subject:"Question about visibility"

Re: Question about visibility

2018-10-25 Thread G.W. Haywood via bind-users


Hi there,

On Thu, 25 Oct 2018, Grant Taylor wrote:

On 10/24/2018 06:15 AM, G.W. Haywood via bind-users wrote:


A server on a non-standard port is often neglected.? Its security may
be less well maintained than one that is intentionally public.


Why and how do you make that correlation?


Years of customers (including a major motor vehicle manufacturer) who
said "The guy that set all this up has left." and "We don't know what
happened to the disc.", and "Oh, we'd forgotten about that one." and...


Are you implying that some people think that because they've taken one
step (moving the port) they may think that they don't need to take other
steps (updating)? ...


No, that was not what I meant to imply at all.


I've always found that moving the port is one of many steps done to
improve security.


As was mentioned by other earlier in the thread.  No argument there, I
do that too - especially for ssh and VPN connections.  But you'd likely
have poor results with a nameserver. :)


The more important steps being stay up to date.


That being the problem.  The |guy left|...|forgotten about it| means
that unless the updating is automatic (and still working - unlikely,
even if it was once) then you more or less have a ticking time-bomb.

Mostly off-topic for this list though.

--

73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-24 Thread Dave Warren


On 2018-10-24 07:24, Timothy Metzinger wrote:
There's no security in obscurity.  Automated port scanners will sweep 
your system in a couple of seconds.


There is *limited* security in obscurity but it's a valid layer. 
Obviously insufficient as an only layer...


As a trivial example, I get orders of magnitude more ESMTP 
authentication attempts against well known/standardized ports 25 and 587 
than non-standard ports that speak the exact same protocol. Last I 
looked, 25 receives substantially more traffic than 587 despite 587 
being the better choice to attack these days.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-24 Thread Grant Taylor via bind-users


On 10/24/2018 07:24 AM, Timothy Metzinger wrote:

There's no security in obscurity.


Obscurity by itself is not security.

Obscurity can be one many layers of security.


Automated port scanners will sweep your system in a couple of seconds.


Yes, automated scanners can scan all the ports on a system.  That also 
functions as a great indicator that the connecting IPs are doing 
something undesirable.


Moving the port is also a good way to avoid a lot of other scanners that 
are simply looking for specific ports.


If nothing else, moving the port will likely reduce the number of 
connections, which in itself likely reduces noise in logs, which helps 
improve the signal to noise ratio of said logs.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-24 Thread Grant Taylor via bind-users


On 10/24/2018 06:15 AM, G.W. Haywood via bind-users wrote:
A server on a non-standard port is often neglected.  Its security may 
be less well maintained than one that is intentionally public.


Why and how do you make that correlation?

Are you implying that some people think that because they've taken one 
step (moving the port) they may think that they don't need to take other 
steps (updating)?


Do you have, or can you point to, data to substantiate this?

I've always found that moving the port is one of many steps done to 
improve security.  The more important steps being stay up to date.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Question about visibility

2018-10-24 Thread John W. Blue

I agree on using non-standard ports as well.

Moving SSH to a non-standard port is a perfect example of how to actually ID 
bad actors.  It follows that any host connecting to 22 is clearly traffic that 
needs to be dropped and blocked.  And if that host is blocked then any other 
connections it would attempt (eg port 80) are also blocked.  I am reluctant to 
say "one and done" but it is pretty close.

Alternatively, using PF on a BSD with this rule:

pass in on $ext_if proto tcp from any to $ext_if port ssh \
flags S/SA keep state \
(max-src-conn-rate 2/120, overload  flush global)

Will only allow 2 connections within two minutes before the host is blacklisted.

John

-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Paul 
Kosinski
Sent: Wednesday, October 24, 2018 11:24 AM
To: bind-users@lists.isc.org
Subject: Re: Question about visibility

Maybe port scanners will find open ports pretty quickly, but I've found that 
using non-standard ports is helpful in reducing traffic, at least.
For example, SSH on port 22 gets lots of SYNs but moving it elsewhere, and 
making 22 totally unresponsive discourages most such attempts. This increases 
security slightly a priori, and may also improve security by simplifying the 
firewall log(s).

When using OpenVPN over UDP, the standard port 1194 can be subject to random 
and/or attack packets. These have to be processed and rejected (since their 
HMACs etc. hopefully won't pass decryption). This won't occur in TCP mode, of 
course, but UDP tends to be more efficient, especially since TCP over TCP tends 
to clog up.

P.S. When you come right down to it, *all* computer (software) security is 
"security by obscurity", whether the obscurity of passwords, private keys, etc. 
For example, DES is no longer used because 56-bit keys are no longer obscure 
enough to hide from modern computers.

On Wed, 24 Oct 2018 13:24:41 +
Timothy Metzinger  wrote:

> There's no security in obscurity.  Automated port scanners will sweep 
> your system in a couple of seconds.
> 
> Tim Metzinger
> 
> From: bind-users  on behalf of G.W.
> Haywood via bind-users  Sent: Wednesday, 
> October 24, 2018 12:15:10 PM To: bind-users@lists.isc.org
> Subject: Re: Question about visibility
> 
> Hi there,
> 
> On Wed, 24 Oct 2018, Hardy, Andrew wrote:
> 
> > Further to the original post, as well as not creating a DNS record 
> > and "possibly" adding robot.txt with appropriate content, as 
> > discussed, I presume that if I run the http server on a personally 
> > selected unprivileged port then it is very "unlikely" the site pages 
> > will be indexed/discovered/etc surely?
> >
> > Thoughts?
> 
> A server on a non-standard port is often neglected.  Its security may 
> be less well maintained than one that is intentionally public.
> 
> That's just the sort of thing that criminals are looking for.  They'll 
> probably find it, and then they'll attack it.
> 
> --
> 
> 73,
> Ged.
> ___
> Please visit
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
> s.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b80
> 5cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435%7C1%7C
> 0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSbl
> AfVbLI%3D&reserved=0<https://eur03.safelinks.protection.outlook.co
> m/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&d
> ata=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb4
> 35%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzf
> lLNxc8LyguCF7iSblAfVbLI%3D&reserved=0>
> to unsubscribe from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
> s.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b80
> 5cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435%7C1%7C
> 0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSbl
> AfVbLI%3D&reserved=0<https://eur03.safelinks.protection.outlook.co
> m/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&d
> ata=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb4
> 35%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzf
> lLNxc8LyguCF7iSblAfVbLI%3D&reserved=0>
> 
> Tim Metzinger
> 703.963.3015
> 
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-24 Thread Paul Kosinski

Maybe port scanners will find open ports pretty quickly, but I've found
that using non-standard ports is helpful in reducing traffic, at least.
For example, SSH on port 22 gets lots of SYNs but moving it elsewhere,
and making 22 totally unresponsive discourages most such attempts. This
increases security slightly a priori, and may also improve security by
simplifying the firewall log(s).

When using OpenVPN over UDP, the standard port 1194 can be subject to
random and/or attack packets. These have to be processed and rejected
(since their HMACs etc. hopefully won't pass decryption). This won't
occur in TCP mode, of course, but UDP tends to be more efficient,
especially since TCP over TCP tends to clog up.

P.S. When you come right down to it, *all* computer (software) security
is "security by obscurity", whether the obscurity of passwords, private
keys, etc. For example, DES is no longer used because 56-bit keys are no
longer obscure enough to hide from modern computers.


On Wed, 24 Oct 2018 13:24:41 +
Timothy Metzinger  wrote:

> There's no security in obscurity.  Automated port scanners will sweep
> your system in a couple of seconds.
> 
> Tim Metzinger
> 
> From: bind-users  on behalf of G.W.
> Haywood via bind-users  Sent: Wednesday,
> October 24, 2018 12:15:10 PM To: bind-users@lists.isc.org
> Subject: Re: Question about visibility
> 
> Hi there,
> 
> On Wed, 24 Oct 2018, Hardy, Andrew wrote:
> 
> > Further to the original post, as well as not creating a DNS record
> > and "possibly" adding robot.txt with appropriate content, as
> > discussed, I presume that if I run the http server on a personally
> > selected unprivileged port then it is very "unlikely" the site pages
> > will be indexed/discovered/etc surely?
> >
> > Thoughts?
> 
> A server on a non-standard port is often neglected.  Its security may
> be less well maintained than one that is intentionally public.
> 
> That's just the sort of thing that criminals are looking for.  They'll
> probably find it, and then they'll attack it.
> 
> --
> 
> 73,
> Ged.
> ___
> Please visit
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0>
> to unsubscribe from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0>
> 
> Tim Metzinger
> 703.963.3015
> 
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-24 Thread Timothy Metzinger

There's no security in obscurity.  Automated port scanners will sweep your 
system in a couple of seconds.

