Security by Obscurity

Posted on April 16, 2010 by Judson Bishop

It kills me. One of our Windows administrators went to class and “learned” that you should not give meaningful names to servers on your network because that would make it too easy for some cracker find his or her way around your network. So now we have no naming structure in the data center.

I guess no one thought to look in DNS. Not to mention that if some cracker is good enough to get in, they probably know what they are doing. At least I was nice enough to make the DNS servers ns1 and ns2 in the output below so that there appeared to be a naming convention.

#!/bin/bash
for I in _kerberos._tcp.circus.org _ldap._tcp.gc._msdcs.circus.org _gc._tcp.circus.org _kpasswd._tcp.circus.org
do
	dig -t SRV $I
done

dig MX circus.org

And the sanitized output.

; <<>> DiG 9.6.1-P2 <<>> -t SRV _kerberos._tcp.circus.org _ldap._tcp.gc._msdcs.circus.org _gc._tcp.circus.org _kpasswd._tcp.circus.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8891
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 6

;; QUESTION SECTION:
;_kerberos._tcp.circus.org.	IN	SRV

;; ANSWER SECTION:
_kerberos._tcp.circus.org. 600	IN	SRV	0 100 88 JD2.CIRCUS.ORG.
_kerberos._tcp.circus.org. 600	IN	SRV	0 100 88 JD1.CIRCUS.ORG.
_kerberos._tcp.circus.org. 600	IN	SRV	0 100 88 n1.CIRCUS.ORG.
_kerberos._tcp.circus.org. 600	IN	SRV	0 100 88 dd1.CIRCUS.ORG.

;; AUTHORITY SECTION:
CIRCUS.ORG.		86400	IN	NS	ns1.CIRCUS.ORG.
CIRCUS.ORG.		86400	IN	NS	ns2.CIRCUS.ORG.

;; ADDITIONAL SECTION:
n1.CIRCUS.ORG.        1200	IN	A	192.168.1.21
dd1.CIRCUS.ORG.	      1200	IN	A	192.168.1.55
JD2.CIRCUS.ORG.	      1200	IN	A	192.168.1.54
JD1.CIRCUS.ORG.	      1200	IN	A	192.168.1.53
ns1.CIRCUS.ORG.		259200	IN	A	192.168.1.64
ns2.CIRCUS.ORG.		259200	IN	A	192.168.1.65

;; Query time: 0 msec
;; SERVER: 192.168.1.65#53(192.168.1.65)
;; WHEN: Fri Apr 16 09:23:11 2010
;; MSG SIZE  rcvd: 315

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1687168
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 6

;; QUESTION SECTION:
;_ldap._tcp.gc._msdcs.circus.org. IN	SRV

;; ANSWER SECTION:
_ldap._tcp.gc._msdcs.circus.org. 600 IN SRV	0 1 3268 dd1.CIRCUS.ORG.
_ldap._tcp.gc._msdcs.circus.org. 600 IN SRV	0 100 3268 JD2.CIRCUS.ORG.
_ldap._tcp.gc._msdcs.circus.org. 600 IN SRV	0 100 3268 JD1.CIRCUS.ORG.
_ldap._tcp.gc._msdcs.circus.org. 600 IN SRV	0 100 3268 n1.CIRCUS.ORG.

;; AUTHORITY SECTION:
CIRCUS.ORG.		86400	IN	NS	ns2.CIRCUS.ORG.
CIRCUS.ORG.		86400	IN	NS	ns1.CIRCUS.ORG.

;; ADDITIONAL SECTION:
n1.CIRCUS.ORG.        1200	IN	A	192.168.1.21
dd1.CIRCUS.ORG.	      1200	IN	A	192.168.1.55
JD2.CIRCUS.ORG.	      1200	IN	A	192.168.1.54
JD1.CIRCUS.ORG.	      1200	IN	A	192.168.1.53
ns1.CIRCUS.ORG.		259200	IN	A	192.168.1.64
ns2.CIRCUS.ORG.		259200	IN	A	192.168.1.65

;; Query time: 0 msec
;; SERVER: 192.168.1.65#53(192.168.1.65)
;; WHEN: Fri Apr 16 09:23:11 2010
;; MSG SIZE  rcvd: 321

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19296
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 6

;; QUESTION SECTION:
;_gc._tcp.circus.org.		IN	SRV

;; ANSWER SECTION:
_gc._tcp.circus.org.	600	IN	SRV	0 100 3268 dd1.CIRCUS.ORG.
_gc._tcp.circus.org.	600	IN	SRV	0 100 3268 JD2.CIRCUS.ORG.
_gc._tcp.circus.org.	600	IN	SRV	0 100 3268 JD1.CIRCUS.ORG.
_gc._tcp.circus.org.	600	IN	SRV	0 100 3268 n1.CIRCUS.ORG.

;; AUTHORITY SECTION:
CIRCUS.ORG.		86400	IN	NS	ns1.CIRCUS.ORG.
CIRCUS.ORG.		86400	IN	NS	ns2.CIRCUS.ORG.

;; ADDITIONAL SECTION:
n1.CIRCUS.ORG.        1200	IN	A	192.168.1.21
dd1.CIRCUS.ORG.	      1200	IN	A	192.168.1.55
JD2.CIRCUS.ORG.	      1200	IN	A	192.168.1.54
JD1.CIRCUS.ORG.	      1200	IN	A	192.168.1.53
ns1.CIRCUS.ORG.		259200	IN	A	192.168.1.64
ns2.CIRCUS.ORG.		259200	IN	A	192.168.1.65


;; Query time: 0 msec
;; SERVER: 192.168.100.65#53(192.168.100.65)
;; WHEN: Fri Apr 16 09:23:11 2010
;; MSG SIZE  rcvd: 309

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 790
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 6

;; QUESTION SECTION:
;_kpasswd._tcp.circus.org.	IN	SRV

;; ANSWER SECTION:
_kpasswd._tcp.circus.org. 600	IN	SRV	0 100 464 JD1.CIRCUS.ORG.
_kpasswd._tcp.circus.org. 600	IN	SRV	0 100 464 n1.CIRCUS.ORG.
_kpasswd._tcp.circus.org. 600	IN	SRV	0 100 464 dd1.CIRCUS.ORG.
_kpasswd._tcp.circus.org. 600	IN	SRV	0 100 464 JD2.CIRCUS.ORG.

;; AUTHORITY SECTION:
CIRCUS.ORG.		86400	IN	NS	ns1.CIRCUS.ORG.
CIRCUS.ORG.		86400	IN	NS	ns2.CIRCUS.ORG.

;; ADDITIONAL SECTION:
n1.CIRCUS.ORG.        1200	IN	A	192.168.1.21
dd1.CIRCUS.ORG.	      1200	IN	A	192.168.1.55
JD2.CIRCUS.ORG.	      1200	IN	A	192.168.1.54
JD1.CIRCUS.ORG.	      1200	IN	A	192.168.1.53
ns1.CIRCUS.ORG.		259200	IN	A	192.168.1.64
ns2.CIRCUS.ORG.		259200	IN	A	192.168.1.65

;; Query time: 0 msec
;; SERVER: 192.168.1.65#53(192.168.1.65)
;; WHEN: Fri Apr 16 09:23:11 2010
;; MSG SIZE  rcvd: 314


; <<>> DiG 9.6.1-P2 <<>> MX circus.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 446
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;circus.org.			IN	MX

;; ANSWER SECTION:
circus.org.		259200	IN	MX	11 dd.circus.org.

;; AUTHORITY SECTION:
circus.org.		259200	IN	NS	ns2.circus.org.
circus.org.		259200	IN	NS	ns1.circus.org.

;; ADDITIONAL SECTION:
dd.circus.org.		259200	IN	A	192.168.1.66
ns1.circus.org.		259200	IN	A	192.168.1.64
ns2.circus.org.		259200	IN	A	192.168.1.65

;; Query time: 0 msec
;; SERVER: 192.168.1.65#53(192.168.1.65)
;; WHEN: Fri Apr 16 09:23:11 2010
;; MSG SIZE  rcvd: 130
This entry was posted in Linux, Thoughts. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s