One of the first things I learned while setting up my DNS servers was to never leak internal IP addresses to the outside world. Well, it seems that Cisco haven’t learned it yet..
$ host pop.cisco.com
pop.cisco.com has address 10.48.73.66
$ host logserver.cisco.com
logserver.cisco.com has address 10.86.229.184
$ host backup.cisco.com
backup.cisco.com has address 10.34.250.203
$ host source.cisco.com
source.cisco.com is an alias for sjc14-42a-srv1-vlan4.cisco.com.
sjc14-42a-srv1-vlan4.cisco.com has address 10.32.17.166
$ host svn.cisco.com
svn.cisco.com has address 10.86.100.70
And there is more… rss.cisco.com, doc.cisco.com, zen.cisco.com, etc… How I found it out? Well, using our very own Sucuri’s information gathering tool.