Tim Metzinger

From: bind-users  on behalf of G.W. Haywood 
via bind-users 
Sent: Wednesday, October 24, 2018 12:15:10 PM
To: bind-users@lists.isc.org
Subject: Re: Question about visibility

Hi there,

On Wed, 24 Oct 2018, Hardy, Andrew wrote:

> Further to the original post, as well as not creating a DNS record
> and "possibly" adding robot.txt with appropriate content, as
> discussed, I presume that if I run the http server on a personally
> selected unprivileged port then it is very "unlikely" the site pages
> will be indexed/discovered/etc surely?
>
> Thoughts?

A server on a non-standard port is often neglected.  Its security may
be less well maintained than one that is intentionally public.

That's just the sort of thing that criminals are looking for.  They'll
probably find it, and then they'll attack it.

--

73,
Ged.
___
Please visit 
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0>
 to unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=02%7C01%7C%7C0b805cc1bd334bd7ea4808d639aa77ec%7C84df9e7fe9f640afb435%7C1%7C0%7C636759801644561901&sdata=CqjF4k0IMJVEbFnKVPzflLNxc8LyguCF7iSblAfVbLI%3D&reserved=0>

Tim Metzinger
703.963.3015

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-24 Thread G.W. Haywood via bind-users


Hi there,

On Wed, 24 Oct 2018, Hardy, Andrew wrote:


Further to the original post, as well as not creating a DNS record
and "possibly" adding robot.txt with appropriate content, as
discussed, I presume that if I run the http server on a personally
selected unprivileged port then it is very "unlikely" the site pages
will be indexed/discovered/etc surely?

Thoughts?


A server on a non-standard port is often neglected.  Its security may
be less well maintained than one that is intentionally public.

That's just the sort of thing that criminals are looking for.  They'll
probably find it, and then they'll attack it.

--

73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-24 Thread Hardy, Andrew

Further to the original post, as well as not creating a DNS record and
"possibly" adding robot.txt with appropriate content, as discussed, I
presume that if I run the http server on a personally selected unprivileged
port then it is very "unlikely" the site pages will be
indexed/discovered/etc surely?

Thoughts?

Thanks.


On Sun, Oct 21, 2018, 20:32 N6ghost  wrote:

> On Thu, 11 Oct 2018 15:39:55 -0400
> Barry Margolin  wrote:
>
> > In article ,
> >  Dennis Clarke  wrote:
> >
> > > On 10/11/2018 03:21 PM, Leonardo Rodrigues wrote:
> > > > Em 11/10/18 16:13, Barry Margolin escreveu:
> > > >>
> > > >> If you accidentally, or someone else intentionally, create a
> > > >> link to the site that uses the IP and put it on a web page that
> > > >> Google can get to, it will probably find the page.
> > > >>
> > > >>
> > > >
> > > >  robots.txt, on your website root, is your friend. Simply
> > > > deny web crawling on it, and you're (probably) done.
> > > >
> > >
> > > If you believe robots.txt means anything at all.
> >
> > Google is known to obey it, and the question was about avoiding
> > getting your site indexed by Google.
> >
> > Of course, that doesn't mean someone won't find the site on their
> > own. If the link to it is on some other page that isn't blocked by
> > robots.txt, someone might stuble across that page and then click on
> > the link.
> >
> > But if you're mainly worried about someone googling the words that
> > are on your website and Google sending them to the development
> > version instead of the production version, you're pretty safe.
> >
> > Actually, DNS has very little impact on this at all. AFAIK, Google
> > doesn't crawl DNS, it just crawls web pages and follows links. My
> > company's development server is in DNS, and it's not firewalled (we
> > all work from our homes, there's no company network to restrict
> > access with), but I've never heard of anyone accidentally being
> > directed there by Google, because we don't publish links to this
> > server.
> >
>
> robot.txt is suppose to govern whats indexed... not sure how well its
> followed nowadays but thats the process for it.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-21 Thread N6ghost

On Thu, 11 Oct 2018 15:39:55 -0400
Barry Margolin  wrote:

> In article ,
>  Dennis Clarke  wrote:
> 
> > On 10/11/2018 03:21 PM, Leonardo Rodrigues wrote:  
> > > Em 11/10/18 16:13, Barry Margolin escreveu:  
> > >>
> > >> If you accidentally, or someone else intentionally, create a
> > >> link to the site that uses the IP and put it on a web page that
> > >> Google can get to, it will probably find the page.
> > >>
> > >>  
> > > 
> > >      robots.txt, on your website root, is your friend. Simply
> > > deny web crawling on it, and you're (probably) done.
> > >   
> > 
> > If you believe robots.txt means anything at all.  
> 
> Google is known to obey it, and the question was about avoiding
> getting your site indexed by Google.
> 
> Of course, that doesn't mean someone won't find the site on their
> own. If the link to it is on some other page that isn't blocked by 
> robots.txt, someone might stuble across that page and then click on
> the link.
> 
> But if you're mainly worried about someone googling the words that
> are on your website and Google sending them to the development
> version instead of the production version, you're pretty safe.
> 
> Actually, DNS has very little impact on this at all. AFAIK, Google 
> doesn't crawl DNS, it just crawls web pages and follows links. My 
> company's development server is in DNS, and it's not firewalled (we
> all work from our homes, there's no company network to restrict
> access with), but I've never heard of anyone accidentally being
> directed there by Google, because we don't publish links to this
> server.
> 

robot.txt is suppose to govern whats indexed... not sure how well its
followed nowadays but thats the process for it.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-11 Thread Barry Margolin

In article ,
 Dennis Clarke  wrote:

> On 10/11/2018 03:21 PM, Leonardo Rodrigues wrote:
> > Em 11/10/18 16:13, Barry Margolin escreveu:
> >>
> >> If you accidentally, or someone else intentionally, create a link to the
> >> site that uses the IP and put it on a web page that Google can get to,
> >> it will probably find the page.
> >>
> >>
> > 
> >  Â Â Â  robots.txt, on your website root, is your friend. Simply deny web 
> > crawling on it, and you're (probably) done.
> > 
> 
> If you believe robots.txt means anything at all.

Google is known to obey it, and the question was about avoiding getting 
your site indexed by Google.

Of course, that doesn't mean someone won't find the site on their own. 
If the link to it is on some other page that isn't blocked by 
robots.txt, someone might stuble across that page and then click on the 
link.

But if you're mainly worried about someone googling the words that are 
on your website and Google sending them to the development version 
instead of the production version, you're pretty safe.

Actually, DNS has very little impact on this at all. AFAIK, Google 
doesn't crawl DNS, it just crawls web pages and follows links. My 
company's development server is in DNS, and it's not firewalled (we all 
work from our homes, there's no company network to restrict access 
with), but I've never heard of anyone accidentally being directed there 
by Google, because we don't publish links to this server.

-- 
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-11 Thread Dennis Clarke


On 10/11/2018 03:21 PM, Leonardo Rodrigues wrote:

Em 11/10/18 16:13, Barry Margolin escreveu:


If you accidentally, or someone else intentionally, create a link to the
site that uses the IP and put it on a web page that Google can get to,
it will probably find the page.




     robots.txt, on your website root, is your friend. Simply deny web 
crawling on it, and you're (probably) done.




If you believe robots.txt means anything at all.

Dennis

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-11 Thread Leonardo Rodrigues


Em 11/10/18 16:13, Barry Margolin escreveu:


If you accidentally, or someone else intentionally, create a link to the
site that uses the IP and put it on a web page that Google can get to,
it will probably find the page.




    robots.txt, on your website root, is your friend. Simply deny web 
crawling on it, and you're (probably) done.




--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-11 Thread Barry Margolin

In article ,
 Admin Hardy  wrote:

> I realise this is not specifically a BIND/DNS question and a bit off 
> topic so please ignore if need be I realise people are often very busy.
> 
> If you you have a website but the host IP you do not list with any 
> domain name in DNS, is it definite that this site could never be reached 
> via Google.Â  I do not really know the nuts and bolts of how Google gets 
> access to pages.
> 
> If for 'some particular reason' instead of developing a site on a local 
> dev machine on your LAN and then uploading/installing the site to a 
> remote server, you needed 'for what ever reason' to do the development 
> and testing on the final live host accessing it via the ip address, 
> would this be a way to be 'almost certain' of keeping it hidden from 
> unwanted accidental exposure?

