Cisco leaking private IP addresses via DNS

One of the first things I learned while setting up my DNS servers was to never leak internal IP addresses to the outside world. Well, it seems that Cisco haven’t learned it yet..

$ host pop.cisco.com
pop.cisco.com has address 10.48.73.66
$ host logserver.cisco.com
logserver.cisco.com has address 10.86.229.184
$ host backup.cisco.com
backup.cisco.com has address 10.34.250.203
$ host source.cisco.com
source.cisco.com is an alias for sjc14-42a-srv1-vlan4.cisco.com.
sjc14-42a-srv1-vlan4.cisco.com has address 10.32.17.166
$ host svn.cisco.com
svn.cisco.com has address 10.86.100.70

And there is more… rss.cisco.com, doc.cisco.com, zen.cisco.com, etc… How I found it out? Well, using our very own Sucuri’s information gathering tool.

If you are ever setting up your own DNS server, remember to use at least 2 servers, one for inside information and one for outside. Don’t make the same mistake that Cisco is doing…