Bug#81668: the "fix" that caused this symptom is solving the wrong problem

To: "Kacper Wysocki" <kacperw@online.no>
Cc: 81668@bugs.debian.org
Subject: Bug#81668: the "fix" that caused this symptom is solving the wrong problem
From: Florian Weimer <fw@deneb.enyo.de>
Date: Mon, 16 Apr 2007 08:10:34 +0200
Message-id: <[🔎] 87lkgsalyd.fsf@mid.deneb.enyo.de>
Reply-to: Florian Weimer <fw@deneb.enyo.de>, 81668@bugs.debian.org
In-reply-to: <[🔎] 367a23780704151758q4543c474tb96bdc6b4af35b64@mail.gmail.com> (Kacper Wysocki's message of "Mon, 16 Apr 2007 02:58:24 +0200")
References: <[🔎] 367a23780704151758q4543c474tb96bdc6b4af35b64@mail.gmail.com>

* Kacper Wysocki:

> 1. If the attacker has the ability to spoof my DNS, I have been
> compromized. It doesn't need to resolve to a FQDN, a spoofed DNS can
> resolve my "shortname" to the IP of their choice. They can do this for
> all my services, not only ssh.

SSH is supposed t work (IOW, fail reliably) even when the attacker
controls DNS (or the routing, for that matter).

The only way to achieve that is not to rely on DNS, which means that
the specified host name must be processed unaltered.

Reply to:

Follow-Ups:
- Bug#81668: the "fix" that caused this symptom is solving the wrong problem
  - From: "Kacper Wysocki" <kacperw@online.no>

References:
- Bug#81668: the "fix" that caused this symptom is solving the wrong problem
  - From: "Kacper Wysocki" <kacperw@online.no>

Prev by Date: Bug#81668: the "fix" that caused this symptom is solving the wrong problem
Next by Date: Bug#81668: the "fix" that caused this symptom is solving the wrong problem
Previous by thread: Bug#81668: the "fix" that caused this symptom is solving the wrong problem
Next by thread: Bug#81668: the "fix" that caused this symptom is solving the wrong problem
Index(es):
- Date
- Thread