If you accidentally, or someone else intentionally, create a link to the 
site that uses the IP and put it on a web page that Google can get to, 
it will probably find the page.

-- 
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-11 Thread Sten Carlsen

Please see below.

On 11/10/2018 18.13, Hardy, Andrew wrote:
> Ok I'm a bit confused.  I have some questions re last post, copied below:
>
> I have done this some time ago, I made sure that there was no link
> from any pages to the new site, 
> ** So the new site (in development) would have no domain name mapped
> in DNS, so it seems unlikely that other sites and pages would have
> links to http://x.x.x.x unless the developer put it there.
Actually I had DNS for this.
>
> Google stayed away until somebody typed the address
> ** You mean typed the IP address? You mean in an actual Google search
> string?
Something in a search string, if this has the address visits from the
bots are next to come. My experience for this and some other cases.
>
>  into the search field, then it was known.
> ** So typing the host IP address as a Google search string would
> (ultimately) in time lead to a Google search string, that could be
> found on the sites web pages, listing pages from the site?
This is my experience. I did this when I wanted the site to be known to
the world.
>
> This is no guarantee of course as mentioned in other place but it
> worked for about 6 months.
> ** Ok, so even if you don't formally register / index (or what ever it
> is) your site on Google, if you use it's IP in a search string, given
> time it could show up in searches using text that's on its pages?
Time in this case is days or less.

There are also bots that search random IP addresses for content, the
only way to keep those away that I know of is to have a welcome page in
http://xx.xx/index.html and using e.g.
http://xx.xx/test/mynewsite/index.html for my test site.
Bots will find the welcome page and if that does not have a link to my
mynewsite, they do not know that there is something to look at.
This has worked for me as well for quite some time, again if it hits a
search in any search engine, you're done.
>
>
> Just to say thank you so much for people commenting.  I do appreciate
> you taking the time.
You're welcome.
>
>
>
> On Thu, Oct 11, 2018, 14:50 Sten Carlsen  > wrote:
>
> I have done this some time ago, I made sure that there was no link
> from any pages to the new site, Google stayed away until somebody
> typed the address into the search field, then it was known.
>
> This is no guarantee of course as mentioned in other place but it
> worked for about 6 months.
>
> On 11/10/2018 13.26, Admin Hardy wrote:
>>
>> I realise this is not specifically a BIND/DNS question and a bit
>> off topic so please ignore if need be I realise people are often
>> very busy.
>>
>> If you you have a website but the host IP you do not list with
>> any domain name in DNS, is it definite that this site could never
>> be reached via Google.  I do not really know the nuts and bolts
>> of how Google gets access to pages.
>>
>> If for 'some particular reason' instead of developing a site on a
>> local dev machine on your LAN and then uploading/installing the
>> site to a remote server, you needed 'for what ever reason' to do
>> the development and testing on the final live host accessing it
>> via the ip address, would this be a way to be 'almost certain' of
>> keeping it hidden from unwanted accidental exposure?
>>
>> Thanks.
>>
>>
>> ___
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users@lists.isc.org 
>> https://lists.isc.org/mailman/listinfo/bind-users
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org 
> https://lists.isc.org/mailman/listinfo/bind-users
>

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-11 Thread Hardy, Andrew

Ok I'm a bit confused.  I have some questions re last post, copied below:

I have done this some time ago, I made sure that there was no link from any
pages to the new site,
** So the new site (in development) would have no domain name mapped in
DNS, so it seems unlikely that other sites and pages would have links to
http://x.x.x.x unless the developer put it there.

Google stayed away until somebody typed the address
** You mean typed the IP address? You mean in an actual Google search
string?

 into the search field, then it was known.
** So typing the host IP address as a Google search string would
(ultimately) in time lead to a Google search string, that could be found on
the sites web pages, listing pages from the site?

This is no guarantee of course as mentioned in other place but it worked
for about 6 months.
** Ok, so even if you don't formally register / index (or what ever it is)
your site on Google, if you use it's IP in a search string, given time it
could show up in searches using text that's on its pages?

Just to say thank you so much for people commenting.  I do appreciate you
taking the time.

