Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
On Fri, Apr 20, 2001 at 09:32:04AM +1000, Brian May wrote:
> According to Craig, You shouldn't have any problems.
>
> It is only if 203.36.158.121 reversed resolved into, say,
> "snoopy.apana.org.au" you would have problems.
>
> So lets try something:
>
> snoopy:~# host dewey
> dewey.chocbit.org.au A 192.168.87.134
> snoopy:~# host 192.168.87.134
> Name: snoopy.chocbit.org.au
> Address: 192.168.87.134
This is the wrong order. tcpd looks up the PTR _first_, then looks up that
hostname to see if it points back to the IP.
> [501] [snoopy:bam] ~ >who
> [...]
> bam pts/6 Apr 20 09:26 (snoopy.chocbit.org.au)
So, it looks like "who" is performing a reverse lookup only. It also has no
option for displaying the IP address. I consider this to be a bug in who.
It appears that w and finger suffer from the same bug. (they should at least
have an option for displaying the IP address.)
> [502] [snoopy:bam] ~ >last
> bam pts/6 snoopy.chocbit.o Fri Apr 20 09:26 still logged in
> [...]
Try "last -i"
> (I can't test this with telnet, as the heimdal-clients telnet uses the
> IP address for everything).
>
> However PARANOID does not protect everything, eg. apache logs the
> wrong address:
>
> snoopy.chocbit.org.au - - [20/Apr/2001:09:27:39 +1000] "GET / HTTP/1.0" 200 667
> snoopy.chocbit.org.au - - [20/Apr/2001:09:28:37 +1000] "GET / HTTP/1.0" 200 667
> snoopy.chocbit.org.au - - [20/Apr/2001:09:28:39 +1000] "GET / HTTP/1.0" 200 667
> snoopy.chocbit.org.au - - [20/Apr/2001:09:28:40 +1000] "GET / HTTP/1.0" 200 667
Apache only looks up hostnames if you tell it to, and does not do paranoid
checks (unless you compile it with librwrap (is this even possible?) or run
it through tcpd.)
--Adam
--
Adam McKenna <adam@debian.org> <adam@flounder.net>
Reply to: