[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spoofing myself without meaning to

On Thu, Dec 29, 2005 at 11:49:58PM -0800, Ross Boylan wrote:
> I have a box, wheat, connected to the internet and my local network.
> Another box, corn, is on the local network.
> I'm running DNS on wheat and have two domains to call my own (both
> going to the same IP address).
> When I try to access corn from wheat I get errors that wheat is
> spoofing.  This happens in several contexts, but the worst is NFS.
> corn is acting as an NFS server, and when I attempt to mount from
> wheat I get, in the log on corn,
> Dec 29 23:16:33 corn mountd[5922]: NFS mount of / attempted from
> Dec 29 23:16:33 corn mountd[5922]: spoof attempt by pretends to be wheat.mydomain.com!
> Dec 29 23:16:33 corn mountd[5922]: Unauthorized access by NFS client
> Dec 29 23:16:33 corn mountd[5922]: Blocked attempt of to mount /
> dig -x from corn gives wheat.mydomain.com.
> dig wheat.mydomain.com returns the external IP address.
> My theory is that this mismatch looks like spoofing.

You may wish to look at views in bind (if this is your DNS server) it
allows you to have different zone files for internal and external
clients. That way, when someone queries from the outside your domain the
external ip is returned but from the inside of your LAN the internal ip
would be returned.


Reply to: