On Fri, Sep 07, 2001 at 03:38:27PM -0600, Matthew S . Hallacy wrote: > Recently while browsing through security logs I noticed that quite a > few of the hosts connecting to the machine did not resolve, I've > checked into it, and apparently ProFTPd does not check forward to > reverse DNS mappings, and only resolves the IP address connecting. > This could easily lead to an attacker hiding his real hostname from > logfiles, or an attacker slipping through ACL's by modifying their > hostname. For the time being I recommend that the option > 'UseReverseDNS' be disabled in the configuration file until this is > fixed. Another potentially useful workaround is to configure ProFTPd to run out of inetd, using TCP Wrappers to enforce paranoid DNS checks. This way you can have your cake and eat it too. Running ProFTPd out of inetd, while slower than running it in standalone mode without DNS lookups activated, is still going to be faster than running it in standalone mode with DNS lookups activated. -- Michael S. Fischer / michael at dynamine.net / +1 650-533-4684 Lead Hacketeer, Dynamine Consulting, Silicon Valley, CA
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 18:55:41 PDT