. Obscure may be better. A default > DNSENUM will pull the aforementioned names and IP addresses. I would like > to make it so people must know what they're looking for. Tom's description > of "you can view the file if you know it's name, but you can't list the > directory contents" is more or less exactly what I would like to do. If you want to "hide" a host name from external DNS snooping, then you should not put it in DNS at all, but rather configure the /etc/hosts files on all your client machines that you want to know that "secret" (yes, windows machines still have an /etc/hosts file). Could be a problem if you don't have administrative control over all clients (although you could always write up a procedure if you trust your end-users engouh...) Honestly though, if you're going to do that, then you might want to consider running your VPN server on the standard HTTPS port to obscure that machine from port scans. And if you were really paranoid, you would hide your VPN server from port scans even better by using port-knocking. Matt
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
