ProFTPd and reverse DNS

From: Matthew S . Hallacy (poptixat_private)
Date: Fri Sep 07 2001 - 14:38:27 PDT

Next message: Michael S. Fischer: "Re: ProFTPd and reverse DNS"

Previous message: Craig Boston: "Re: Microsoft Security Bulletin MS01-047"
Next in thread: Michael S. Fischer: "Re: ProFTPd and reverse DNS"
Reply: Michael S. Fischer: "Re: ProFTPd and reverse DNS"
Reply: The Flying Hamster: "Re: ProFTPd and reverse DNS"
Reply: Peter van Dijk: "Re: ProFTPd and reverse DNS"
Reply: Karsten W. Rohrbach: "Re: ProFTPd and reverse DNS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Howdy,

	Recently while browsing through security logs I noticed that quite a few of the hosts
connecting to the machine did not resolve, I've checked into it, and apparently ProFTPd does
not check forward to reverse DNS mappings, and only resolves the IP address connecting. This
could easily lead to an attacker hiding his real hostname from logfiles, or an attacker 
slipping through ACL's by modifying their hostname. For the time being I recommend that the
option 'UseReverseDNS' be disabled in the configuration file until this is fixed.

Unfortunately I was not able to contact anyone to discuss this, as www.proftpd.org has been
down for the past 4-5 days that I've tried it, the version tested was 1.2.2rc2.



				Matthew S. Hallacy

Next message: Michael S. Fischer: "Re: ProFTPd and reverse DNS"
Previous message: Craig Boston: "Re: Microsoft Security Bulletin MS01-047"
Next in thread: Michael S. Fischer: "Re: ProFTPd and reverse DNS"
Reply: Michael S. Fischer: "Re: ProFTPd and reverse DNS"
Reply: The Flying Hamster: "Re: ProFTPd and reverse DNS"
Reply: Peter van Dijk: "Re: ProFTPd and reverse DNS"
Reply: Karsten W. Rohrbach: "Re: ProFTPd and reverse DNS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 17:16:04 PDT