cancel
Showing results for 
Search instead for 
Did you mean: 

Reverse DNS privacy issue

N/A

Reverse DNS privacy issue

Does anyone else feel their may be a privacy issue with the dsl static ips having a rDNS back to the username.

This means that any website I visit knows my f9 username, and could in theory add me to a mailing list without my knowledge.


grc.com's new shields up test warns of this now if your ip address looks up to a meaningful name, insteasd of something like "dsl192_168_0_1.libra.force9.net" as most ISPs users IPs resolve to.
15 REPLIES
N/A

RE: Reverse DNS privacy issue

> Does anyone else feel their may be a privacy issue with the dsl static ips having a rDNS back to the username.
>
> This means that any website I visit knows my f9 username, and could in theory add me to a mailing list without my knowledge.
>
>
> grc.com's new shields up test warns of this now if your ip address looks up to a meaningful name, insteasd of something like "dsl192_168_0_1.libra.force9.net" as most ISPs users IPs resolve to.

Hi,
I did the MS windows MCSE training during 2001 and as far as my understanding of DNS goes its NOT possible to use reverse DNS or DNS inorder to directly find the users name from the connection. The only way that someone could find out who you are is to go back to the domain name registration database which holds the owners name or company name etc. But this is NOT possible form just the connection alone.

If you are concerned that your IP address is exposed to the public facing internet then might I suggest that you download & install one of the free firewalls such as the excellent ZoneAlarm (I have been using this for several years now & its highly recommended & prevents anyone compromising your system as it uses stealthing of the ports).



--
N/A

RE: Reverse DNS privacy issue

> > Does anyone else feel their may be a privacy issue with the dsl static ips having a rDNS back to the username.
> >
> > This means that any website I visit knows my f9 username, and could in theory add me to a mailing list without my knowledge.
> >
> >
> > grc.com's new shields up test warns of this now if your ip address looks up to a meaningful name, insteasd of something like "dsl192_168_0_1.libra.force9.net" as most ISPs users IPs resolve to.
>
> Hi,
> I did the MS windows MCSE training during 2001 and as far as my understanding of DNS goes its NOT possible to use reverse DNS or DNS inorder to directly find the users name from the connection. The only way that someone could find out who you are is to go back to the domain name registration database which holds the owners name or company name etc. But this is NOT possible form just the connection alone.
>
> If you are concerned that your IP address is exposed to the public facing internet then might I suggest that you download & install one of the free firewalls such as the excellent ZoneAlarm (I have been using this for several years now & its highly recommended & prevents anyone compromising your system as it uses stealthing of the ports).
>
>
>
>
> --
>

Here is the URL for ZoneAlarm: http://www.zonelabs.com

Version 3.0 is free for personal use I believe.

--
N/A

RE: Reverse DNS privacy issue

> > Hi,
> > I did the MS windows MCSE training during 2001 and as far as my understanding of DNS goes its NOT possible to use reverse DNS or DNS inorder to directly find the users name from the connection. The only way that someone could find out who you are is to go back to the domain name registration database which holds the owners name or company name etc. But this is NOT possible form just the connection alone.

I already have ZoneAlarm thanks. The username is possible and is what I am talking about on F9 only.

Here is a test example of the problem I am talking about:
Go to this page (once please for your own sake), then check your mail inbox, providing you are a force9 adsl user.

http://cgi.teaparty.force9.co.uk/cgi-bin/test2.pl

N/A

RE: Reverse DNS privacy issue

> > > Hi,
> > > I did the MS windows MCSE training during 2001 and as far as my understanding of DNS goes its NOT possible to use reverse DNS or DNS inorder to directly find the users name from the connection. The only way that someone could find out who you are is to go back to the domain name registration database which holds the owners name or company name etc. But this is NOT possible form just the connection alone.
>
> I already have ZoneAlarm thanks. The username is possible and is what I am talking about on F9 only.
>
> Here is a test example of the problem I am talking about:
> Go to this page (once please for your own sake), then check your mail inbox, providing you are a force9 adsl user.
>
> http://cgi.teaparty.force9.co.uk/cgi-bin/test2.pl
>
>

