Hi


For details, please see the topic posted earlier by me... :arrow:

{ Please Help: Knoppix machine is livein my ofice network }

:?: :idea:

I believed the security issue is not on knoppix, but on your unsecure office network.
Knoppix will not write anything on your dns server, except it read what is sent from there. If knoppix can write to your DNS server, then your DNS server has a big hole in it. But this make no sense.
Get all your network team, they need to secure your server.

What is the problem?????

Knoppix is running using DHCP to get ip dynamic.

In this process, it ask your DHCP server for one. The DHCP
server tells the DNS server that this IP belongs to
that computer.

If you boot anything else that can use DHCP the same thing will happen.

If you want stealth operation, create a home and setup the net on the knoppix to use a static IP and no dhcp.

We have a small biz server (win 2000 server) and the same thing happens.

Everything is fine except that Knoppix should remove the created dns entry before ending the session.

After shutting down my knoppix host, when I ping I get following repose from command prompt :twisted: :

----------------------------
U:\>ping knoppix

Pinging knoppix.RED.COLORALL.COM [164.132.134.193] with 32 bytes of data:
----------------------------


However, I should get some message like this: 8)

----------------------------
U:\>ping knoppix

Ping request could not find host knoppix. Please check the name and try again.
----------------------------

But that's not how it works.

You may set up a DNS-server to check IPs in regular intervals.
But on shutdown, you don't deregister yourself.
Nobody does.

Windows-machines often shutdown by accident, and don't have the ability, to deregister themself. :)

DNS is just a matching of names to IPs.
ping can tell you, whether an IP is reachable, and together with a DNS-Server, whether a host, called by name, is reachable.

An DNS-entry normally expires, depending on configuration-settings.

To ping a machine by name isn't a security-risk.
If you know, you're in a subnet of 192.168.13.*, you may ping 255 hosts by IP to find a host.
If you ping them by name - I don't know the limitation for name-length - if there is any, but it's about len^36 possibilities to try.

----------
DNS is just a matching of names to IPs.
ping can tell you, whether an IP is reachable, and together with a DNS-Server, whether a host, called by name, is reachable.

An DNS-entry normally expires, depending on configuration-settings.

--------

Hi,

so are you saying that the dns entry knoppix.RED.COLORALL.COM will be automatically deleted from the DNS server after a configured period of time, say for example 30 days ???

If it behaves likes that its fine.

It doestn upset anyone about the eased IP address from DHCP server... thats what it is for, but permanent entry in DNS server... hmmmm...

Should a great SW roll back to its previous state when it first connected to the network??? whatever knoppix changes in the network or any data for its operations, it should de-write them once the session is ended...

a great SW?

But I guess you still didn't understand.
There is a network with multiple hosts, communicating with each other.

The DN-Server is writing the entries, and your host has no influence on it's behaviour.
While it's name is 'knoppix', the OS has no influence at all on this topic.

DNS is designed to be a network-protocoll, independent from the OS of the machines using it.

If you send me a letter with a question, containing your adress, the adress will not be removed after I answered your question. It will even exist after you moved house or died :)
It's my decision to keep the adress, or burn it in my ashtray.

You may claim, that knoppix should leave the net as if has never been there, but you should go with this expection to the autorities, which decide about the dns-protocoll.

trashing my adress... before i die :shock:

well, now... the network colleagues set the dns config so that it will flush all unused dns entries after 15 days! :lol:

thank you so much to all for sharing their views on this topic! and also i apologize if i upset anyone in the cloud :roll:

bye 8)