Re: Local address lookup

To: <debian-user@lists.debian.org>
Subject: Re: Local address lookup
From: "nate" <debian-user@aphroland.org>
Date: Fri, 13 Sep 2002 15:10:03 -0700 (PDT)
Message-id: <[🔎] 16451.216.39.174.24.1031955003.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] 3D82602D.8060003@my.home>
References: <[🔎] 3D82602D.8060003@my.home>

Jan Willem Stumpel said:

> So I would be grateful for any pointers to configuration mistakes  I
> might have made. Or is there a bug in telnet? I do not think so. Lots of
> people (especially the ones with modems and dial-on-
> demand) would have complained already -- and I cannot find
> anything about "unnecessary dial-outs when telnetting to a local
> machine" in the archives.


it is I believe perfectly normal operation. Unix/Linux systems are
made for networks, part of which is host resolution provided by
DNS. from the tcpd manpage:

       tcpd verifies the client host name that is returned by the
       address->name  DNS  server by looking at the host name and
       address that are returned by the name->address DNS server.
       If  any discrepancy is detected, tcpd concludes that it is
       dealing with a host that pretends to  have  someone  elses
       host name.

your best options, since you don't seem to want to run a DNS I think
would be:

- use inetd, but edit inetd.conf so inetd doesn't load tcpd for whatever
services you want
- edit /etc/hosts.allow and add something like
ALL: 10.10.10.0/255.255.255.0
(where ^^^ is your local network mask)
- edit /etc/hosts.deny and comment out ALL: PARANOID


#2 and #3 will affect all services which use tcp wrappers, whereas
#1 will only affect stuff loaded from inetd.conf

nate

Reply to:

References:
- Re: Local address lookup
  - From: Jan Willem Stumpel <jstumpel@planet.nl>

Prev by Date: Re: (OT) The NFS security system
Next by Date: Re: Sarge security updates
Previous by thread: Re: Local address lookup
Next by thread: scsi & ide disk speeds?
Index(es):
- Date
- Thread