[MEDIUM] Undocumented hosts discovered on 10.1.12.x subnet #33

New issue

Open

opened 2026-05-05 17:51:43 -05:00 by pjennings · 0 comments

pjennings commented

2026-05-05 17:51:43 -05:00

Owner

Description

Three unknown hosts were discovered on the 10.1.12.x subnet during network scanning. These hosts are not documented in meshTopology.nix or any infrastructure documentation.

Discovered Hosts

10.1.12.3

Open ports: 22 (SSH), 80 (HTTP→two.dns.reinitialized.net), 443 (Technitium DNS)
OS: OpenSSH 10.2 (NixOS)
Purpose: Appears to be a secondary DNS server

10.1.12.4

Open ports: 22 (SSH), 80 (HTTP→access.reinitialized.net), 443 (Authentik SSO), 8080 (Tomcat)
OS: OpenSSH 10.2 (NixOS)
Purpose: Appears to be Authentik SSO server
Note: Port 8080 redirects to localhost:8443 (misconfigured)

10.1.12.5

Open ports: 22 (SSH), 80 (Caddy HTTP), 443 (HTTPS)
OS: OpenSSH 10.0p2 Debian (different from NixOS fleet!)
Purpose: Unknown — runs Caddy web server

Risks

Undocumented hosts — no management or monitoring
Mixed OS environment — 10.1.12.5 runs Debian, not NixOS
No agent coverage — not included in any monitoring or security scanning
Potential shadow IT — could be unauthorized or abandoned

Recommendations

Identify all hosts — document purpose, owner, and contact
Integrate into fleet — add to infrastructure management (NixOS or documented)
Isolate or decommission — if unauthorized, remove from network
Add to monitoring — deploy agents once identified
Update meshTopology.nix — add or document these hosts

References

Related: docs/network-scan-2026-05-05.md (Finding F7)

## Description Three unknown hosts were discovered on the 10.1.12.x subnet during network scanning. These hosts are not documented in `meshTopology.nix` or any infrastructure documentation. ## Discovered Hosts ### 10.1.12.3 - **Open ports:** 22 (SSH), 80 (HTTP→two.dns.reinitialized.net), 443 (Technitium DNS) - **OS:** OpenSSH 10.2 (NixOS) - **Purpose:** Appears to be a secondary DNS server ### 10.1.12.4 - **Open ports:** 22 (SSH), 80 (HTTP→access.reinitialized.net), 443 (Authentik SSO), 8080 (Tomcat) - **OS:** OpenSSH 10.2 (NixOS) - **Purpose:** Appears to be Authentik SSO server - **Note:** Port 8080 redirects to localhost:8443 (misconfigured) ### 10.1.12.5 - **Open ports:** 22 (SSH), 80 (Caddy HTTP), 443 (HTTPS) - **OS:** OpenSSH 10.0p2 **Debian** (different from NixOS fleet!) - **Purpose:** Unknown — runs Caddy web server ## Risks 1. **Undocumented hosts** — no management or monitoring 2. **Mixed OS environment** — 10.1.12.5 runs Debian, not NixOS 3. **No agent coverage** — not included in any monitoring or security scanning 4. **Potential shadow IT** — could be unauthorized or abandoned ## Recommendations 1. **Identify all hosts** — document purpose, owner, and contact 2. **Integrate into fleet** — add to infrastructure management (NixOS or documented) 3. **Isolate or decommission** — if unauthorized, remove from network 4. **Add to monitoring** — deploy agents once identified 5. **Update meshTopology.nix** — add or document these hosts ## References - Related: docs/network-scan-2026-05-05.md (Finding F7)