[c-nsp] ASA Static Translations / DNS Doctoring
Roland Dobbins
rdobbins at arbor.net
Fri Jul 17 14:45:43 EDT 2009
On Jul 18, 2009, at 1:08 AM, Clue Store wrote:
> I have several domains pointed various
> ip's in a /27 (public block). I have one internal webserver inside
> of my
> network. I would like to be able to map the several outside IP's to
> one
> inside IP of my web server and perform DNS doctoring via the ASA so my
> inside hosts can use a DNS server outside of my network and still be
> able to
> get to the domains
Not a good idea - an attacker can breathe on it, and it'll fall over,
instant DoS. Sticking servers behind firewalls, and NATting them, to
boot, is extremely poor security practice.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
More information about the cisco-nsp
mailing list