On Thu, Oct 11, 2018, 14:50 Sten Carlsen  wrote:

> I have done this some time ago, I made sure that there was no link from
> any pages to the new site, Google stayed away until somebody typed the
> address into the search field, then it was known.
>
> This is no guarantee of course as mentioned in other place but it worked
> for about 6 months.
>
> On 11/10/2018 13.26, Admin Hardy wrote:
>
>
> I realise this is not specifically a BIND/DNS question and a bit off topic
> so please ignore if need be I realise people are often very busy.
>
> If you you have a website but the host IP you do not list with any domain
> name in DNS, is it definite that this site could never be reached via
> Google.  I do not really know the nuts and bolts of how Google gets access
> to pages.
>
> If for 'some particular reason' instead of developing a site on a local
> dev machine on your LAN and then uploading/installing the site to a remote
> server, you needed 'for what ever reason' to do the development and testing
> on the final live host accessing it via the ip address, would this be a way
> to be 'almost certain' of keeping it hidden from unwanted accidental
> exposure?
>
> Thanks.
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-11 Thread Sten Carlsen

I have done this some time ago, I made sure that there was no link from
any pages to the new site, Google stayed away until somebody typed the
address into the search field, then it was known.

This is no guarantee of course as mentioned in other place but it worked
for about 6 months.

On 11/10/2018 13.26, Admin Hardy wrote:
>
> I realise this is not specifically a BIND/DNS question and a bit off
> topic so please ignore if need be I realise people are often very busy.
>
> If you you have a website but the host IP you do not list with any
> domain name in DNS, is it definite that this site could never be
> reached via Google.  I do not really know the nuts and bolts of how
> Google gets access to pages.
>
> If for 'some particular reason' instead of developing a site on a
> local dev machine on your LAN and then uploading/installing the site
> to a remote server, you needed 'for what ever reason' to do the
> development and testing on the final live host accessing it via the ip
> address, would this be a way to be 'almost certain' of keeping it
> hidden from unwanted accidental exposure?
>
> Thanks.
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

2018-10-11 Thread Warren Kumari

On Thu, Oct 11, 2018 at 1:26 PM Admin Hardy  wrote:

>
> I realise this is not specifically a BIND/DNS question and a bit off
> topic so please ignore if need be I realise people are often very busy.
>
> If you you have a website but the host IP you do not list with any
> domain name in DNS, is it definite that this site could never be reached
> via Google.  I do not really know the nuts and bolts of how Google gets
> access to pages.
>
> If for 'some particular reason' instead of developing a site on a local
> dev machine on your LAN and then uploading/installing the site to a
> remote server, you needed 'for what ever reason' to do the development
> and testing on the final live host accessing it via the ip address,
> would this be a way to be 'almost certain' of keeping it hidden from
> unwanted accidental exposure?
>
>
Nope. It is somewhat less likely that it would be discovered / accidentally
exposed, but it is *far* from certain.

If you were wanting to do something like this, I'd suggest having a DNS
name (because that makes it easier), but firewalling it off so that only
"authorized" people can reach it. This could be something like iptables, a
VPN, or, more likely / less annoying, simply having your webserver require
a login to access the content...

W




> Thanks.
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>


-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Question about visibility

2018-10-11 Thread Admin Hardy



I realise this is not specifically a BIND/DNS question and a bit off 
topic so please ignore if need be I realise people are often very busy.


If you you have a website but the host IP you do not list with any 
domain name in DNS, is it definite that this site could never be reached 
via Google.  I do not really know the nuts and bolts of how Google gets 
access to pages.


If for 'some particular reason' instead of developing a site on a local 
dev machine on your LAN and then uploading/installing the site to a 
remote server, you needed 'for what ever reason' to do the development 
and testing on the final live host accessing it via the ip address, 
would this be a way to be 'almost certain' of keeping it hidden from 
unwanted accidental exposure?


Thanks.


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about visibility

Re: Question about visibility

Re: Question about visibility

Re: Question about visibility

RE: Question about visibility

Re: Question about visibility

Re: Question about visibility

Re: Question about visibility

Re: Question about visibility

Re: Question about visibility

Re: Question about visibility

Re: Question about visibility

Re: Question about visibility

Re: Question about visibility

Re: Question about visibility

Re: Question about visibility

Re: Question about visibility

Re: Question about visibility

Question about visibility

19 matches

Site Navigation

Mail list logo

Footer information