Tech Tip Tuesday

DNS and Firewall logs can be your friend.

Just because the domain name has the name INTEL or AMD or HP in it, doesn’t mean it truly is that firm, at least now it isn’t.

One thing I like to do is track domain names and url’s that product vendors hard coded in their products. Over the years I have purchased dozens of domain names that large companies had used to check on firmware status, update checkers, etc. When newer products come out, eventually the old domain names are not renewed.

I like the ones that were hard coded into firmware on NIC’s for example. There are a number of domains (most I don’t own, a few I do) that are still active, listening for beacons/pings from thousands of NIC’s still in use around the globe. I know, because they are beaconing to one of the domains I own.

It’s interesting to note, that most companies have ok to decent inbound security and filtering, but quite a lot of organizations actually hard code some of these domain names into their rules to explicitly allow outbound initiated comms.

I know of a few Storage Area Network (SAN) appliances from major firms that have hard coded “call home” functionality for example, going to domain names they don’t own any more.

 

So it is time to look through those logs, find out what your systems are connecting too.  Verify that it is still required, is the domain still controlled by the vendor.  What information is it sending.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s