Hi,
I still disagree with you! I think you are confusing an F9 domain name which relates to your account (a domain name you have setup)rather than compromising your actual username or your actual account details or your computer details. F9 would not allow your system or details to be exposed in an overt way. This is especially tru as you have a firewall installed, I cannot see what your getting so concerned bye. If your using zonealarm then your system is not seen by anyone attempting to crack or hack you, your system & ports are stealthed. The website URL you gave proves nothing apart from the ability to spam other people also using the F9 network. I fail to see the point your trying to make, what you describe make's no sense.

--
N/A

RE: Reverse DNS privacy issue

> > > > Hi,
> > > > I did the MS windows MCSE training during 2001 and as far as my understanding of DNS goes its NOT possible to use reverse DNS or DNS inorder to directly find the users name from the connection. The only way that someone could find out who you are is to go back to the domain name registration database which holds the owners name or company name etc. But this is NOT possible form just the connection alone.
> >
> > I already have ZoneAlarm thanks. The username is possible and is what I am talking about on F9 only.
> >
> > Here is a test example of the problem I am talking about:
> > Go to this page (once please for your own sake), then check your mail inbox, providing you are a force9 adsl user.
> >
> > http://cgi.teaparty.force9.co.uk/cgi-bin/test2.pl
> >
> >
>
> Hi,
> I still disagree with you! I think you are confusing an F9 domain name which relates to your account (a domain name you have setup)rather than compromising your actual username or your actual account details or your computer details. F9 would not allow your system or details to be exposed in an overt way. This is especially tru as you have a firewall installed, I cannot see what your getting so concerned bye. If your using zonealarm then your system is not seen by anyone attempting to crack or hack you, your system & ports are stealthed. The website URL you gave proves nothing apart from the ability to spam other people also using the F9 network. I fail to see the point your trying to make, what you describe make's no sense.
>

I see your point and I totally agree, given your extranally visable IP address it is possible to find the username. It is very easy to do. Making a cgi script to send e-mail to the person shouldn't be too hard (in theory).

Also I find ZoneAlarm to be disappointing, it is very resource hungry, can slow a network connection between 2 PC's and has a GUI that is a pain in the ass. If you can turn a computer on without help then ZoneAlarm's interface will probably seem so basic that it's insulting. It souldn't be hard to find a free firewall that is better than ZoneAlarm.

I should point out that I base my opinions of ZoneAlarm on the free version, the ones you have to pay for may be better.
N/A

RE: Reverse DNS privacy issue

> > Hi,
> > I still disagree with you! I think you are confusing an F9 domain name which relates to your account (a domain name you have setup)rather than compromising your actual username or your actual account details or your computer details. F9 would not allow your system or details to be exposed in an overt way. This is especially tru as you have a firewall installed, I cannot see what your getting so concerned bye. If your using zonealarm then your system is not seen by anyone attempting to crack or hack you, your system & ports are stealthed. The website URL you gave proves nothing apart from the ability to spam other people also using the F9 network. I fail to see the point your trying to make, what you describe make's no sense.
> >
>
> I see your point and I totally agree, given your extranally visable IP address it is possible to find the username. It is very easy to do. Making a cgi script to send e-mail to the person shouldn't be too hard (in theory).
>
I have and it works if you are a F9 adsl user.
With a bit of error checking and a database of other ISPs that do the same thing, it would be pretty quick to acquire a mailing list based on a subset of visitors to your page.

http://cgi.teaparty.force9.co.uk/cgi-bin/test2.pl

I am not saying this is a security issue, it is a privacy issue, in that websites will always recognise me even without cookies, which doesn't bother me too much, but that they could also send me unsolicited email does. So far, being careful with registrations etc, I receive no spam at all since joining F9, but I am worried that some advertisers may cotton onto the fact that this works and start doing it. Well they will now I've made it public Sad


N/A

RE: Reverse DNS privacy issue

Hi Chaps,

We can change your IP's reverse DNS to a random value if you wish. Simply raise a ticket via Contact Us on your account stating your requirement and this will be passed to our Networks team.

There are arguments for both sides of the case here. The plan in the future is to provide a web interface with a number of options for your reverse DNS setup.

Regards,

Ian Wild
F9 Customer Support
N/A

RE: Reverse DNS privacy issue

> > > > > Hi,
> > > > > I did the MS windows MCSE training during 2001 and as far as my understanding of DNS goes its NOT possible to use reverse DNS or DNS inorder to directly find the users name from the connection. The only way that someone could find out who you are is to go back to the domain name registration database which holds the owners name or company name etc. But this is NOT possible form just the connection alone.
> > >
> > > I already have ZoneAlarm thanks. The username is possible and is what I am talking about on F9 only.
> > >
> > > Here is a test example of the problem I am talking about:
> > > Go to this page (once please for your own sake), then check your mail inbox, providing you are a force9 adsl user.
> > >
> > > http://cgi.teaparty.force9.co.uk/cgi-bin/test2.pl
> > >
> > >
> >
> > Hi,
> > I still disagree with you! I think you are confusing an F9 domain name which relates to your account (a domain name you have setup)rather than compromising your actual username or your actual account details or your computer details. F9 would not allow your system or details to be exposed in an overt way. This is especially tru as you have a firewall installed, I cannot see what your getting so concerned bye. If your using zonealarm then your system is not seen by anyone attempting to crack or hack you, your system & ports are stealthed. The website URL you gave proves nothing apart from the ability to spam other people also using the F9 network. I fail to see the point your trying to make, what you describe make's no sense.
> >
>
> I see your point and I totally agree, given your extranally visable IP address it is possible to find the username. It is very easy to do. Making a cgi script to send e-mail to the person shouldn't be too hard (in theory).
>
> Also I find ZoneAlarm to be disappointing, it is very resource hungry, can slow a network connection between 2 PC's and has a GUI that is a pain in the ass. If you can turn a computer on without help then ZoneAlarm's interface will probably seem so basic that it's insulting. It souldn't be hard to find a free firewall that is better than ZoneAlarm.
>
> I should point out that I base my opinions of ZoneAlarm on the free version, the ones you have to pay for may be better.

Hi,
I cannot agree at all with you about Zonealarm as a firewall, its an excelent quality free firewall product. Yes! its true NOT all version are as good as each other. I am using version 2.31 which is totally brilliant but version 3.0 I didnt like and dumped it. If ZoneAlarm was such utter ***** how come so many millions of users have installed it then? ZoneAlarm uses statefull inspection which is far more cracker/hacker proof than most firewalls that uses packet filtering and are not connection aware only application aware. Statefull inspection is far better proven technology than packet filering for firewalls.

I have had no trouble with ZoneAlarm what so ever, it has No!effect on my connection speeds at all. It behaves well & is seemless,if yours isnt working in a seemless manner perhaps its not correctly configured.

Alot of the more recent firewalls (inc ZoneAlarm) now come with all sorts of additional features which I dont want & would never uses anyway. I'm not interested in the firewall having a visual trace route built into the GUI. I can do a trace myself if I needed too,nor do I want anti-virus features either as I have good quality AV software,etc.

You could spend a large amount of money on a fancy firewall and in the end your security would be little better than a free version of ZoneAlarm,for instance a PIC firewall but most users wouldnt have a clue how to configure it either come to that.

