[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Strange message in logs

Typing away merrily, Robert Ruzbacky produced the immortal words:
> Apr  9 06:47:39 ns tcp-env[17281]: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed
> Apr  9 06:47:40 ns tcp-env[17281]: refused connect from 209.140.0.114
> Apr  9 06:56:54 ns tcp-env[17346]: connect from murphy.debian.org
> Apr  9 06:58:38 ns tcp-env[17364]: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed
> Apr  9 06:58:38 ns tcp-env[17364]: refused connect from 209.140.0.114
> 
> 
> Is this because my hosts.deny file is set to ALL: PARANOID 

No.  Your DNS setup is broken.

% host -t ptr 209.140.0.114
Name: 114.trusted.net
Address: 209.140.0.114

% host 114.trusted.net
114.trusted.net does not exist (Authoritative answer)


You need forward DNS which matches the reverse.  Otherwise, an attacker
could do something like the following ...

goodppl.example.net has 192.168.1/24
badppl.example.net have 192.168.6/24

Set reverse DNS for 192.168.6.66 to point to ours.goodppl.example.net.

Hey presto, badppl can bypass all your filters easily, and nothing you
can do about it.

Matching forward and reverse DNS is a Good Thing(tm).
-- 
HTML email - just say no --> Phil Pennock
"We've got a patent on the conquering of a country through the use of force.
 We believe in world peace through extortionate license fees."  -Bluemeat
Reply to: