Re: spoofing myself without meaning to
On Thu, Dec 29, 2005 at 11:49:58PM -0800, Ross Boylan wrote:
> I have a box, wheat, connected to the internet and my local network.
> Another box, corn, is on the local network.
> I'm running DNS on wheat and have two domains to call my own (both
> going to the same IP address).
>
> When I try to access corn from wheat I get errors that wheat is
> spoofing. This happens in several contexts, but the worst is NFS.
> corn is acting as an NFS server, and when I attempt to mount from
> wheat I get, in the log on corn,
> Dec 29 23:16:33 corn mountd[5922]: NFS mount of / attempted from 192.168.10.1
> Dec 29 23:16:33 corn mountd[5922]: spoof attempt by 192.168.10.1: pretends to be wheat.mydomain.com!
> Dec 29 23:16:33 corn mountd[5922]: Unauthorized access by NFS client 192.168.10.1.
> Dec 29 23:16:33 corn mountd[5922]: Blocked attempt of 192.168.10.1 to mount /
>
> dig -x 192.168.10.1 from corn gives wheat.mydomain.com.
> dig wheat.mydomain.com returns the external IP address.
>
> My theory is that this mismatch looks like spoofing.
>
You may wish to look at views in bind (if this is your DNS server) it
allows you to have different zone files for internal and external
clients. That way, when someone queries from the outside your domain the
external ip is returned but from the inside of your LAN the internal ip
would be returned.
Philippe
Reply to: