cancel
Showing results for 
Search instead for 
Did you mean: 

default static IP rDNS could be leaking you personal information

techhead
Newbie
Posts: 3
Registered: ‎09-02-2015

default static IP rDNS could be leaking you personal information

Plusnet has a couple of default policies that are not best practice to say the least.
When setting up an account I was given the username of firstnamelastname without any warning that the username is going to be used in publicly exposed ways.
The default rDNS PTR record plusnet use for static IP customers is username.plus.com
That itself is a security risk since exposing the username and making it publicly known like this gives any malicious hacker half what they need to hack and take ownership of our accounts.
Combine the two ill thought out policies and every connection we make to a server or a peer in say skype or other peer2peer program which resolves connections rDNS will reveal your first and last names, your account username all that is needed from then on is a simple bruteforce or smart dictionary attack on one of the services like pop3 or nntp or smtp that probably does not include failed login attemmpt lockouts and they can take ownership of your account,
This is a significant privacy breach and if you have a plusnet static IP assigned to your broadband and you have not requested and received a custom rDNS setting, then you should check your existing rDNS at a website like http://www.grc.com ; shieldsUP service.
If it is exposing your username then you should raise a ticket and request your  rDNS be changed to at least the xx-xx-xx-xx.plus.com where xx is the numeric parts of dotted quad IP number just to avoid giving away part of what's needed to hack your account.
If your username contains personally identifying information and is showing in your static IP rDNS then you need to raise a complaint ticket stating that plusnet are breaching your right to not have your personal details made public over the internet and demand they change the rDNS PTR record to the ipnumber.plus.com variant and suggest they cease defaulting to username.plus.com rDNS as it is just a bad idea all round.
Another way the username is publically exposed is in plusnet hosted user webspace, not many people would want their website to be www.firstnamelastname.plus.com I know I would not want that!
It is also  used as an email subdomain, so you will have anything@username.plus.com working too.
5 REPLIES 5
picbits
Rising Star
Posts: 3,435
Thanks: 23
Registered: ‎18-01-2013

Re: default static IP rDNS could be leaking you personal information

This has been discussed to death before but still handy for the newer members to know.
It actually works in my favour as my rDNS is not the same as the domain it points to - not great practice but the majority of hackers try and get into my email server using myusername.plus.com which is never going to happen Smiley
jelv
Seasoned Hero
Posts: 26,785
Thanks: 965
Fixes: 10
Registered: ‎10-04-2007

Re: default static IP rDNS could be leaking you personal information

I don't understand why the rDNS is changed when you switch to static IP.
The default should be the IP based one and (if it doesn't already) the add-on page where you request a static IP should have a link to https://www.plus.net/wizard/?p=wizard&page=22425&wizard_id=38.
from the connection settings page of the member centre already has that link.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
techhead
Newbie
Posts: 3
Registered: ‎09-02-2015

Re: default static IP rDNS could be leaking you personal information

Quote from: DomS
This has been discussed to death before but still handy for the newer members to know.
It actually works in my favour as my rDNS is not the same as the domain it points to - not great practice but the majority of hackers try and get into my email server using myusername.plus.com which is never going to happen Smiley

It's not been discussed to death if the situation has not been changed, the default action of using username.plus.com is wrong on both security and personal data protection grounds and should be changed, the default action should be IP number based rDNS and the user name based option should be scrapped. If they wish to offer an alternate non-user owned domain based option then they should offer a user definable subdomain alias not related to the accounts username.
The uninformed criminal hackers may try and hack your static ip hosted smtp server, but anyone knowing plusnet and its dodgey policy will know the username in the rDNS can be used to bruteforce plusnet SMTP server or your plusnet pop3 account or your user webspace ftp access for ilegal or nefarius purposes. Once a hacker has your username and your password they have  access to your account login details and can access your address, name and possibly telephone number if hosted by plusnet, you may have a mobile number in your personal details, as well as an alternate email address saved in the personal details all made possible by plusnet openly exposing your username without your consent, made easier to find by you letting on that you are running a mail server on your static ip!
Just as a quick experiment I dropped 7 ip numbers from the ip range my static ip is assigned from into an online bulk DNS lookup web page and only one out of those seven had the ip number based rDNS, the rest had username based rDNS PTR records and one had a womans firstname and lastname on plus.com
dvorak
Moderator
Moderator
Posts: 29,721
Thanks: 6,593
Fixes: 1,485
Registered: ‎11-01-2008

Re: default static IP rDNS could be leaking you personal information

Quote from: techhead
It's not been discussed to death if the situation has not been changed,

just because it's not been changed, doesn't mean it's not been discussed...
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
techhead
Newbie
Posts: 3
Registered: ‎09-02-2015

Re: default static IP rDNS could be leaking you personal information

I never said it's "not been discussed" I said "it's not been discussed to death"  the "to death" part to me means a conclusion other than the indiference of agree to differ has arisen, I found a small utiity on nirsoft website that allows one to paste in mmore than 1000 IP numbers or domains at a time and perform bulk DNS lookups, then producing an output that can be exported as CSV file spreadsheet and the results were similar to my smaller sampling.
Anyone wishing to harvest plusnet, force9 and other branded static ip customers email addresses do not need to do a dictionary attack on plusnet servers but perform the same rDNS lookups described and they can programatically obtain all the users email subdomains that are advertised by the weak default policy and duplicate the subdomain in front of the @ symbol and you have created the default inbox, with the smart user who deleted the default email inbox and redirected postmaster@ to a different inbox then the spammmer can use postmaster@ instead.
adie:quote