--
N/A

RE: Reverse DNS privacy issue

> Hi Chaps,
>
> We can change your IP's reverse DNS to a random value if you wish. Simply raise a ticket via Contact Us on your account stating your requirement and this will be passed to our Networks team.
>
> There are arguments for both sides of the case here. The plan in the future is to provide a web interface with a number of options for your reverse DNS setup.
>
> Regards,
>
> Ian Wild
> F9 Customer Support


Nice one Ian, thanks for letting me know.
N/A

RE: Reverse DNS privacy issue

>
> Hi,
> I cannot agree at all with you about Zonealarm as a firewall, its an excelent quality free firewall product. Yes! its true NOT all version are as good as each other. I am using version 2.31 which is totally brilliant but version 3.0 I didnt like and dumped it. If ZoneAlarm was such utter ***** how come so many millions of users have installed it then? ZoneAlarm uses statefull inspection which is far more cracker/hacker proof than most firewalls that uses packet filtering and are not connection aware only application aware. Statefull inspection is far better proven technology than packet filering for firewalls.
>
> I have had no trouble with ZoneAlarm what so ever, it has No!effect on my connection speeds at all. It behaves well & is seemless,if yours isnt working in a seemless manner perhaps its not correctly configured.
>
> Alot of the more recent firewalls (inc ZoneAlarm) now come with all sorts of additional features which I dont want & would never uses anyway. I'm not interested in the firewall having a visual trace route built into the GUI. I can do a trace myself if I needed too,nor do I want anti-virus features either as I have good quality AV software,etc.
>
> You could spend a large amount of money on a fancy firewall and in the end your security would be little better than a free version of ZoneAlarm,for instance a PIC firewall but most users wouldnt have a clue how to configure it either come to that.
>
>
> --
>

I admit that I used version 3. I take offense to the remark about configuring it wrongly as a friend of mine that does security for one of the largest databases in England, if not Europe also had problems with it affecting his network. If he can't configure a simple Firewall (let's face it ZoneAlarm is far from rocket science), then he probably shouldn't be looking after the security of such a large database, and from what I understand he is very capable of doing his job.

Lot's of firewall's now have SPI, it's not unique to ZoneAlarm. ZoneAlarm 3 used about twice the resources that the others I tried did.

Also as for your point about it being popular, proving that it's good, do you remember windows 95?? I think that was fairly popular, but Microsoft had 4 attempts at it (Win95, Win95 SE, Win98 and Win98 SE) then the god awful WinME also based on the Win9x stuff. I think many UNIX and Linux users/admin will be all to glad to point out the problems with them.

I didn't expect my opinions to change the world, but they are my opinions and for now I stick by them. If you feel differently that's fine, it doesn't hurt anyone if we disagree.
N/A

RE: Reverse DNS privacy issue

> >
> > Hi,
> > I cannot agree at all with you about Zonealarm as a firewall, its an excelent quality free firewall product. Yes! its true NOT all version are as good as each other. I am using version 2.31 which is totally brilliant but version 3.0 I didnt like and dumped it. If ZoneAlarm was such utter ***** how come so many millions of users have installed it then? ZoneAlarm uses statefull inspection which is far more cracker/hacker proof than most firewalls that uses packet filtering and are not connection aware only application aware. Statefull inspection is far better proven technology than packet filering for firewalls.
> >
> > I have had no trouble with ZoneAlarm what so ever, it has No!effect on my connection speeds at all. It behaves well & is seemless,if yours isnt working in a seemless manner perhaps its not correctly configured.
> >
> > Alot of the more recent firewalls (inc ZoneAlarm) now come with all sorts of additional features which I dont want & would never uses anyway. I'm not interested in the firewall having a visual trace route built into the GUI. I can do a trace myself if I needed too,nor do I want anti-virus features either as I have good quality AV software,etc.
> >
> > You could spend a large amount of money on a fancy firewall and in the end your security would be little better than a free version of ZoneAlarm,for instance a PIC firewall but most users wouldnt have a clue how to configure it either come to that.
> >
> >
> > --
> >
>
> I admit that I used version 3. I take offense to the remark about configuring it wrongly as a friend of mine that does security for one of the largest databases in England, if not Europe also had problems with it affecting his network. If he can't configure a simple Firewall (let's face it ZoneAlarm is far from rocket science), then he probably shouldn't be looking after the security of such a large database, and from what I understand he is very capable of doing his job.
>
> Lot's of firewall's now have SPI, it's not unique to ZoneAlarm. ZoneAlarm 3 used about twice the resources that the others I tried did.
>
> Also as for your point about it being popular, proving that it's good, do you remember windows 95?? I think that was fairly popular, but Microsoft had 4 attempts at it (Win95, Win95 SE, Win98 and Win98 SE) then the god awful WinME also based on the Win9x stuff. I think many UNIX and Linux users/admin will be all to glad to point out the problems with them.
>
> I didn't expect my opinions to change the world, but they are my opinions and for now I stick by them. If you feel differently that's fine, it doesn't hurt anyone if we disagree.

Hi,
Thanks for your reply, I had no intention to hurt your feelings its just that many users do install software without paying full attention to the post installation configuration process & hence dont get the best from the software or at worst blame the software for not working as they expected it too. I think think ZA 2.31 is an excellent product when you consider that its free that's all I was trying to say. I have alot of respect for anyone who works as an IT professional (having worked in IT myself)becuase I know its often a thankless & challenging job (so no disrespect to your friend either). I still think one could spend alot of money on complex firewall products and be not much better off than if you had installed ZA thats all I was trying to say.

But if your a home user then something like ZA is completely appropriate & adequate,OK if you have a large business & an equally large IT budget then fine go for the PIC firewall.


--
N/A

RE: Reverse DNS privacy issue

>
> Hi,
> Thanks for your reply, I had no intention to hurt your feelings its just that many users do install software without paying full attention to the post installation configuration process & hence dont get the best from the software or at worst blame the software for not working as they expected it too. I think think ZA 2.31 is an excellent product when you consider that its free that's all I was trying to say. I have alot of respect for anyone who works as an IT professional (having worked in IT myself)becuase I know its often a thankless & challenging job (so no disrespect to your friend either). I still think one could spend alot of money on complex firewall products and be not much better off than if you had installed ZA thats all I was trying to say.
>
> But if your a home user then something like ZA is completely appropriate & adequate,OK if you have a large business & an equally large IT budget then fine go for the PIC firewall.
>
>

OK, well maybe I didn't feel insulted as such. Like I say, I've only used ZA3.0, maybe 2.31 was a lot better.
Do you work for ZoneLabs, cuz I don't see ya pushing any other free Firewalls, SPI or otherwise.

Also this firewall thing is a little off topic as it doesn't affect the point made in the original post one little bit, whether the Firewall is free or a fully featured super powered expensive one. It's all to do with DNS records, which your computer doesn't have any control over (except the ones stored in the HOSTS file, but they only affect the local machine they're on). (I'm sure this isn't news to many of you but I thought I'd say it anyway).
N/A

RE: Reverse DNS privacy issue

> Also this firewall thing is a little off topic as it doesn't affect the point made in the original post one little bit, whether the Firewall is free or a fully featured super powered expensive one. It's all to do with DNS records, which your computer doesn't have any control over (except the ones stored in the HOSTS file, but they only affect the local machine they're on). (I'm sure this isn't news to many of you but I thought I'd say it anyway).

Yes it is drifting a bit.
Ian Wilds reply answers my question anyway, if you don't want to leave your username behind in every webstat log, then F9 will change it for you on request, and plan to make it easier in future.

On general security, I recommend grc.com, and its own news server, news.grc.com.
I feel fairly safe having:
NAT based router with fake DMZ, WAN config disabled and non default passwords (no really, lots of people never change these)
ZoneAlarm personal firewall,
AVG antivirus,
S-martin designs hosts file,
Adaware and Spybot.
N/A

RE: Reverse DNS privacy issue

Hit me, spam me, hack me or attack me,, just let me know how u got in if you can need io say more un paranoid me!